/// <summary> /// Bind the checkbox list and the treeview to the specified role. If adding a new role, pass null or an empty /// string to the roleName parameter. /// </summary> /// <param name="roleName">The name of the role to be bound to the checkbox list and treeview, or null if adding /// a new role.</param> private void PopulateControlsWithRoleData(string roleName) { // Gets called by the Callback control when the user clicks Add or Edit for a particular role. // Populate the controls with data specific to this role, especially in regard to checking the appropriate // checkboxes to indicate the level of permission granted to this role (nothing will be checked when // adding a new role). IGalleryServerRole role = null; if (!String.IsNullOrEmpty(roleName)) { role = Factory.LoadGalleryServerRole(roleName); if (role == null) { throw new InvalidGalleryServerRoleException(); } lblRoleName.Text = RoleController.ParseRoleNameFromGspRoleName(Utils.HtmlEncode(role.RoleName)); } BindRolePermissionCheckboxes(role); BindAlbumTreeview(role); }
/// <summary> /// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role /// if one exists for the album, but only when this album is the only one assigned to the role. It also clears out /// <see cref="IGallerySettings.UserAlbumParentAlbumId" /> if the album's ID matches it. This function recursively calls /// itself to make sure all child albums are processed. /// </summary> /// <param name="album">The album to be deleted, or one of its child albums.</param> private static void OnBeforeAlbumDelete(IAlbum album) { // If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it. if (!String.IsNullOrEmpty(album.OwnerRoleName)) { IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRole(album.OwnerRoleName); if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id)) { RoleController.DeleteGalleryServerProRole(role.RoleName); } } // If the album is specified as the user album container, clear out the setting. The ValidateBeforeAlbumDelete() // function will throw an exception if user albums are enabled, so this should only happen when user albums // are disabled, so it is safe to clear it out. int userAlbumParentAlbumId = Factory.LoadGallerySetting(album.GalleryId).UserAlbumParentAlbumId; if (album.Id == userAlbumParentAlbumId) { IGallerySettings gallerySettingsWriteable = Factory.LoadGallerySetting(album.GalleryId, true); gallerySettingsWriteable.UserAlbumParentAlbumId = 0; gallerySettingsWriteable.Save(); } // Recursively validate child albums. foreach (IGalleryObject childAlbum in album.GetChildGalleryObjects(GalleryObjectType.Album)) { OnBeforeAlbumDelete((IAlbum)childAlbum); } }
private void UpdateExistingRole(string roleName) { IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName); if (role == null) { throw new GalleryServerPro.ErrorHandler.CustomExceptions.InvalidGalleryServerRoleException(); } role.AllowAddChildAlbum = chkAddAlbum.Checked; role.AllowAddMediaObject = chkAddMediaObject.Checked; role.AllowAdministerSite = chkAdministerSite.Checked; role.AllowDeleteChildAlbum = chkDeleteChildAlbum.Checked; role.AllowDeleteMediaObject = chkDeleteMediaObject.Checked; role.AllowEditAlbum = chkEditAlbum.Checked; role.AllowEditMediaObject = chkEditMediaObject.Checked; role.AllowSynchronize = chkSynchronize.Checked; role.AllowViewOriginalImage = chkViewHiResImage.Checked; role.AllowViewAlbumOrMediaObject = chkViewObject.Checked; role.HideWatermark = chkHideWatermark.Checked; RoleController.UpdateRoleAlbumRelationships(role, tvUC.TopLevelCheckedAlbumIds); role.Save(); }
/// <summary> /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the /// isAdministratorChecked parameter is true. /// </summary> /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param> /// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been /// checked or the specified role has administrative permission. Since administrative permission applies to all /// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown /// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param> private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator) { if ((role != null) && (role.AllowAdministerSite != isAdministrator)) { throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match."); } if (role != null) // Role will be null when user is adding a new role { IIntegerCollection albumIds = tvUC.AlbumIdsToCheck; albumIds.Clear(); albumIds.AddRange(role.RootAlbumIds); foreach (IGallery gallery in Factory.LoadGalleries()) { IAlbum rootAlbum = Factory.LoadRootAlbumInstance(gallery.GalleryId); if (role.RootAlbumIds.Contains(rootAlbum.Id)) { // The role applies to all albums. Since the treeview initially renders to two levels, we need // to add the album IDs for the root album's child albums. foreach (IGalleryObject album in rootAlbum.GetChildGalleryObjects(GalleryObjectType.Album)) { albumIds.Add(album.Id); } } } } tvUC.RequiredSecurityPermissions = SecurityActions.AdministerSite | SecurityActions.AdministerGallery; tvUC.Galleries = Factory.LoadGalleries(); tvUC.RootAlbumPrefix = String.Concat(Resources.GalleryServerPro.Site_Gallery_Text, " '{GalleryDescription}': "); tvUC.BindTreeView(); }
private static void ValidateDeleteRole(string roleName) { // Make sure the loggod-on person isn't doing anything stupid, like deleting the only role with Administer // site permission. IGalleryServerRole roleToDelete = Factory.LoadGalleryServerRole(roleName); if (roleToDelete == null) { return; } if (roleToDelete.AllowAdministerSite) { // User is trying to delete a role with administer site permission. Make sure // at least one other role has this permission, and that the role has at least one member. bool atLeastOneOtherRoleHasAdminSitePermission = false; foreach (IGalleryServerRole role in Factory.LoadGalleryServerRoles()) { if ((!role.RoleName.Equals(roleToDelete.RoleName, StringComparison.OrdinalIgnoreCase) && role.AllowAdministerSite)) { if (GetUsersInRole(role.RoleName).Length > 0) { atLeastOneOtherRoleHasAdminSitePermission = true; break; } } } if (!atLeastOneOtherRoleHasAdminSitePermission) { throw new WebException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Msg); } } }
/// <summary> /// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in /// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property /// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>. /// </summary> /// <param name="role">The role whose root album/role relationships should be updated. When editing /// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before /// saving it.</param> /// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param> public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds) { if (role == null) { throw new ArgumentNullException("role"); } if (topLevelCheckedAlbumIds == null) { topLevelCheckedAlbumIds = new IntegerCollection(); } int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count]; role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0); role.RootAlbumIds.Clear(); if (role.AllowAdministerSite) { // Administer site permission automatically applies to all albums, so all we need to do is get // a reference to the root album ID. role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id); } else { role.RootAlbumIds.AddRange(topLevelCheckedAlbumIds); } if (IsRoleAnAlbumOwnerRole(role.RoleName)) { ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds); } }
