/// <summary>
/// Bind the checkbox list and the treeview to the specified role. If adding a new role, pass null or an empty
/// string to the roleName parameter.
/// </summary>
/// <param name="roleName">The name of the role to be bound to the checkbox list and treeview, or null if adding
/// a new role.</param>
private void PopulateControlsWithRoleData(string roleName)
{
// Gets called by the Callback control when the user clicks Add or Edit for a particular role.
// Populate the controls with data specific to this role, especially in regard to checking the appropriate
// checkboxes to indicate the level of permission granted to this role (nothing will be checked when
// adding a new role).
IGalleryServerRole role = null;
if (!String.IsNullOrEmpty(roleName))
{
role = Factory.LoadGalleryServerRole(roleName);
if (role == null)
{
throw new InvalidGalleryServerRoleException();
}
lblRoleName.Text = RoleController.ParseRoleNameFromGspRoleName(Utils.HtmlEncode(role.RoleName));
}
BindRolePermissionCheckboxes(role);
BindAlbumTreeview(role);
}
/// <summary>
/// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role
/// if one exists for the album, but only when this album is the only one assigned to the role. It also clears out
/// <see cref="IGallerySettings.UserAlbumParentAlbumId" /> if the album's ID matches it. This function recursively calls
/// itself to make sure all child albums are processed.
/// </summary>
/// <param name="album">The album to be deleted, or one of its child albums.</param>
private static void OnBeforeAlbumDelete(IAlbum album)
{
// If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it.
if (!String.IsNullOrEmpty(album.OwnerRoleName))
{
IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRole(album.OwnerRoleName);
if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id))
{
RoleController.DeleteGalleryServerProRole(role.RoleName);
}
}
// If the album is specified as the user album container, clear out the setting. The ValidateBeforeAlbumDelete()
// function will throw an exception if user albums are enabled, so this should only happen when user albums
// are disabled, so it is safe to clear it out.
int userAlbumParentAlbumId = Factory.LoadGallerySetting(album.GalleryId).UserAlbumParentAlbumId;
if (album.Id == userAlbumParentAlbumId)
{
IGallerySettings gallerySettingsWriteable = Factory.LoadGallerySetting(album.GalleryId, true);
gallerySettingsWriteable.UserAlbumParentAlbumId = 0;
gallerySettingsWriteable.Save();
}
// Recursively validate child albums.
foreach (IGalleryObject childAlbum in album.GetChildGalleryObjects(GalleryObjectType.Album))
{
OnBeforeAlbumDelete((IAlbum)childAlbum);
}
}
private void UpdateExistingRole(string roleName)
{
IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);
if (role == null)
{
throw new GalleryServerPro.ErrorHandler.CustomExceptions.InvalidGalleryServerRoleException();
}
role.AllowAddChildAlbum = chkAddAlbum.Checked;
role.AllowAddMediaObject = chkAddMediaObject.Checked;
role.AllowAdministerSite = chkAdministerSite.Checked;
role.AllowDeleteChildAlbum = chkDeleteChildAlbum.Checked;
role.AllowDeleteMediaObject = chkDeleteMediaObject.Checked;
role.AllowEditAlbum = chkEditAlbum.Checked;
role.AllowEditMediaObject = chkEditMediaObject.Checked;
role.AllowSynchronize = chkSynchronize.Checked;
role.AllowViewOriginalImage = chkViewHiResImage.Checked;
role.AllowViewAlbumOrMediaObject = chkViewObject.Checked;
role.HideWatermark = chkHideWatermark.Checked;
RoleController.UpdateRoleAlbumRelationships(role, tvUC.TopLevelCheckedAlbumIds);
role.Save();
}
/// <summary>
/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
/// isAdministratorChecked parameter is true.
