public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
public void TestFixtureSetUp()
{
// Create test content
m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
try
{
m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite);
}
catch
{
// this "catch" is used to debug issues with the Paste() method call above
int y = 0;
y++;
}
Initialize();
// Create test user
try
{
var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME);
Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring");
var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow);
var accessRules = new AccessRuleCollection();
accessRules.Add(accessRule);
m_blog1.Security.SetAccessRules(accessRules);
}
catch
{
Membership.DeleteUser("sitecore\\" + TESTUSERNAME);
}
}
}
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
return(collection);
}
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct)
{
var canActRest = canAct(itemAccess);
if (canActRest == null)
{
return;
}
var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess;
rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission));
}
protected override void ProcessRecord()
{
if (!this.TryParseAccessRight(AccessRight, out var accessRight))
{
return;
}
var account = this.GetAccountFromIdentity(Identity);
var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission);
WriteObject(accessRule);
}
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess)
{
var collection = new AccessRuleCollection();
// Add read and write item permission, if the user or user group has access.
collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess));
// Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories.
collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess));
collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess));
return(collection);
}
protected override void ProcessItem(Item item)
{
var accessRules = item.Security.GetAccessRules();
if (AccessRules == null)
{
AccessRight accessRight;
if (!this.TryParseAccessRight(AccessRight, out accessRight))
{
return;
}
Account account = this.GetAccountFromIdentity(Identity);
var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission);
accessRules.Add(accessRule);
if (ShouldProcess(item.GetProviderPath(),
string.Format(
"Add access right '{0}' with PropagationType '{1}', SecurityPermission '{2}' for '{3}'",
accessRight.Name, PropagationType, SecurityPermission, Identity.Name)))
{
item.Security.SetAccessRules(accessRules);
}
}
else
{
if (ShouldProcess(item.GetProviderPath(), "Add Acl list."))
{
accessRules.AddRange(AccessRules);
item.Security.SetAccessRules(accessRules);
}
}
if (PassThru)
{
WriteItem(item);
}
}
public void ShouldRestrictItemSecurity()
{
// arrange
using (var db = new Db {
new DbItem("home")
{
new DbItem("about")
}
})
{
var item = db.GetItem("/sitecore/content/home");
var rules = new AccessRuleCollection
{
AccessRule.Create(Context.User, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny)
};
// act
AuthorizationManager.SetAccessRules(item, rules);
// assert
Assert.NotNull(db.GetItem("/sitecore/content/home"));
Assert.Null(db.GetItem("/sitecore/content/home/about"));
}
}
public void TestFixtureSetUp()
{
// Create test content
var db = Sitecore.Configuration.Factory.GetDatabase("master");
var home = db.GetItem("/sitecore/content/home");
using (new SecurityDisabler())
{
home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = home.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
{
m_blog1.Add("Entry11", template);
}
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
m_blog1.Add("Entry12", template);
}
// END: Workaround
// Create test users
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
}
m_api = new Mod.MetaBlogApi();
}
public void TestFixtureSetUp()
{
// Create test content
using (new SecurityDisabler())
{
m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite);
// Retrieve created content items
m_testRoot = m_testContentRoot.Axes.GetChild("test content");
m_blog1 = m_testRoot.Axes.GetChild("blog1");
m_blog2 = m_testRoot.Axes.GetChild("blog2");
m_blog3 = m_testRoot.Axes.GetChild("blog3");
// Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created.
// Remove the following section once the bug has been fixed
// START: Workaround
var template = m_blog1.Database.Templates[Settings.EntryTemplateID];
var entry11Check = m_blog1.Axes.GetDescendant("Entry11");
if (entry11Check == null)
{
var entry = m_blog1.Add("Entry11", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120105T233207";
}
}
var entry12Check = m_blog1.Axes.GetDescendant("Entry12");
if (entry12Check == null)
{
System.Threading.Thread.Sleep(2000);
var entry = m_blog1.Add("Entry12", template);
using (new EditContext(entry))
{
entry["Entry Date"] = "20120106T233145";
}
}
// END: Workaround
// Create test users
// Use random usernames to ensure we're not trying to create users that might already exist
m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD);
// Add users to roles
m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring"));
var rules = new AccessRuleCollection();
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Any, AccessPermission.Allow));
rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemCreate, PropagationType.Any, AccessPermission.Allow));
m_blog1.Security.SetAccessRules(rules);
m_blog2.Security.SetAccessRules(rules);
ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry11 = m_blog1.Axes.GetDescendant("Entry11");
ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web"));
var entry12 = m_blog1.Axes.GetDescendant("Entry12");
ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web"));
// Rebuild the search index to ensure all manager calls work as expected
#if FEATURE_CONTENT_SEARCH
var index = ContentSearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#else
var index = SearchManager.GetIndex(Settings.SearchIndexName);
index.Rebuild();
#endif
}
m_api = new Mod.MetaBlogApi();
}