/// <summary> /// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null /// when adding a new role and the checkboxes will be set to their default values (unselected.) /// </summary> /// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding /// a new role.</param> private void BindRolePermissionCheckboxes(IGalleryServerRole role) { if (role == null) { chkAddAlbum.Checked = false; chkAddMediaObject.Checked = false; chkAdministerSite.Checked = false; chkAdministerGallery.Checked = false; chkDeleteChildAlbum.Checked = false; chkDeleteMediaObject.Checked = false; chkEditAlbum.Checked = false; chkEditMediaObject.Checked = false; chkSynchronize.Checked = false; chkViewHiResImage.Checked = false; chkViewObject.Checked = false; chkHideWatermark.Checked = false; } else { chkAddAlbum.Checked = role.AllowAddChildAlbum; chkAddMediaObject.Checked = role.AllowAddMediaObject; chkAdministerSite.Checked = role.AllowAdministerSite; chkAdministerGallery.Checked = role.AllowAdministerGallery; chkDeleteChildAlbum.Checked = role.AllowDeleteChildAlbum; chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject; chkEditAlbum.Checked = role.AllowEditAlbum; chkEditMediaObject.Checked = role.AllowEditMediaObject; chkSynchronize.Checked = role.AllowSynchronize; chkViewHiResImage.Checked = role.AllowViewOriginalImage; chkViewObject.Checked = role.AllowViewAlbumOrMediaObject; chkHideWatermark.Checked = role.HideWatermark; } }
/// <summary> /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the /// isAdministratorChecked parameter is true. /// </summary> /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param> /// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been /// checked or the specified role has administrative permission. Since administrative permission applies to all /// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown /// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param> private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator) { if ((role != null) && (role.AllowAdministerSite != isAdministrator)) { throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match."); } if (role != null) // Role will be null when user is adding a new role { IIntegerCollection albumIds = tvUC.AlbumIdsToSelect; albumIds.Clear(); albumIds.AddRange(role.RootAlbumIds); if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id)) { // The role applies to all albums. Since the treeview initially renders to two levels, we need // to add the album IDs for the root album's child albums. foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album)) { albumIds.Add(album.Id); } } } tvUC.BindTreeView(); }
/// <summary> /// Saves the specified role. /// </summary> /// <param name="role">The role.</param> public void Save(IGalleryServerRole role) { PersistRoleToDataStore(role); var repo = new RoleAlbumRepository(Context); repo.Save(role.RoleName, role.RootAlbumIds); }
/// <summary> /// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record /// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference /// this role. /// </summary> /// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param> private static void DeleteFromDataStore(IGalleryServerRole role) { SqlCommand cmd = GetCommandGalleryServerRoleDelete(role); cmd.Connection.Open(); cmd.ExecuteNonQuery(); cmd.Connection.Close(); }
/// <summary> /// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored /// in the <see cref="IGalleryServerRole.RootAlbumIds" /> property, is also saved. The <see cref="IGalleryServerRole.AllAlbumIds" /> /// property is reloaded with the latest list of albums from the data store. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole" /> to persist to the data store.</param> public static void Save(IGalleryServerRole role) { PersistRoleAlbumRelationshipsToDataStore(role); PersistRoleToDataStore(role); ReloadAllAlbumIds(role); }
/// <summary> /// Adds the specified item. /// </summary> /// <param name="item">The item.</param> /// <exception cref="ArgumentNullException">Thrown when <paramref name="item" /> is null.</exception> public void Add(IGalleryServerRole item) { if (item == null) { throw new ArgumentNullException(nameof(item), "Cannot add null to an existing GalleryServerRoleCollection. Items.Count = " + _items.Count); } _items.TryAdd(item.RoleName.ToLowerInvariant(), item); }
/// <summary> /// Determines whether the specified <paramref name="role" /> is equal to this instance. /// </summary> /// <param name="role">The role to compare to this instance.</param> /// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns> public bool Equals(IGalleryServerRole role) { if (role == null) { return(false); } return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase)); }
/// <summary> /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album /// relationship. This procedure adds and deletes records as needed. /// </summary> /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param> private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role) { // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them, // so we don't want to mess with the actual list attached to the object. List <int> roleAlbumRelationshipsToPersist = new List <int>(); foreach (int albumId in role.RootAlbumIds) { roleAlbumRelationshipsToPersist.Add(albumId); } // Step 2: Get a datareader containing a list of all root album IDs in the data store. The result set contains a single // column of integers named "FKAlbumId". IDataReader dr = GetDataReaderRoleRootAlbums(role.RoleName); // Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then // remove it from the list (see step 3 why). If not, the user must have unchecked it so add it to a list of // relationships to be deleted. List <int> roleAlbumRelationshipsToDelete = new List <int>(); while (dr.Read()) { if (roleAlbumRelationshipsToPersist.Contains(dr.GetInt32(0))) { roleAlbumRelationshipsToPersist.Remove(dr.GetInt32(0)); } else { roleAlbumRelationshipsToDelete.Add(dr.GetInt32(0)); } } dr.Close(); // Step 4: Delete the records we accumulated in our list. SqlCommand cmd = GetCommandGalleryServerRole_AlbumDelete(role); cmd.Connection.Open(); foreach (int albumId in roleAlbumRelationshipsToDelete) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } cmd.Connection.Close(); // Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them. cmd = GetCommandGalleryServerRole_AlbumInsert(role); cmd.Connection.Open(); foreach (int albumId in roleAlbumRelationshipsToPersist) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } cmd.Connection.Close(); }
private static void DeleteGalleryServerRole(string roleName) { IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName); if (role != null) { UpdateAlbumOwnerBeforeRoleDelete(role); role.Delete(); } }
private static void PersistRoleToDataStore(IGalleryServerRole role) { // The update stored procedure will automatically call the insert stored procedure if it does not // find a matching role to update. SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role); cmd.Connection.Open(); cmd.ExecuteNonQuery(); cmd.Connection.Close(); }