/// </summary>
/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
/// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
/// checked or the specified role has administrative permission. Since administrative permission applies to all
/// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
/// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
{
if ((role != null) && (role.AllowAdministerSite != isAdministrator))
{
throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");
}
if (role != null) // Role will be null when user is adding a new role
{
IIntegerCollection albumIds = tvUC.AlbumIdsToCheck;
albumIds.Clear();
albumIds.AddRange(role.RootAlbumIds);
foreach (IGallery gallery in Factory.LoadGalleries())
{
IAlbum rootAlbum = Factory.LoadRootAlbumInstance(gallery.GalleryId);
if (role.RootAlbumIds.Contains(rootAlbum.Id))
{
// The role applies to all albums. Since the treeview initially renders to two levels, we need
// to add the album IDs for the root album's child albums.
foreach (IGalleryObject album in rootAlbum.GetChildGalleryObjects(GalleryObjectType.Album))
{
albumIds.Add(album.Id);
}
}
}
}
tvUC.RequiredSecurityPermissions = SecurityActions.AdministerSite | SecurityActions.AdministerGallery;
tvUC.Galleries = Factory.LoadGalleries();
tvUC.RootAlbumPrefix = String.Concat(Resources.GalleryServerPro.Site_Gallery_Text, " '{GalleryDescription}': ");
tvUC.BindTreeView();
}
private static void ValidateDeleteRole(string roleName)
{
// Make sure the loggod-on person isn't doing anything stupid, like deleting the only role with Administer
// site permission.
IGalleryServerRole roleToDelete = Factory.LoadGalleryServerRole(roleName);
if (roleToDelete == null)
{
return;
}
if (roleToDelete.AllowAdministerSite)
{
// User is trying to delete a role with administer site permission. Make sure
// at least one other role has this permission, and that the role has at least one member.
bool atLeastOneOtherRoleHasAdminSitePermission = false;
foreach (IGalleryServerRole role in Factory.LoadGalleryServerRoles())
{
if ((!role.RoleName.Equals(roleToDelete.RoleName, StringComparison.OrdinalIgnoreCase) && role.AllowAdministerSite))
{
if (GetUsersInRole(role.RoleName).Length > 0)
{
atLeastOneOtherRoleHasAdminSitePermission = true;
break;
}
}
}
if (!atLeastOneOtherRoleHasAdminSitePermission)
{
throw new WebException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Msg);
}
}
}
/// <summary>
/// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in
/// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property
/// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>.
/// </summary>
/// <param name="role">The role whose root album/role relationships should be updated. When editing
/// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
/// saving it.</param>
/// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds)
{
if (role == null)
{
throw new ArgumentNullException("role");
}
if (topLevelCheckedAlbumIds == null)
{
topLevelCheckedAlbumIds = new IntegerCollection();
}
int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count];
role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0);
role.RootAlbumIds.Clear();
if (role.AllowAdministerSite)
{
// Administer site permission automatically applies to all albums, so all we need to do is get
// a reference to the root album ID.
role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id);
}
else
{
role.RootAlbumIds.AddRange(topLevelCheckedAlbumIds);
}
if (IsRoleAnAlbumOwnerRole(role.RoleName))
{
ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds);
}
}
/// <summary>
/// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null
/// when adding a new role and the checkboxes will be set to their default values (unselected.)
/// </summary>
/// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding
/// a new role.</param>
private void BindRolePermissionCheckboxes(IGalleryServerRole role)
{
if (role == null)
{
chkAddAlbum.Checked = false;
chkAddMediaObject.Checked = false;
chkAdministerSite.Checked = false;
chkAdministerGallery.Checked = false;
chkDeleteChildAlbum.Checked = false;
chkDeleteMediaObject.Checked = false;
chkEditAlbum.Checked = false;
chkEditMediaObject.Checked = false;
chkSynchronize.Checked = false;
chkViewHiResImage.Checked = false;
chkViewObject.Checked = false;
chkHideWatermark.Checked = false;
}
else
{
chkAddAlbum.Checked = role.AllowAddChildAlbum;
chkAddMediaObject.Checked = role.AllowAddMediaObject;
chkAdministerSite.Checked = role.AllowAdministerSite;
chkAdministerGallery.Checked = role.AllowAdministerGallery;
chkDeleteChildAlbum.Checked = role.AllowDeleteChildAlbum;
chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject;
chkEditAlbum.Checked = role.AllowEditAlbum;
chkEditMediaObject.Checked = role.AllowEditMediaObject;
chkSynchronize.Checked = role.AllowSynchronize;
chkViewHiResImage.Checked = role.AllowViewOriginalImage;
chkViewObject.Checked = role.AllowViewAlbumOrMediaObject;
chkHideWatermark.Checked = role.HideWatermark;
}
}
/// <summary>
/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
/// isAdministratorChecked parameter is true.
