protected override AccessResult GetItemAccess(Sitecore.Data.Items.Item item, Account account, AccessRight accessRight, PropagationType propagationType)
{
//
//This method applies the specified AccessRight. Since the custom AccessRight
//has been extended to support additional properties (max comments and
//time range), these properties must be considered.
var result = base.GetItemAccess(item, account, accessRight, propagationType);
//
//
if (result == null || result.Permission != AccessPermission.Allow)
{
return result;
}
//
//
if (accessRight.Name != BucketRights.AddComments)
{
return result;
}
//
//
var right = accessRight as BucketAccessRight;
if (right != null)
{
result = GetItemAccess(item, account, right);
}
return result;
}
protected virtual AccessResult GetPermission(DbItemAccess access, AccessRight accessRight)
{
if (accessRight == AccessRight.ItemRead)
{
return this.GetAccessResult(access, i => i.CanRead);
}
if (accessRight == AccessRight.ItemWrite)
{
return this.GetAccessResult(access, i => i.CanWrite);
}
if (accessRight == AccessRight.ItemRename)
{
return this.GetAccessResult(access, i => i.CanRename);
}
if (accessRight == AccessRight.ItemCreate)
{
return this.GetAccessResult(access, i => i.CanCreate);
}
if (accessRight == AccessRight.ItemDelete)
{
return this.GetAccessResult(access, i => i.CanDelete);
}
if (accessRight == AccessRight.ItemAdmin)
{
return this.GetAccessResult(access, i => i.CanAdmin);
}
return this.GetDefaultAccessResult();
}
// Methods
protected override void AddAccessResultToCache(ISecurable entity, Account account, AccessRight accessRight, AccessResult accessResult, PropagationType propagationType)
{
if (accessRight.Name != "adoption:change")
{
base.AddAccessResultToCache(entity, account, accessRight, accessResult, propagationType);
}
}
protected override void AddAccessResultToCache(ISecurable entity, Account account, AccessRight accessRight, AccessResult accessResult, PropagationType propagationType)
{
if (accessRight.Name == BucketRights.MakeABucket)
{
return;
}
base.AddAccessResultToCache(entity, account, accessRight, accessResult, propagationType);
}
public void when_the_user_has_only_read_access_the_builder_should_return_the_display_for_element()
{
theRightsAre = AccessRight.ReadOnly;
var displayTag = new HtmlTag("span");
theRequest.Stub(x => x.BuildForCategory(ElementConstants.Display)).Return(displayTag);
theResultingTag.ShouldBeTheSameAs(displayTag);
}
protected override void AddAccessResultToCache(ISecurable entity, Account account, AccessRight accessRight, AccessResult accessResult, PropagationType propagationType)
{
//
//Do not cache the access result because the result depends
//on the value that is currently set on the item.
if (accessRight.Name == BucketRights.AddComments)
{
return;
}
base.AddAccessResultToCache(entity, account, accessRight, accessResult, propagationType);
}
private void OnLow(InitEvent e)
{
if (e.IsOwner)
{
this.AccessRight = AccessRight.Owner;
}
else if (e.CanChangeWorldOptions)
{
this.AccessRight = AccessRight.WorldOptions;
}
}
public override AccessResult GetAccess(Field field, Account account, AccessRight accessRight)
{
AccessResult result = null;
if (ShouldCheckDesignRights(field, accessRight))
{
result = GetLayoutFieldAccess(field, account);
}
return(result ?? base.GetAccess(field, account, accessRight));
}
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func<DbItemAccess, bool?> canAct)
{
var canActRest = canAct(itemAccess);
if (canActRest == null)
{
return;
}
var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess;
rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission));
}
void AddReportAccessRights()
{
_right = new AccessRight
{
CanView = chkReportsView.Checked,
UserID = _userID,
FormID = ApplicationFroms.frmReportParameters.ToString()
};
AddAccessRight(_right);
}
public static bool HasRights(this IPrincipal user, AccessRight right)
{
bool result = false;
var userManager = HttpContext.Current.GetOwinContext().GetUserManager <ApplicationUserManager>();
var Rights = userManager.FindById(user.Identity.GetUserId()).AccessRight;
if (Rights.HasFlag(right))
{
result = true;
}
return(result);
}
/// <summary>
/// Create an new AccessControl from a AccessControl.