/// <summary> /// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record /// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference /// this role. /// </summary> /// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param> private static void DeleteFromDataStore(IGalleryServerRole role) { using (SqlConnection cn = SqlDataProvider.GetDbConnection()) { using (SqlCommand cmd = GetCommandGalleryServerRoleDelete(role, cn)) { cn.Open(); cmd.ExecuteNonQuery(); } } }
/// <summary> /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album /// relationship. This procedure adds and deletes records as needed. /// </summary> /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param> private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role) { // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them, // so we don't want to mess with the actual list attached to the object. List <int> roleAlbumRelationshipsToPersist = new List <int>(); foreach (int albumId in role.RootAlbumIds) { roleAlbumRelationshipsToPersist.Add(albumId); } // Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then // remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of // relationships to be deleted. List <int> roleAlbumRelationshipsToDelete = new List <int>(); foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName)) { if (roleAlbumRelationshipsToPersist.Contains(albumId)) { roleAlbumRelationshipsToPersist.Remove(albumId); } else { roleAlbumRelationshipsToDelete.Add(albumId); } } using (SqlConnection cn = SqlDataProvider.GetDbConnection()) { cn.Open(); // Step 3: Delete the records we accumulated in our list. using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn)) { foreach (int albumId in roleAlbumRelationshipsToDelete) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } } using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn)) { // Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them. foreach (int albumId in roleAlbumRelationshipsToPersist) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } } } }
private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn) { SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn); cmd.CommandType = CommandType.StoredProcedure; // Add parameters cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength)); cmd.Parameters["@RoleName"].Value = role.RoleName; return(cmd); }
/// <summary> /// Create a Gallery Server Pro role corresponding to the specified parameters. Also creates the corresponding ASP.NET role. /// Throws an exception if a role with the specified name already exists in the data store. The role is persisted to the data store. /// </summary> /// <param name="roleName">A string that uniquely identifies the role.</param> /// <param name="allowViewAlbumOrMediaObject">A value indicating whether the user assigned to this role has permission to view albums /// and media objects.</param> /// <param name="allowViewOriginalImage">A value indicating whether the user assigned to this role has permission to view the original, /// high resolution version of an image. This setting applies only to images. It has no effect if there are no /// high resolution images in the album or albums to which this role applies.</param> /// <param name="allowAddMediaObject">A value indicating whether the user assigned to this role has permission to add media objects to an album.</param> /// <param name="allowAddChildAlbum">A value indicating whether the user assigned to this role has permission to create child albums.</param> /// <param name="allowEditMediaObject">A value indicating whether the user assigned to this role has permission to edit a media object.</param> /// <param name="allowEditAlbum">A value indicating whether the user assigned to this role has permission to edit an album.</param> /// <param name="allowDeleteMediaObject">A value indicating whether the user assigned to this role has permission to delete media objects within an album.</param> /// <param name="allowDeleteChildAlbum">A value indicating whether the user assigned to this role has permission to delete child albums.</param> /// <param name="allowSynchronize">A value indicating whether the user assigned to this role has permission to synchronize an album.</param> /// <param name="allowAdministerSite">A value indicating whether the user has administrative permission for all albums. This permission /// automatically applies to all albums; it cannot be selectively applied.</param> /// <param name="hideWatermark">A value indicating whether the user assigned to this role has a watermark applied to images. /// This setting has no effect if watermarks are not used. A true value means the user does not see the watermark; /// a false value means the watermark is applied.</param> /// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param> /// <returns>Returns an <see cref="IGalleryServerRole" /> object corresponding to the specified parameters.</returns> /// <exception cref="InvalidGalleryServerRoleException">Thrown when a role with the specified role name already exists in the data store.</exception> public static IGalleryServerRole CreateRole(string roleName, bool allowViewAlbumOrMediaObject, bool allowViewOriginalImage, bool allowAddMediaObject, bool allowAddChildAlbum, bool allowEditMediaObject, bool allowEditAlbum, bool allowDeleteMediaObject, bool allowDeleteChildAlbum, bool allowSynchronize, bool allowAdministerSite, bool hideWatermark, IIntegerCollection topLevelCheckedAlbumIds) { CreateRole(roleName); IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(roleName, allowViewAlbumOrMediaObject, allowViewOriginalImage, allowAddMediaObject, allowAddChildAlbum, allowEditMediaObject, allowEditAlbum, allowDeleteMediaObject, allowDeleteChildAlbum, allowSynchronize, allowAdministerSite, hideWatermark); UpdateRoleAlbumRelationships(role, topLevelCheckedAlbumIds); role.Save(); return(role); }
/// <summary> /// Verify that any role needed for album ownership exists and is properly configured. If an album owner /// is specified and the album is new (IsNew == true), the album is persisted to the data store. This is /// required because the ID is not assigned until it is saved, and a valid ID is required to configure the /// role. /// </summary> /// <param name="album">The album to validate for album ownership. If a null value is passed, the function /// returns without error or taking any action.</param> public static void ValidateRoleExistsForAlbumOwner(IAlbum album) { // For albums, verify that any needed roles for album ownership are present. Create/update as needed. if (album == null) { return; } if (String.IsNullOrEmpty(album.OwnerUserName)) { // If owner role is specified, delete it. if (!String.IsNullOrEmpty(album.OwnerRoleName)) { DeleteGalleryServerProRole(album.OwnerRoleName); album.OwnerRoleName = String.Empty; } } else { // If this is a new album, save it before proceeding. We will need its album ID to configure the role, // and it is not assigned until it is saved. if (album.IsNew) { album.Save(); } // Verify that a role exists that corresponds to the owner. IGalleryServerRole role = Factory.LoadGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName); if (role == null) { // No role exists. Create it. album.OwnerRoleName = CreateAlbumOwnerRole(album); } else { // Role exists. Make sure album is assigned to role and owner is a member. if (!role.RootAlbumIds.Contains(album.Id)) { // Current album is not a member. This should not typically occur, but just in case // it does let's add the current album to it and save it. role.RootAlbumIds.Add(album.Id); role.Save(); } string[] rolesForUser = GetRolesForUser(album.OwnerUserName); if (Array.IndexOf <string>(rolesForUser, role.RoleName) < 0) { // Owner is not a member. Add. AddUserToRole(album.OwnerUserName, role.RoleName); } } } }