/// </summary>
/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
/// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
/// checked or the specified role has administrative permission. Since administrative permission applies to all
/// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
/// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
{
if ((role != null) && (role.AllowAdministerSite != isAdministrator))
{
throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");
}
if (role != null) // Role will be null when user is adding a new role
{
IIntegerCollection albumIds = tvUC.AlbumIdsToSelect;
albumIds.Clear();
albumIds.AddRange(role.RootAlbumIds);
if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id))
{
// The role applies to all albums. Since the treeview initially renders to two levels, we need
// to add the album IDs for the root album's child albums.
foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album))
{
albumIds.Add(album.Id);
}
}
}
tvUC.BindTreeView();
}
/// <summary>
/// Saves the specified role.
/// </summary>
/// <param name="role">The role.</param>
public void Save(IGalleryServerRole role)
{
PersistRoleToDataStore(role);
var repo = new RoleAlbumRepository(Context);
repo.Save(role.RoleName, role.RootAlbumIds);
}
/// <summary>
/// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
/// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
/// this role.
/// </summary>
/// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
private static void DeleteFromDataStore(IGalleryServerRole role)
{
SqlCommand cmd = GetCommandGalleryServerRoleDelete(role);
cmd.Connection.Open();
cmd.ExecuteNonQuery();
cmd.Connection.Close();
}
/// <summary>
/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
/// in the <see cref="IGalleryServerRole.RootAlbumIds" /> property, is also saved. The <see cref="IGalleryServerRole.AllAlbumIds" />
/// property is reloaded with the latest list of albums from the data store.
/// </summary>
/// <param name="role">An instance of <see cref="IGalleryServerRole" /> to persist to the data store.</param>
public static void Save(IGalleryServerRole role)
{
PersistRoleAlbumRelationshipsToDataStore(role);
PersistRoleToDataStore(role);
ReloadAllAlbumIds(role);
}
/// <summary>
/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
/// in the <see cref="IGalleryServerRole.RootAlbumIds" /> property, is also saved. The <see cref="IGalleryServerRole.AllAlbumIds" />
/// property is reloaded with the latest list of albums from the data store.
/// </summary>
/// <param name="role">An instance of <see cref="IGalleryServerRole" /> to persist to the data store.</param>
public static void Save(IGalleryServerRole role)
{
PersistRoleAlbumRelationshipsToDataStore(role);
PersistRoleToDataStore(role);
ReloadAllAlbumIds(role);
}
/// <summary>
/// Adds the specified item.
/// </summary>
/// <param name="item">The item.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="item" /> is null.</exception>
public void Add(IGalleryServerRole item)
{
if (item == null)
{
throw new ArgumentNullException(nameof(item), "Cannot add null to an existing GalleryServerRoleCollection. Items.Count = " + _items.Count);
}
_items.TryAdd(item.RoleName.ToLowerInvariant(), item);
}
/// <summary>
/// Determines whether the specified <paramref name="role" /> is equal to this instance.
/// </summary>
/// <param name="role">The role to compare to this instance.</param>
/// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns>
public bool Equals(IGalleryServerRole role)
{
if (role == null)
{
return(false);
}
return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
/// relationship. This procedure adds and deletes records as needed.
/// </summary>
/// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
{
// Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
// so we don't want to mess with the actual list attached to the object.
List <int> roleAlbumRelationshipsToPersist = new List <int>();
foreach (int albumId in role.RootAlbumIds)
{
roleAlbumRelationshipsToPersist.Add(albumId);
}
// Step 2: Get a datareader containing a list of all root album IDs in the data store. The result set contains a single
// column of integers named "FKAlbumId".
