/// <inheritdoc/>
protected override Task <bool> IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsResourceRequirement requirement, ContentPermissionsResource resource)
{
ContentPermissions.ContentAccess permissionResult = resource.NodeId.HasValue
? _contentPermissions.CheckPermissions(
resource.NodeId.Value,
_backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
out IContent? _,
resource.PermissionsToCheck)
: _contentPermissions.CheckPermissions(
resource.Content,
_backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
resource.PermissionsToCheck);
return(Task.FromResult(permissionResult != ContentPermissions.ContentAccess.Denied));
}
public void No_Access_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9, startContentId: 9876);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 9876 && entity.Path == "-1,9876") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void No_Content_Found()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(0)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection();
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.NotFound, result);
}
public void No_Access_To_Recycle_Bin_By_Permission()
{
// Arrange
IUser user = CreateUser(withUserGroup: false);
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection
{
new EntityPermission(9876, 1234, new string[] { "A" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent, new[] { 'B' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
public void Access_To_Recycle_Bin_By_Permission()
{
// Arrange
var user = CreateUser();
var userServiceMock = new Mock <IUserService>();
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A" })
};
var permissionSet = new EntityPermissionSet(-20, permissions);
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-20")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentServiceMock = new Mock <IContentService>();
var contentService = contentServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(-20, user, out IContent _, new[] { 'A' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void Access_Allowed_By_Permission()
{
// Arrange
var user = CreateUser(9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
var content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
var contentService = contentServiceMock.Object;
var permissions = new EntityPermissionCollection {
new(9876, 1234, new[] { "A", "F", "C" })
};
var permissionSet = new EntityPermissionSet(1234, permissions);
var userServiceMock = new Mock <IUserService>();
userServiceMock.Setup(x => x.GetPermissionsForPath(user, "-1,1234,5678")).Returns(permissionSet);
var userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
var entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
var result = contentPermissions.CheckPermissions(1234, user, out IContent _, new[] { 'F' });
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void Access_To_Recycle_Bin_By_Path()
{
// Arrange
IUser user = CreateUser();
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent _);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
public void No_Access_To_Recycle_Bin_By_Path()
{
// Arrange
IUser user = CreateUser(startContentId: 1234);
var contentServiceMock = new Mock <IContentService>();
IContentService contentService = contentServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
entityServiceMock.Setup(x => x.GetAllPaths(It.IsAny <UmbracoObjectTypes>(), It.IsAny <int[]>()))
.Returns(new[] { Mock.Of <TreeEntityPath>(entity => entity.Id == 1234 && entity.Path == "-1,1234") });
IEntityService entityService = entityServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(-20, user, out IContent foundContent);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Denied, result);
}
/// <inheritdoc />
protected override Task<bool> IsAuthorized(AuthorizationHandlerContext context,
ContentPermissionsPublishBranchRequirement requirement, IContent resource)
{
IUser? currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
var denied = new List<IUmbracoEntity>();
var page = 0;
const int pageSize = 500;
var total = long.MaxValue;
while (page * pageSize < total)
{
// Order descendents by shallowest to deepest, this allows us to check permissions from top to bottom so we can exit
// early if a permission higher up fails.
IEnumerable<IEntitySlim> descendants = _entityService.GetPagedDescendants(
resource.Id,
UmbracoObjectTypes.Document,
page++,
pageSize,
out total,
ordering: Ordering.By("path"));
foreach (IEntitySlim c in descendants)
{
// If this item's path has already been denied or if the user doesn't have access to it, add to the deny list.
if (denied.Any(x => c.Path.StartsWith($"{x.Path},")) ||
_contentPermissions.CheckPermissions(
c,
currentUser,
requirement.Permission) == ContentPermissions.ContentAccess.Denied)
{
denied.Add(c);
}
}
}
return Task.FromResult(denied.Count == 0);
}
public void Access_Allowed_By_Path()
{
// Arrange
IUser user = CreateUser(id: 9);
var contentMock = new Mock <IContent>();
contentMock.Setup(c => c.Path).Returns("-1,1234,5678");
IContent content = contentMock.Object;
var contentServiceMock = new Mock <IContentService>();
contentServiceMock.Setup(x => x.GetById(1234)).Returns(content);
IContentService contentService = contentServiceMock.Object;
var entityServiceMock = new Mock <IEntityService>();
IEntityService entityService = entityServiceMock.Object;
var userServiceMock = new Mock <IUserService>();
IUserService userService = userServiceMock.Object;
var contentPermissions = new ContentPermissions(userService, contentService, entityService, AppCaches.Disabled);
// Act
ContentPermissions.ContentAccess result = contentPermissions.CheckPermissions(1234, user, out IContent foundContent);
// Assert
Assert.AreEqual(ContentPermissions.ContentAccess.Granted, result);
}