private static void ReloadAllAlbumIds(IGalleryServerRole role) { role.ClearAllAlbumIds(); IDataReader dr = GetDataReaderRoleAllAlbums(role.RoleName); while (dr.Read()) { role.AddToAllAlbumIds(dr.GetInt32(0)); } dr.Close(); }
/// <summary> /// Creates a deep copy of this instance, including the RootAlbumIds and AllAlbumIds properties. The RoleName property /// of the copied object is empty and must be assigned before persisting the copy to the data store. /// </summary> /// <returns>Returns a deep copy of this instance.</returns> public IGalleryServerRole Copy() { IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(String.Empty, AllowViewAlbumOrMediaObject, AllowViewOriginalImage, AllowAddMediaObject, AllowAddChildAlbum, AllowEditMediaObject, AllowEditAlbum, AllowDeleteMediaObject, AllowDeleteChildAlbum, AllowSynchronize, AllowAdministerSite, HideWatermark); role.AllAlbumIds.AddRange(AllAlbumIds); role.RootAlbumIds.AddRange(RootAlbumIds); return(role); }
/// <summary> /// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role /// if one exists for the album, but only when this album is the only one assigned to the role. /// </summary> /// <param name="album">The album to be deleted.</param> private static void OnBeforeAlbumDelete(IAlbum album) { // If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it. if (!String.IsNullOrEmpty(album.OwnerRoleName)) { IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName); if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id)) { RoleController.DeleteGalleryServerProRole(role.RoleName); } } }
private static void PersistRoleToDataStore(IGalleryServerRole role) { // The update stored procedure will automatically call the insert stored procedure if it does not // find a matching role to update. using (SqlConnection cn = SqlDataProvider.GetDbConnection()) { using (SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role, cn)) { cn.Open(); cmd.ExecuteNonQuery(); } } }
private static SqlCommand GetCommandGalleryServerRole_AlbumInsert(IGalleryServerRole role) { DataStore dataStoreConfig = ConfigManager.GetGalleryServerProConfigSection().DataStore; SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_Role_AlbumInsert"), SqlDataProvider.GetDbConnection()); cmd.CommandType = CommandType.StoredProcedure; // Add parameters cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, dataStoreConfig.RoleNameLength)); cmd.Parameters.Add(new SqlParameter("@AlbumId", SqlDbType.Int)); cmd.Parameters["@RoleName"].Value = role.RoleName; return(cmd); }
/// <summary> /// Determines whether the specified <see cref="System.Object"/> is equal to this instance. /// </summary> /// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param> /// <returns> /// <c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>. /// </returns> /// <exception cref="T:System.NullReferenceException"> /// The <paramref name="obj"/> parameter is null. /// </exception> public override bool Equals(Object obj) { if (obj == null) { return(false); } IGalleryServerRole role = obj as IGalleryServerRole; if (role == null) { return(false); } return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase)); }
private void PersistRoleToDataStore(IGalleryServerRole role) { // Update the existing role or insert if it doesn't exist. var roleDto = Find(role.RoleName); if (roleDto == null) { roleDto = new RoleDto { RoleName = role.RoleName, AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject, AllowViewOriginalImage = role.AllowViewOriginalImage, AllowAddChildAlbum = role.AllowAddChildAlbum, AllowAddMediaObject = role.AllowAddMediaObject, AllowEditAlbum = role.AllowEditAlbum, AllowEditMediaObject = role.AllowEditMediaObject, AllowDeleteChildAlbum = role.AllowDeleteChildAlbum, AllowDeleteMediaObject = role.AllowDeleteMediaObject, AllowSynchronize = role.AllowSynchronize, HideWatermark = role.HideWatermark, AllowAdministerGallery = role.AllowAdministerGallery, AllowAdministerSite = role.AllowAdministerSite }; Add(roleDto); } else { roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject; roleDto.AllowViewOriginalImage = role.AllowViewOriginalImage; roleDto.AllowAddChildAlbum = role.AllowAddChildAlbum; roleDto.AllowAddMediaObject = role.AllowAddMediaObject; roleDto.AllowEditAlbum = role.AllowEditAlbum; roleDto.AllowEditMediaObject = role.AllowEditMediaObject; roleDto.AllowDeleteChildAlbum = role.AllowDeleteChildAlbum; roleDto.AllowDeleteMediaObject = role.AllowDeleteMediaObject; roleDto.AllowSynchronize = role.AllowSynchronize; roleDto.HideWatermark = role.HideWatermark; roleDto.AllowAdministerGallery = role.AllowAdministerGallery; roleDto.AllowAdministerSite = role.AllowAdministerSite; } Save(); }
/// <summary> /// Remove the user from any roles. If a role is an ownership role, then delete it if the user is the only member. /// Remove the user from ownership of any albums. /// </summary> /// <param name="userName">Name of the user to be deleted.</param> /// <remarks>The user will be specified as an owner only for those albums that belong in ownership roles, so /// to find all albums the user owns, we need only to loop through the user's roles and inspect the ones /// where the names begin with the album owner role name prefix variable.</remarks> private static void UpdateRolesAndOwnershipForDeletedUser(string userName) { List <string> rolesToDelete = new List <string>(); string[] userRoles = RoleController.GetRolesForUser(userName); foreach (string roleName in userRoles) { if (RoleController.IsRoleAnAlbumOwnerRole(roleName)) { // This is a role that was automatically created to provide ownership permission to an album. Check each // album and empty out the OwnerUserName field if the listed owner matches our user. IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName); foreach (int albumId in role.RootAlbumIds) { IAlbum album = Factory.LoadAlbumInstance(albumId, false); if (album.OwnerUserName == userName) { album.OwnerUserName = String.Empty; GalleryObjectController.SaveGalleryObject(album); } } if (RoleController.GetUsersInRole(roleName).Length <= 1) { // The user we are deleting is the only user in the owner role. Mark for deletion. rolesToDelete.Add(roleName); } } } if (userRoles.Length > 0) { foreach (string role in userRoles) { RoleController.RemoveUserFromRole(userName, role); } } foreach (string roleName in rolesToDelete) { RoleController.DeleteGalleryServerProRole(roleName); } }
/// <summary> /// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy /// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership /// functionality, it is necessary to clear the owner field of all affected albums. /// </summary> /// <param name="role">Name of the role to be deleted.</param> private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role) { // Proceed only when dealing with an album ownership role. if (!IsRoleAnAlbumOwnerRole(role.RoleName)) { return; } // Loop through each album assigned to this role. If this role is assigned as the owner role, // clear the OwnerUserName property. foreach (int albumId in role.RootAlbumIds) { IAlbum album = Factory.LoadAlbumInstance(albumId, false); if (album.OwnerRoleName == role.RoleName) { album.OwnerUserName = String.Empty; GalleryObjectController.SaveGalleryObject(album); } } }