/// </summary>
/// <param name="access">The source object.</param>
public AccessControl(AccessControl access)
{
this.accessControlId = access.AccessControlId;
this.user = access.User.Clone() as RightsHolder;
this.entity = new Entity(access.Entity);
this.tenantId = access.TenantId;
this.accessRight = access.AccessRight;
this.rowVersion = access.RowVersion;
this.dirty = access.Dirty;
this.deleted = access.Deleted;
this.newRights = access.newRights;
}
/// <summary>
/// Update the rights with the rights in an existing AccessControl. If our rights have been changed, do nothing.
/// </summary>
/// <param name="access">The row to copy the rights from.</param>
public void Update(AccessControl access)
{
if (access.RowVersion != this.rowVersion &&
access.User == user &&
access.Entity == entity &&
!this.dirty)
{
this.accessRight = access.AccessRight;
}
this.rowVersion = access.RowVersion;
}
/// <summary>
/// Create an new AccessControl from a AccessControlRow.
/// </summary>
/// <param name="accessControlRow">The row to base this object on.</param>
public AccessControl(AccessControlRow accessControlRow)
{
this.accessControlId = accessControlRow.AccessControlId;
this.user = Entity.New(accessControlRow.RightsHolderRow.EntityRow) as RightsHolder;
this.entity = new Entity(accessControlRow.EntityRow);
this.tenantId = accessControlRow.TenantRow.TenantId;
this.accessRight = accessControlRow.AccessRightRow.AccessRightCode;
this.rowVersion = accessControlRow.RowVersion;
this.dirty = false;
this.deleted = false;
this.newRights = false;
}
void UpdateReportAccessRights()
{
_right = new AccessRight
{
CanView = chkReportsView.Checked,
UserID = _userID,
FormID = ApplicationFroms.frmReportParameters.ToString(),
Id = _rights.Where(r => r.FormID == ApplicationFroms.frmReportParameters.ToString() && r.UserID == _userID).FirstOrDefault().Id
};
UpdateAccessRight(_right, ApplicationFroms.frmReportParameters);
}
/// <summary>
/// Update the rights with the rights in the original AccessControlRow. If our rights have been changed, do nothing.
/// </summary>
/// <param name="accessControlRow">The row to copy the rights from.</param>
public void Update(AccessControlRow accessControlRow)
{
if (accessControlRow.RowVersion != this.rowVersion &&
accessControlRow.RightsHolderRow.RightsHolderId == user.EntityId &&
accessControlRow.EntityRow.EntityId == entity.EntityId &&
!this.dirty)
{
this.accessRight = accessControlRow.AccessRightRow.AccessRightCode;
}
this.rowVersion = accessControlRow.RowVersion;
}
public ActionResult Create([Bind(Include = "Id,GroupReport,PlanReport,Database,ManageUsers,AspNetUserId")] AccessRight accessRight)
{
if (ModelState.IsValid)
{
db.AccessRights.Add(accessRight);
db.SaveChanges();
return(RedirectToAction("Index"));
}
ViewBag.AspNetUserId = new SelectList(db.AspNetUsers, "Id", "Email", accessRight.AspNetUserId);
return(View(accessRight));
}
void AddCompanyAccessRights()
{
_right = new AccessRight
{
CanEdit = chkCompanyEdit.Checked,
CanView = chkCompanyView.Checked,
UserID = _userID,
FormID = ApplicationFroms.frmAddCompany.ToString()
};
AddAccessRight(_right);
}
public async Task <ActionResult> Register(RegisterViewModel model)
{
if (ModelState.IsValid)
{
var user = new ApplicationUser {
UserName = model.Email, Email = model.Email
};
var result = await UserManager.CreateAsync(user, model.Password);
if (result.Succeeded)
{
await SignInManager.SignInAsync(user, isPersistent : false, rememberBrowser : false);
using (var db = new ReportsWebAppDBEntities())
{
try
{
var users = (from usr in db.AspNetUsers
select usr).Take(2);
