private void DemandReadWriteRule(IAccessSecuredObject item) { // Do not demand access, if user set SaveUnsecured to true explicilty if (item.SaveUnsecured) { return; } try { using (var container = ContextScopeProvider.CreateChildContainer()) { var unitOfWork = container.Resolve <IUnitOfWork>(); Type itemType; if (item is IProxy) { itemType = item.GetType().BaseType; } else { itemType = item.GetType(); } object securedObject; if (!cacheService.GetEntity(itemType, item.Id, out securedObject)) { securedObject = unitOfWork.Session.Get(itemType, item.Id); cacheService.AddEntity(itemType, item.Id, securedObject); } if (securedObject != null) { var accessControlService = container.Resolve <IAccessControlService>(); var securityService = container.Resolve <ISecurityService>(); var principal = securityService.GetCurrentPrincipal(); if (accessControlService.GetAccessLevel((IAccessSecuredObject)securedObject, principal) != AccessLevel.ReadWrite) { throw new ValidationException( () => string.Format(RootGlobalization.Validation_CurrentUserHasNoRightsToUpdateOrDelete_Message, principal.Identity.Name, item.Title), string.Format("Current user {0} has no rights to update or delete secured object {1}.", principal.Identity.Name, item)); } } } } catch (ValidationException) { throw; } catch (Exception ex) { throw new CmsException(string.Format("Failed to check an access level of current user for the record {0}.", item), ex); } }
private void DemandReadWriteRule(IAccessSecuredObject item) { // Do not demand access, if user set SaveUnsecured to true explicilty if (item.SaveUnsecured) { return; } try { using (var container = ContextScopeProvider.CreateChildContainer()) { var unitOfWork = container.Resolve<IUnitOfWork>(); Type itemType; if (item is IProxy) { itemType = item.GetType().BaseType; } else { itemType = item.GetType(); } object securedObject; if (!cacheService.GetEntity(itemType, item.Id, out securedObject)) { securedObject = unitOfWork.Session.Get(itemType, item.Id); cacheService.AddEntity(itemType, item.Id, securedObject); } if (securedObject != null) { var accessControlService = container.Resolve<IAccessControlService>(); var securityService = container.Resolve<ISecurityService>(); var principal = securityService.GetCurrentPrincipal(); if (accessControlService.GetAccessLevel((IAccessSecuredObject)securedObject, principal) != AccessLevel.ReadWrite) { throw new ValidationException( () => string.Format(RootGlobalization.Validation_CurrentUserHasNoRightsToUpdateOrDelete_Message, principal.Identity.Name, item.Title), string.Format("Current user {0} has no rights to update or delete secured object {1}.", principal.Identity.Name, item)); } } } } catch (ValidationException) { throw; } catch (Exception ex) { throw new CmsException(string.Format("Failed to check an access level of current user for the record {0}.", item), ex); } }
private bool HasCurrentPrincipalAccess(IAccessSecuredObject page) { if (!cmsConfiguration.Security.AccessControlEnabled) { return(true); } if (accessControlService == null) { return(true); } var principal = SecurityService.GetCurrentPrincipal(); var accessLevel = accessControlService.GetAccessLevel(page, principal); return(accessLevel != AccessLevel.Deny); }
/// <summary> /// Update the access rule entities. /// </summary> /// <param name="securedObject">The secured object.</param> /// <param name="updatedRules">The access list.</param> private void UpdateChangedRules(IAccessSecuredObject securedObject, IList <IAccessRule> updatedRules) { if (updatedRules != null && updatedRules.Count > 0 && securedObject.AccessRules != null) { var existingAccessRules = securedObject.AccessRules.ToList(); foreach (var entity in existingAccessRules) { // Find access rule object with the same Role and different AccessLevel. var rule = updatedRules.FirstOrDefault(x => x.Identity == entity.Identity && x.IsForRole == entity.IsForRole && x.AccessLevel != entity.AccessLevel); // If found, update. if (rule != null) { entity.AccessLevel = rule.AccessLevel; } } } }
private bool HasCurrentPrincipalAccess(IAccessSecuredObject page) { if (!cmsConfiguration.Security.AccessControlEnabled) { return true; } if (accessControlService == null) { return true; } var principal = SecurityService.GetCurrentPrincipal(); var accessLevel = accessControlService.GetAccessLevel(page, principal); return accessLevel != AccessLevel.Deny; }