/// <summary> /// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null /// when adding a new role and the checkboxes will be set to their default values (unselected.) /// </summary> /// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding /// a new role.</param> private void BindRolePermissionCheckboxes(IGalleryServerRole role) { if (role == null) { chkAddAlbum.Checked = false; chkAddMediaObject.Checked = false; chkAdministerSite.Checked = false; chkDeleteChildAlbum.Checked = false; chkDeleteMediaObject.Checked = false; chkEditAlbum.Checked = false; chkEditMediaObject.Checked = false; chkSynchronize.Checked = false; chkViewHiResImage.Checked = false; chkViewObject.Checked = false; chkHideWatermark.Checked = false; } else { chkAddAlbum.Checked = role.AllowAddChildAlbum; chkAddMediaObject.Checked = role.AllowAddMediaObject; chkAdministerSite.Checked = role.AllowAdministerSite; chkDeleteChildAlbum.Checked = role.AllowDeleteChildAlbum; chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject; chkEditAlbum.Checked = role.AllowEditAlbum; chkEditMediaObject.Checked = role.AllowEditMediaObject; chkSynchronize.Checked = role.AllowSynchronize; chkViewHiResImage.Checked = role.AllowViewOriginalImage; chkViewObject.Checked = role.AllowViewAlbumOrMediaObject; chkHideWatermark.Checked = role.HideWatermark; } }
/// <summary> /// Permanently delete this gallery server role from the data store, including the list of role/album relationships /// associated with this role. This action cannot be undone. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param> public abstract void Role_Delete(IGalleryServerRole role);
/// <summary> /// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored /// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically /// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property. /// </summary> /// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param> public abstract void Role_Save(IGalleryServerRole role);
/// <summary> /// Persist the <paramref name="roleToSave" /> to the data store, associating any album IDs listed in <paramref name="topLevelCheckedAlbumIds" /> /// with it. Prior to saving, validation is performed and a <see cref="GallerySecurityException" /> is thrown if a business rule /// is violated. /// </summary> /// <param name="roleToSave">The role to save.</param> /// <param name="topLevelCheckedAlbumIds">The top level album IDs. May be null.</param> /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> is null.</exception> /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception> /// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the /// role name of the <paramref name="roleToSave" /> parameter.</exception> public static void Save(IGalleryServerRole roleToSave, IIntegerCollection topLevelCheckedAlbumIds) { if (roleToSave == null) throw new ArgumentNullException("roleToSave"); ValidateSaveRole(roleToSave); UpdateRoleAlbumRelationships(roleToSave, topLevelCheckedAlbumIds); roleToSave.Save(); }
/// <summary> /// Determines whether the specified <paramref name="role" /> is equal to this instance. /// </summary> /// <param name="role">The role to compare to this instance.</param> /// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns> public bool Equals(IGalleryServerRole role) { if (role == null) { return false; } return (this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase)); }
/// <summary> /// Permanently delete this gallery server role from the data store, including the list of role/album relationships /// associated with this role. This action cannot be undone. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param> public override void Role_Delete(IGalleryServerRole role) { Role.Delete(role); }
/// <summary> /// Update the list of root album IDs associated with this role based on the user's selection. /// Note that clearing the RootAlbumIds collection causes the AllAlbumIds property to be /// cleared out (Count = 0). /// </summary> /// <param name="role">The role whose root album/role relationships should be updated. When editing /// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before /// saving it.</param> private void UpdateRoleAlbumRelationships(IGalleryServerRole role) { role.RootAlbumIds.Clear(); if (role.AllowAdministerSite) { // Administer site permission automatically applies to all albums, so all we need to do is get // a reference to the root album ID. role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id); } else { role.RootAlbumIds.AddRange(tvUC.TopLevelCheckedAlbumIds); } }
private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn) { SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn); cmd.CommandType = CommandType.StoredProcedure; // Add parameters cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength)); cmd.Parameters["@RoleName"].Value = role.RoleName; return cmd; }
/// <summary> /// Verify the the current user isn't jeopardizing their ability to administer the site or current gallery. Specifically, if /// the user is a member of the role being saved and admin site or gallery permissions are being removed from it, make sure /// the user is in at least one other role with similar permissions. Verifies only the current gallery: That is, it is possible /// for the user to remove their ability to administer another gallery. /// </summary> /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param> /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of /// <paramref name="roleToSave" />.</param> /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception> private static void ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(IGalleryServerRole roleToSave, IGalleryServerRole existingRole) { if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase)) { throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole)); } if (IsUserInRole(Utils.UserName, roleToSave.RoleName)) { bool adminSitePermissionBeingRevoked = (!roleToSave.AllowAdministerSite && existingRole.AllowAdministerSite); bool adminGalleryPermissionBeingRevoked = (!roleToSave.AllowAdministerGallery && existingRole.AllowAdministerGallery); bool userHasAdminSitePermissionThroughAtLeastOneOtherRole = false; bool userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = false; foreach (IGalleryServerRole roleForUser in GetGalleryServerRolesForUser()) { if (!roleForUser.RoleName.Equals(roleToSave.RoleName)) { if (roleForUser.AllowAdministerSite) { userHasAdminSitePermissionThroughAtLeastOneOtherRole = true; } if (roleForUser.AllowAdministerGallery) { userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = true; } } } if (adminSitePermissionBeingRevoked && !userHasAdminSitePermissionThroughAtLeastOneOtherRole) { throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg); } if (adminGalleryPermissionBeingRevoked && !userHasAdminGalleryPermissionThroughAtLeastOneOtherRole) { throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg); } } }