if (users.Count() == 1)
{
AccessRight adminRights = new AccessRight()
{
AspNetUserId = users.First().Id,
Database = true,
PlanReport = true,
GroupReport = true,
ManageUsers = true
};
db.AccessRights.Add(adminRights);
db.SaveChanges();
}
}
catch (Exception ex)
{
Logger.Log.Error(ex);
}
}
// For more information on how to enable account confirmation and password reset please visit https://go.microsoft.com/fwlink/?LinkID=320771
// Send an email with this link
// string code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
// var callbackUrl = Url.Action("ConfirmEmail", "Account", new { userId = user.Id, code = code }, protocol: Request.Url.Scheme);
// await UserManager.SendEmailAsync(user.Id, "Confirm your account", "Please confirm your account by clicking <a href=\"" + callbackUrl + "\">here</a>");
return(RedirectToAction("Index", "Home"));
}
AddErrors(result);
}
// If we got this far, something failed, redisplay form
return(View(model));
}
public bool HasSystemWideAccess(PartAccess partAccess, AccessRight right)
{
var session = CurrentSession;
if (session == null)
{
return(false);
}
else
{
return(session.HasSystemWideAccess(partAccess, right));
}
}
public bool HasAccess(Contact contact, PartAccess partAccess, AccessRight right)
{
var session = CurrentSession;
if (session == null)
{
return(false);
}
else
{
return(session.HasAccess(contact, partAccess, right));
}
}
public bool HasAccess(Group group, PartAccess partAccess, AccessRight right)
{
var session = CurrentSession;
if (session == null)
{
return(false);
}
else
{
return(session.HasAccess(group, partAccess, right));
}
}
void UpdateCompanyAccessRights()
{
_right = new AccessRight
{
CanEdit = chkCompanyEdit.Checked,
CanView = chkCompanyView.Checked,
UserID = _userID,
FormID = ApplicationFroms.frmAddCompany.ToString(),
Id = _rights.Where(r => r.FormID == ApplicationFroms.frmAddCompany.ToString() && r.UserID == _userID).FirstOrDefault().Id
};
UpdateAccessRight(_right, ApplicationFroms.frmAddCompany);
}
/// <summary>
/// Tests if a group has a given right to this file.
/// </summary>
/// <param name="g">Name of the group.</param>
/// <param name="r">Right to test.</param>
/// <returns>True if the group is authorized, false otherwise.</returns>
public bool Test(Group g, AccessRight r)
{
var info = FindAccessInfo(g);
if (info != null)
{
return(info.Test(r));
}
else
{
return(false);
}
}
private static bool HasCustomPublishAccess(Item item, User user)
{
AccessRight itemPublish = AccessRight.FromName("item:publish");
if (itemPublish != null)
{
using (new SecurityEnabler())
{
return(AuthorizationManager.IsAllowed(item, itemPublish, user));
}
}
return(true);
}
private void OnInitLow(InitEvent e)
{
if (e.IsOwner)
{
this.AccessRight = AccessRight.Owner;
}
else if (e.CanEdit)
{
this.AccessRight = AccessRight.Edit;
}
new MetaChangedEvent(e.Owner, e.Plays, e.CurrentWoots, e.TotalWoots, e.WorldName)
.RaiseIn(this.BotBits);
}
// GET: AccessRights/Details/5
public ActionResult Details(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
AccessRight accessRight = db.AccessRights.Find(id);
if (accessRight == null)
{
return(HttpNotFound());
}
return(View(accessRight));
}
public bool HasSystemWideAccess(PartAccess partAccess, AccessRight right)
{
foreach (var rolePermission in _access
.Where(rp => rp.Permission.Part.Value == partAccess)
.Where(rp => rp.Permission.Right.Value >= right))
{
switch (rolePermission.Permission.Subject.Value)
{
case SubjectAccess.SystemWide:
return(true);
}
}
return(false);
}
/// <summary>
/// Creates a new group with a given default access right.
