private static AuthorizationHandlerContext CreateAuthorizationHandlerContext(int nodeId, bool createWithNodeId = false)
{
var requirement = new ContentPermissionsResourceRequirement();
var user = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>()));
IContent content = CreateContent(nodeId);
System.Collections.ObjectModel.ReadOnlyCollection <char> permissions = new List <char> {
'A'
}.AsReadOnly();
ContentPermissionsResource resource = createWithNodeId
? new ContentPermissionsResource(content, nodeId, permissions)
: new ContentPermissionsResource(content, permissions);
return(new AuthorizationHandlerContext(new List <IAuthorizationRequirement> {
requirement
}, user, resource));
}
/// <summary>
/// Checks if the user has access to post a content item based on whether it's being created or saved.
/// </summary>
/// <param name="actionContext"></param>
/// <param name="contentItem"></param>
/// <param name="backofficeSecurity"></param>
private async Task <bool> ValidateUserAccessAsync(
ContentItemSave?contentItem,
ActionExecutingContext actionContext)
{
// We now need to validate that the user is allowed to be doing what they are doing.
// Based on the action we need to check different permissions.
// Then if it is new, we need to lookup those permissions on the parent!
var permissionToCheck = new List <char>();
IContent?contentToCheck = null;
int contentIdToCheck;
switch (contentItem?.Action)
{
case ContentSaveAction.Save:
permissionToCheck.Add(ActionUpdate.ActionLetter);
contentToCheck = contentItem.PersistedContent;
contentIdToCheck = contentToCheck?.Id ?? default;
break;
case ContentSaveAction.Publish:
case ContentSaveAction.PublishWithDescendants:
case ContentSaveAction.PublishWithDescendantsForce:
permissionToCheck.Add(ActionPublish.ActionLetter);
contentToCheck = contentItem.PersistedContent;
contentIdToCheck = contentToCheck?.Id ?? default;
break;
case ContentSaveAction.SendPublish:
permissionToCheck.Add(ActionToPublish.ActionLetter);
contentToCheck = contentItem.PersistedContent;
contentIdToCheck = contentToCheck?.Id ?? default;
break;
case ContentSaveAction.Schedule:
permissionToCheck.Add(ActionUpdate.ActionLetter);
permissionToCheck.Add(ActionToPublish.ActionLetter);
contentToCheck = contentItem.PersistedContent;
contentIdToCheck = contentToCheck?.Id ?? default;
break;
case ContentSaveAction.SaveNew:
//Save new requires ActionNew
permissionToCheck.Add(ActionNew.ActionLetter);
if (contentItem.ParentId != Constants.System.Root)
{
contentToCheck = _contentService.GetById(contentItem.ParentId);
contentIdToCheck = contentToCheck?.Id ?? default;
}
else
{
contentIdToCheck = contentItem.ParentId;
}
break;
case ContentSaveAction.SendPublishNew:
//Send new requires both ActionToPublish AND ActionNew
permissionToCheck.Add(ActionNew.ActionLetter);
permissionToCheck.Add(ActionToPublish.ActionLetter);
if (contentItem.ParentId != Constants.System.Root)
{
contentToCheck = _contentService.GetById(contentItem.ParentId);
contentIdToCheck = contentToCheck?.Id ?? default;
}
else
{
contentIdToCheck = contentItem.ParentId;
}
break;
case ContentSaveAction.PublishNew:
case ContentSaveAction.PublishWithDescendantsNew:
case ContentSaveAction.PublishWithDescendantsForceNew:
//Publish new requires both ActionNew AND ActionPublish
// TODO: Shouldn't publish also require ActionUpdate since it will definitely perform an update to publish but maybe that's just implied
permissionToCheck.Add(ActionNew.ActionLetter);
permissionToCheck.Add(ActionPublish.ActionLetter);
if (contentItem.ParentId != Constants.System.Root)
{
contentToCheck = _contentService.GetById(contentItem.ParentId);
contentIdToCheck = contentToCheck?.Id ?? default;
}
else
{
contentIdToCheck = contentItem.ParentId;
}
break;
case ContentSaveAction.ScheduleNew:
permissionToCheck.Add(ActionNew.ActionLetter);
permissionToCheck.Add(ActionUpdate.ActionLetter);
permissionToCheck.Add(ActionPublish.ActionLetter);
if (contentItem.ParentId != Constants.System.Root)
{
contentToCheck = _contentService.GetById(contentItem.ParentId);
contentIdToCheck = contentToCheck?.Id ?? default;
}
else
{
contentIdToCheck = contentItem.ParentId;
}
break;
default:
throw new ArgumentOutOfRangeException();
}
ContentPermissionsResource resource = contentToCheck == null
? new ContentPermissionsResource(contentToCheck, contentIdToCheck, permissionToCheck)
: new ContentPermissionsResource(contentToCheck, permissionToCheck);
AuthorizationResult authorizationResult = await _authorizationService.AuthorizeAsync(
actionContext.HttpContext.User,
resource,
AuthorizationPolicies.ContentPermissionByResource);
if (!authorizationResult.Succeeded)
{
return(false);
}
return(true);
}