/// <summary> /// Determines whether the user has permission to edit the specified role. Determines this by checking /// whether the logged on user is a site administrator or a gallery administrator for every /// gallery associated with the role. If the role is not assigned to any albums, it verifies the user is /// a gallery admin to at least one gallery (doesn't matter which one). /// </summary> /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param> /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of /// <paramref name="roleToSave" />.</param> /// <param name="rolesForCurrentUser">The roles for current user.</param> /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception> private static void ValidateUserCanEditRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole, IGalleryServerRoleCollection rolesForCurrentUser) { if (Utils.IsCurrentUserSiteAdministrator()) { return; } if (roleToSave.Galleries.Count == 0) { // The role isn't assigned to any albums, so let's make sure the user is a gallery admin to at // least one gallery. if (GalleryController.GetGalleriesCurrentUserCanAdminister().Count == 0) { throw new GallerySecurityException("Your account does not have permission to make changes to roles."); } } if (existingRole.Galleries.Any(gallery => !Utils.IsUserGalleryAdministrator(rolesForCurrentUser, gallery.GalleryId))) { throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg2); } }
/// <summary> /// Don't let user delete a role with site admin or gallery admin permissions if that means the user will /// lose their own administrative access. This should be called before a role is deleted as a validation step. /// </summary> /// <param name="roleToDelete">The role to be deleted.</param> /// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception> private static void ValidatePreventLoggedOnUserFromLosingAdminAccess(IGalleryServerRole roleToDelete) { string roleName = roleToDelete.RoleName; if (roleToDelete.AllowAdministerSite || roleToDelete.AllowAdministerGallery) { bool needToVerify = false; IGalleryServerRoleCollection roles = GetGalleryServerRolesForUser(Utils.UserName); foreach (IGalleryServerRole role in roles) { if (role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase)) { needToVerify = true; break; } } if (needToVerify) { // User is deleting a role he is a member of. Make sure user is in at least one other role with the same type of access. bool userIsInAnotherRoleWithAdminAccess = false; if (roleToDelete.AllowAdministerSite) { foreach (IGalleryServerRole role in roles) { if (role.AllowAdministerSite && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase))) { userIsInAnotherRoleWithAdminAccess = true; break; } } } else if (roleToDelete.AllowAdministerGallery) { foreach (IGalleryServerRole role in roles) { if (role.AllowAdministerGallery && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase))) { userIsInAnotherRoleWithAdminAccess = true; break; } } } if (!userIsInAnotherRoleWithAdminAccess) { throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Remove_Self_Admin_Msg); } } } }
/// <summary> /// Make sure the loggod-on person has authority to save the role and that h/she isn't doing anything stupid, like removing /// Administer site permission from the only role that has it. /// </summary> /// <param name="roleToSave">The role to be saved.</param> /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave"/> is null.</exception> /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception> /// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the /// role name of the <paramref name="roleToSave" /> parameter.</exception> private static void ValidateSaveRole(IGalleryServerRole roleToSave) { #region Parameter Validation if (roleToSave == null) throw new ArgumentNullException("roleToSave"); if (String.IsNullOrEmpty(roleToSave.RoleName)) return; // Role name will be empty when adding a new one, so the validation below doesn't apply. IGalleryServerRole existingRole = Factory.LoadGalleryServerRole(roleToSave.RoleName) ?? roleToSave; #endregion ValidateCanRemoveSiteAdminPermission(roleToSave, existingRole); ValidateUserHasPermissionToSaveRole(roleToSave, existingRole); ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(roleToSave, existingRole); }
/// <summary> /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the /// isAdministratorChecked parameter is true. /// </summary> /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param> private void BindAlbumTreeview(IGalleryServerRole role) { bool isAdmin = ((role != null) && (role.AllowAdministerSite)); BindAlbumTreeview(role, isAdmin); }
/// <summary> /// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission /// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the /// isAdministratorChecked parameter is true. /// </summary> /// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param> /// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been /// checked or the specified role has administrative permission. Since administrative permission applies to all /// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown /// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param> private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator) { if ((role != null) && (role.AllowAdministerSite != isAdministrator)) { throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match."); } if (role != null) // Role will be null when user is adding a new role { IIntegerCollection albumIds = tvUC.AlbumIdsToCheck; albumIds.Clear(); albumIds.AddRange(role.RootAlbumIds); if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id)) { // The role applies to all albums. Since the treeview initially renders to two levels, we need // to add the album IDs for the root album's child albums. foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album)) { albumIds.Add(album.Id); } } } tvUC.DataBind(); }
/// <summary> /// Permanently delete this gallery server role from the data store, including the list of role/album relationships /// associated with this role. This action cannot be undone. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole" /> to delete from the data store.</param> public static void Delete(IGalleryServerRole role) { DeleteFromDataStore(role); }
/// <summary> /// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored /// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically /// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property. /// </summary> /// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param> public override void Role_Save(IGalleryServerRole role) { Role.Save(role); }
/// <summary> /// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in /// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property /// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>. /// </summary> /// <param name="role">The role whose root album/role relationships should be updated. When editing /// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before /// saving it.</param> /// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param> public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds) { if (role == null) throw new ArgumentNullException("role"); if (topLevelCheckedAlbumIds == null) topLevelCheckedAlbumIds = new IntegerCollection(); int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count]; role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0); role.RootAlbumIds.Clear(); if (role.AllowAdministerSite) { // Administer site permission automatically applies to all albums, so all we need to do is get // a reference to the root album ID. role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id); } else { role.RootAlbumIds.AddRange(topLevelCheckedAlbumIds); } if (IsRoleAnAlbumOwnerRole(role.RoleName)) ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds); }