/// </summary>
/// <param name="name">Name of the group.</param>
/// <param name="defaultRight">Access right to add to all files.</param>
/// <param name="canCreateFiles">If true, the group members will be allows to create new files.</param>
public void CreateNewGroup(string name, AccessRight defaultRight, bool canCreateFiles)
{
if (groups.Contains(name))
{
Console.WriteLine("[ERROR] Group with the name {0} already exists!", name);
return;
}
Group group = new Group {
Name = name, CanCreateFiles = canCreateFiles, DefaultAccessRight = defaultRight
};
groups.Add(group);
AddAccessRightToSubDirectory(group, defaultRight, "");
}
public bool HasRights(Guid listId, ICollection <int> trusteeIds, AccessRight accessRights)
{
bool result = false;
var db = GetObjectContext();
{
var accessItems = db.AccessControlLists.Where(item => item.ListMetadataId == listId && trusteeIds.Contains(item.TrusteeId));
if (accessItems.Any())
{
var maxAccessRight = accessItems.Max(item => item.AccessRight);
result = maxAccessRight >= (int)accessRights;
}
}
return(result);
}
public static AccessRights Map(AccessRight source)
{
switch (source)
{
case AccessRight.Listen: return(AccessRights.Listen);
case AccessRight.Manage: return(AccessRights.Manage);
case AccessRight.ManageNotificationHub: return(AccessRights.ManageNotificationHub);
case AccessRight.Send: return(AccessRights.Send);
default: throw new ArgumentOutOfRangeException(nameof(source));
}
}
/// <summary>
/// Adds a given right to a group.
/// </summary>
/// <param name="g">Name of the group.</param>
/// <param name="r">Right to add.</param>
public void AddRight(Group g, AccessRight r)
{
var info = FindAccessInfo(g);
if (info != null)
{
info.AddRight(r);
}
else
{
Access.Add(new AccessInfo {
Group = g, Right = r, GroupDummy = g.Name
});
}
}
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
var uniqueId = entity.GetUniqueId();
if (string.IsNullOrEmpty(uniqueId))
{
return this.GetDefaultAccessResult();
}
var id = uniqueId.Substring(uniqueId.IndexOf("{", StringComparison.Ordinal), uniqueId.IndexOf("}", StringComparison.Ordinal) - uniqueId.IndexOf("{", StringComparison.Ordinal) + 1);
var itemId = ID.Parse(id);
var item = this.DataStorage.GetFakeItem(itemId);
return this.GetPermission(item.Access, accessRight);
}
public static bool TryParseAccessRight(this BaseCommand command, string accessRightName, out AccessRight accessRight)
{
accessRight = null;
try
{
accessRight = AccessRight.FromName(accessRightName);
}
catch (Exception ex)
{
command.WriteError(new ErrorRecord(ex, "sitecore_invalid_access_right", ErrorCategory.InvalidArgument, null));
return(false);
}
return(true);
}
// GET: AccessRights/Edit/5
public ActionResult Edit(int?id)
{
if (id == null)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
AccessRight accessRight = db.AccessRights.Find(id);
if (accessRight == null)
{
return(HttpNotFound());
}
ViewBag.AspNetUserId = new SelectList(db.AspNetUsers, "Id", "Email", accessRight.AspNetUserId);
return(View(accessRight));
}
public bool HasAccess(AccessRight[] userAccessRights, AccessRight requiredAccessRight)
{
if (userAccessRights.Contains(AccessRight.Full) || userAccessRights.Length >= 4)
{
return(true);
}
foreach (var right in userAccessRights)
{
if (right == requiredAccessRight)
{
return(true);
}
}
return(false);
}
/// <summary>
/// The method that matches incoming number to a collection of permissions
/// </summary>
/// <param name="value">The number of bit-vector that comes and needs to be converted to list</param>
/// <param name="repository">A layer to get permissions from database</param>
/// <returns>A collection of permissions</returns>
private static IEnumerable <Permission> MatchPermissions(int value, IPermissionRepository repository)
{
AccessRight vector = (AccessRight)value;
var accessRights = vector
.ToString()
.Split(',')
.Select(x => Enum.Parse(typeof(AccessRight), x))
.Cast <AccessRight>();
var result = repository.Get(new List <Expression <Func <Permission, bool> > >()
{
perm => accessRights.Contains(perm.AccessRights)
});
return(result);
}
public static string Translate(this AccessRight right, Translator translator)
{
switch (right)
{
case AccessRight.None:
return(translator.Get("Enum.AccessRight.None", "Value 'None' in AccessRight enum", "None"));
case AccessRight.Read:
return(translator.Get("Enum.AccessRight.Read", "Value 'Read' in AccessRight enum", "Read"));
case AccessRight.Write:
return(translator.Get("Enum.AccessRight.Write", "Value 'Write' in AccessRight enum", "Write"));
default:
throw new NotSupportedException();
}
}
protected override AccessResult GetItemAccess(Data.Items.Item item, Account account, AccessRight accessRight, PropagationType propagationType)
{
var result = base.GetItemAccess(item, account, accessRight, propagationType);
if (result.IsNull() || result.Permission != AccessPermission.Allow)
{
return result;
}
if (accessRight.Name != BucketRights.MakeABucket)
{
return result;
}
var right = accessRight as BucketAccessRight;
if (right.IsNotNull())
{
result = this.GetItemAccess(item, account, right);
}
return result;
}
private static extern IntPtr CreateEventEx(
IntPtr eventAttributes, [MarshalAs(UnmanagedType.LPTStr)]string name,
CreateEventFlags flags, AccessRight desiredAccess);
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
return new AccessResult(AccessPermission.Allow,
new AccessExplanation("Always allow authorization provider used"));
}
/// <summary>
/// The get access core.