/// <summary> /// Don't let user delete a role that affects any gallery where the user is not a site admin or gallery admin. This should be called before /// a role is deleted as a validation step. The only exception is that we allow a user to delete an album owner role, since that will typically /// be assigned to a single album, and we have logic elsewhere that verifies the user has permission to delete the album. /// </summary> /// <param name="roleToDelete">The role to be deleted.</param> /// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception> /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToDelete" /> is null.</exception> private static void ValidatePreventRoleDeletionAffectingOtherGalleries(IGalleryServerRole roleToDelete) { if (roleToDelete == null) throw new ArgumentNullException("roleToDelete"); if (IsRoleAnAlbumOwnerRole(roleToDelete.RoleName)) { return; } IGalleryCollection adminGalleries = UserController.GetGalleriesCurrentUserCanAdminister(); foreach (IGallery gallery in roleToDelete.Galleries) { if (!adminGalleries.Contains(gallery)) { throw new GallerySecurityException(String.Format(CultureInfo.InvariantCulture, Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Insufficient_Permission_Msg, roleToDelete.RoleName, gallery.Description)); } } }
/// <summary> /// Permanently delete this gallery server role from the data store, including the list of role/album relationships /// associated with this role. This action cannot be undone. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param> public override void Role_Delete(IGalleryServerRole role) { // Delete a gallery server role. This procedure only deletes it from the custom gallery server tables, // not the ASP.NET role membership table(s). The web application code that invokes this procedure also // uses the standard ASP.NET technique to delete the role from the membership table(s). // First delete the records from the role/album association table, then delete the role. using (GspContext ctx = new GspContext()) { foreach (RoleAlbumDto raDto in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra)) { ctx.RoleAlbums.Remove(raDto); } ctx.Roles.Remove(ctx.Roles.Find(role.RoleName)); ctx.SaveChanges(); } }
private static SqlCommand GetCommandGalleryServerRoleUpdate(IGalleryServerRole role, SqlConnection cn) { SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleUpdate"), cn); cmd.CommandType = CommandType.StoredProcedure; cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength)); cmd.Parameters.Add(new SqlParameter("@AllowViewAlbumsAndObjects", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowViewOriginalImage", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowAddChildAlbum", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowAddMediaObject", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowEditAlbum", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowEditMediaObject", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowDeleteChildAlbum", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowDeleteMediaObject", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowSynchronize", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@HideWatermark", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowAdministerGallery", SqlDbType.Bit)); cmd.Parameters.Add(new SqlParameter("@AllowAdministerSite", SqlDbType.Bit)); cmd.Parameters["@RoleName"].Value = role.RoleName; cmd.Parameters["@AllowViewAlbumsAndObjects"].Value = role.AllowViewAlbumOrMediaObject; cmd.Parameters["@AllowViewOriginalImage"].Value = role.AllowViewOriginalImage; cmd.Parameters["@AllowAddChildAlbum"].Value = role.AllowAddChildAlbum; cmd.Parameters["@AllowAddMediaObject"].Value = role.AllowAddMediaObject; cmd.Parameters["@AllowEditAlbum"].Value = role.AllowEditAlbum; cmd.Parameters["@AllowEditMediaObject"].Value = role.AllowEditMediaObject; cmd.Parameters["@AllowDeleteChildAlbum"].Value = role.AllowDeleteChildAlbum; cmd.Parameters["@AllowDeleteMediaObject"].Value = role.AllowDeleteMediaObject; cmd.Parameters["@AllowSynchronize"].Value = role.AllowSynchronize; cmd.Parameters["@HideWatermark"].Value = role.HideWatermark; cmd.Parameters["@AllowAdministerGallery"].Value = role.AllowAdministerGallery; cmd.Parameters["@AllowAdministerSite"].Value = role.AllowAdministerSite; return cmd; }
/// <summary> /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album /// relationship. This procedure adds and deletes records as needed. /// </summary> /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param> private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role) { // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them, // so we don't want to mess with the actual list attached to the object. List<int> roleAlbumRelationshipsToPersist = new List<int>(); foreach (int albumId in role.RootAlbumIds) { roleAlbumRelationshipsToPersist.Add(albumId); } using (GspContext ctx = new GspContext()) { // Step 2: Get a list of all root album IDs in the data store for this role. List<int> roleAlbumRelationshipsToDelete = new List<int>(); foreach (int albumId in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra.FKAlbumId)) { // Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then // remove it from the list (see step 5 why). If not, the user must have unchecked it so add it to a list of // relationships to be deleted. if (roleAlbumRelationshipsToPersist.Contains(albumId)) { roleAlbumRelationshipsToPersist.Remove(albumId); } else { roleAlbumRelationshipsToDelete.Add(albumId); } } // Step 4: Delete the records we accumulated in our list. var roleAlbumDtos = from ra in ctx.RoleAlbums where roleAlbumRelationshipsToDelete.Contains(ra.FKAlbumId) select ra; foreach (RoleAlbumDto roleAlbumDto in roleAlbumDtos) { ctx.RoleAlbums.Remove(roleAlbumDto); } // Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them. foreach (int albumid in roleAlbumRelationshipsToPersist) { ctx.RoleAlbums.Add(new RoleAlbumDto { FKAlbumId = albumid, FKRoleName = role.RoleName }); } ctx.SaveChanges(); } }
/// <summary> /// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album /// relationship. This procedure adds and deletes records as needed. /// </summary> /// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param> private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role) { // Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them, // so we don't want to mess with the actual list attached to the object. List<int> roleAlbumRelationshipsToPersist = new List<int>(); foreach (int albumId in role.RootAlbumIds) { roleAlbumRelationshipsToPersist.Add(albumId); } // Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then // remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of // relationships to be deleted. List<int> roleAlbumRelationshipsToDelete = new List<int>(); foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName)) { if (roleAlbumRelationshipsToPersist.Contains(albumId)) { roleAlbumRelationshipsToPersist.Remove(albumId); } else { roleAlbumRelationshipsToDelete.Add(albumId); } } using (SqlConnection cn = SqlDataProvider.GetDbConnection()) { cn.Open(); // Step 3: Delete the records we accumulated in our list. using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn)) { foreach (int albumId in roleAlbumRelationshipsToDelete) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } } using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn)) { // Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them. foreach (int albumId in roleAlbumRelationshipsToPersist) { cmd.Parameters["@AlbumId"].Value = albumId; cmd.ExecuteNonQuery(); } } } }
private static void PersistRoleToDataStore(IGalleryServerRole role) { // Update the existing role or insert if it doesn't exist. using (GspContext ctx = new GspContext()) { RoleDto roleDto = ctx.Roles.Find(role.RoleName); if (roleDto == null) { roleDto = new RoleDto { RoleName = role.RoleName, AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject, AllowViewOriginalImage = role.AllowViewOriginalImage, AllowAddChildAlbum = role.AllowAddChildAlbum, AllowAddMediaObject = role.AllowAddMediaObject, AllowEditAlbum = role.AllowEditAlbum, AllowEditMediaObject = role.AllowEditMediaObject, AllowDeleteChildAlbum = role.AllowDeleteChildAlbum, AllowDeleteMediaObject = role.AllowDeleteMediaObject, AllowSynchronize = role.AllowSynchronize, HideWatermark = role.HideWatermark, AllowAdministerGallery = role.AllowAdministerGallery, AllowAdministerSite = role.AllowAdministerSite }; ctx.Roles.Add(roleDto); } else { roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject; roleDto.AllowViewOriginalImage = role.AllowViewOriginalImage; roleDto.AllowAddChildAlbum = role.AllowAddChildAlbum; roleDto.AllowAddMediaObject = role.AllowAddMediaObject; roleDto.AllowEditAlbum = role.AllowEditAlbum; roleDto.AllowEditMediaObject = role.AllowEditMediaObject; roleDto.AllowDeleteChildAlbum = role.AllowDeleteChildAlbum; roleDto.AllowDeleteMediaObject = role.AllowDeleteMediaObject; roleDto.AllowSynchronize = role.AllowSynchronize; roleDto.HideWatermark = role.HideWatermark; roleDto.AllowAdministerGallery = role.AllowAdministerGallery; roleDto.AllowAdministerSite = role.AllowAdministerSite; } ctx.SaveChanges(); } }
private static bool IsAuthenticatedUserAuthorized(SecurityActions securityRequest, IGalleryServerRole role, int albumId) { if ((role.AllowAdministerSite) && (securityRequest != SecurityActions.HideWatermark)) { // Administer permissions imply permissions to carry out all other actions, except for hide watermark, which is more of // a preference assigned to the user. return true; } switch (securityRequest) { case SecurityActions.AdministerSite: if (role.AllowAdministerSite) return true; break; case SecurityActions.ViewAlbumOrMediaObject: if (role.AllowViewAlbumOrMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.ViewOriginalImage: if (role.AllowViewOriginalImage && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.AddChildAlbum: if (role.AllowAddChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.AddMediaObject: if (role.AllowAddMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.DeleteAlbum: { // It is OK to delete the album if the AllowDeleteChildAlbum permission is true and one of the following is true: // 1. The album is the root album and its ID is in the list of targeted albums (Note that we never actually delete the root album. // Instead, we delete all objects within the album. But the idea of deleting the top level album to clear out all objects in the // gallery is useful to the user.) // 2. The album is not the root album and its parent album's ID is in the list of targeted albums. if (role.AllowDeleteChildAlbum) { IAlbum album = Factory.LoadAlbumInstance(albumId, false); if (album.IsRootAlbum) { if (role.AllAlbumIds.Contains(album.Id)) return true; break; } else { if (role.AllAlbumIds.Contains(album.Parent.Id)) return true; break; } } break; } case SecurityActions.DeleteChildAlbum: if (role.AllowDeleteChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.DeleteMediaObject: if (role.AllowDeleteMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.EditAlbum: if (role.AllowEditAlbum && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.EditMediaObject: if (role.AllowEditMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.HideWatermark: if (role.HideWatermark && role.AllAlbumIds.Contains(albumId)) return true; break; case SecurityActions.Synchronize: if (role.AllowSynchronize && role.AllAlbumIds.Contains(albumId)) return true; break; default: throw new GalleryServerPro.ErrorHandler.CustomExceptions.BusinessException(string.Format(CultureInfo.CurrentCulture, "The IsUserAuthorized function is not designed to handle the {0} SecurityActions. It must be updated by a developer.", securityRequest.ToString())); } return false; }
private static void SaveRole(IGalleryServerRole role) { PersistRoleToDataStore(role); PersistRoleAlbumRelationshipsToDataStore(role); }
/// <summary> /// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy /// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership /// functionality, it is necessary to clear the owner field of all affected albums. /// </summary> /// <param name="role">Name of the role to be deleted.</param> private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role) { // Proceed only when dealing with an album ownership role. if (!IsRoleAnAlbumOwnerRole(role.RoleName)) return; // Loop through each album assigned to this role. If this role is assigned as the owner role, // clear the OwnerUserName property. foreach (int albumId in role.RootAlbumIds) { IAlbum album = Factory.LoadAlbumInstance(albumId, false); if (album.OwnerRoleName == role.RoleName) { album.OwnerUserName = String.Empty; GalleryObjectController.SaveGalleryObject(album); } } }
/// <summary> /// Verify the user has permission to save the role. /// Specifically, the user is not allowed to add administer site permission or save any gallery she is not a gallery /// administrator for. It is up to the caller to verify that only site or gallery administrators call this function! /// </summary> /// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param> /// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of /// <paramref name="roleToSave" />.</param> /// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception> /// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> or <paramref name="existingRole" /> is null.</exception> private static void ValidateUserHasPermissionToSaveRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole) { if (roleToSave == null) throw new ArgumentNullException("roleToSave"); if (existingRole == null) throw new ArgumentNullException("existingRole"); if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase)) { throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole)); } var roles = GetGalleryServerRolesForUser(); ValidateUserCanEditRole(roleToSave, existingRole, roles); if (!Utils.IsUserSiteAdministrator(roles)) { // User is a gallery admin but not a site admin (we deduce this because ONLY site or gallery admins will get this // far in the function. The user CANNOT save add AllowAdminSite permission. if (roleToSave.AllowAdministerSite) { throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg); } } }