/// </summary>
/// <param name="entity">
/// The entity.
/// </param>
/// <param name="account">
/// The account.
/// </param>
/// <param name="accessRight">
/// The access right.
/// </param>
/// <returns>
/// The <see cref="AccessResult"/>.
/// </returns>
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
if (!this.accessRules.ContainsKey(entity.GetUniqueId()))
{
return new AccessResult(AccessPermission.Allow, new AccessExplanation(account.Name, accessRight));
}
AccessRuleCollection rule = this.accessRules[entity.GetUniqueId()];
return new AccessResult(rule.Helper.GetAccessPermission(account, accessRight, PropagationType.Any), new AccessExplanation("Memory authorization provider found it correct."));
}
public void when_the_user_has_full_rights_return_null_so_that_the_construction_can_continue_to_the_next_in_the_chain()
{
theRightsAre = AccessRight.All;
theResultingTag.ShouldBeNull();
}
private string GetAccessPermission(AccessRuleCollection rules, Sitecore.Security.Accounts.Account account, AccessRight accessRight, AccessPermission accessPermission, string sExistingPermissions)
{
if ((rules.Helper.GetAccessPermission(account, accessRight, PropagationType.Descendants) == accessPermission) &&
(sExistingPermissions.IndexOf(accessRight.Name) == -1))
{
sExistingPermissions += accessRight.Name + "|";
}
return sExistingPermissions;
}
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
return new AccessResult(AccessPermission.Allow, new AccessExplanation("Everything is allowed by design."));
}
internal AccessRoomEvent(AccessRight newRights)
{
this.NewRights = newRights;
}
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
throw new System.NotImplementedException();
}
/// <summary>
/// Checking on if user has in its claims the specific one neeeded
/// </summary>
/// <param name="value">Value of Permissions claim</param>
/// <param name="permission">The permission for specific action</param>
/// <returns>True if there is such a permission for user</returns>
private static bool hasFlag(string value, AccessRight permission)
{
return ((AccessRight)Enum.Parse(typeof(AccessRight), value))
.HasFlag(permission);
}
public PrincipalRole(string name, AccessRight[] rights)
{
this.Name = name;
this.Rights = rights;
}
public static bool TryParseAccessRight(this BaseCommand command, string accessRightName, out AccessRight accessRight)
{
accessRight = null;
try
{
accessRight = AccessRight.FromName(accessRightName);
}
catch (Exception ex)
{
command.WriteError(new ErrorRecord(ex, "sitecore_invalid_access_right", ErrorCategory.InvalidArgument, null));
return false;
}
return true;
}
public void return_an_element_that_is_not_authorized_if_there_are_not_rights()
{
theRightsAre = AccessRight.None;
theResultingTag.Authorized().ShouldBeFalse();
}
public void when_the_user_has_only_read_access_the_builder_should_return_the_display_for_element()
{
theRightsAre = AccessRight.ReadOnly;
var displayTag = new HtmlTag("span");
services.MockFor<ITagGenerator<TheModel>>().Stub(x => x.DisplayFor(theRequest)).Return(displayTag);
theResultingTag.ShouldBeTheSameAs(displayTag);
}
protected override AccessResult GetAccessCore(ISecurable entity, Account account, AccessRight accessRight)
{
return new AccessResult(AccessPermission.Allow, new AccessExplanation("fake"));
}
public override AccessResult GetAccess(ISecurable entity, Account account, AccessRight accessRight)
{
return this.CurrentProvider.GetAccess(entity, account, accessRight);
}