IDataReader dr = GetDataReaderRoleRootAlbums(role.RoleName);
// Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
// remove it from the list (see step 3 why). If not, the user must have unchecked it so add it to a list of
// relationships to be deleted.
List <int> roleAlbumRelationshipsToDelete = new List <int>();
while (dr.Read())
{
if (roleAlbumRelationshipsToPersist.Contains(dr.GetInt32(0)))
{
roleAlbumRelationshipsToPersist.Remove(dr.GetInt32(0));
}
else
{
roleAlbumRelationshipsToDelete.Add(dr.GetInt32(0));
}
}
dr.Close();
// Step 4: Delete the records we accumulated in our list.
SqlCommand cmd = GetCommandGalleryServerRole_AlbumDelete(role);
cmd.Connection.Open();
foreach (int albumId in roleAlbumRelationshipsToDelete)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
cmd.Connection.Close();
// Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
cmd = GetCommandGalleryServerRole_AlbumInsert(role);
cmd.Connection.Open();
foreach (int albumId in roleAlbumRelationshipsToPersist)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
cmd.Connection.Close();
}
private static void DeleteGalleryServerRole(string roleName)
{
IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);
if (role != null)
{
UpdateAlbumOwnerBeforeRoleDelete(role);
role.Delete();
}
}
private static void PersistRoleToDataStore(IGalleryServerRole role)
{
// The update stored procedure will automatically call the insert stored procedure if it does not
// find a matching role to update.
SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role);
cmd.Connection.Open();
cmd.ExecuteNonQuery();
cmd.Connection.Close();
}
/// <summary>
/// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
/// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
/// this role.
/// </summary>
/// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
private static void DeleteFromDataStore(IGalleryServerRole role)
{
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
using (SqlCommand cmd = GetCommandGalleryServerRoleDelete(role, cn))
{
cn.Open();
cmd.ExecuteNonQuery();
}
}
}
/// <summary>
/// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
/// relationship. This procedure adds and deletes records as needed.
/// </summary>
/// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
{
// Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
// so we don't want to mess with the actual list attached to the object.
List <int> roleAlbumRelationshipsToPersist = new List <int>();
foreach (int albumId in role.RootAlbumIds)
{
roleAlbumRelationshipsToPersist.Add(albumId);
}
// Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
// remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of
// relationships to be deleted.
List <int> roleAlbumRelationshipsToDelete = new List <int>();
foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName))
{
if (roleAlbumRelationshipsToPersist.Contains(albumId))
{
roleAlbumRelationshipsToPersist.Remove(albumId);
}
else
{
roleAlbumRelationshipsToDelete.Add(albumId);
}
}
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
cn.Open();
// Step 3: Delete the records we accumulated in our list.
using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn))
{
foreach (int albumId in roleAlbumRelationshipsToDelete)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
}
using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn))
{
// Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
foreach (int albumId in roleAlbumRelationshipsToPersist)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
}
}
}
private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn)
{
SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn);
cmd.CommandType = CommandType.StoredProcedure;
// Add parameters
cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
cmd.Parameters["@RoleName"].Value = role.RoleName;
return(cmd);
}
/// <summary>
/// Create a Gallery Server Pro role corresponding to the specified parameters. Also creates the corresponding ASP.NET role.
/// Throws an exception if a role with the specified name already exists in the data store. The role is persisted to the data store.
/// </summary>
/// <param name="roleName">A string that uniquely identifies the role.</param>
/// <param name="allowViewAlbumOrMediaObject">A value indicating whether the user assigned to this role has permission to view albums
/// and media objects.</param>
/// <param name="allowViewOriginalImage">A value indicating whether the user assigned to this role has permission to view the original,
/// high resolution version of an image. This setting applies only to images. It has no effect if there are no
/// high resolution images in the album or albums to which this role applies.</param>
/// <param name="allowAddMediaObject">A value indicating whether the user assigned to this role has permission to add media objects to an album.</param>
/// <param name="allowAddChildAlbum">A value indicating whether the user assigned to this role has permission to create child albums.</param>
/// <param name="allowEditMediaObject">A value indicating whether the user assigned to this role has permission to edit a media object.</param>
/// <param name="allowEditAlbum">A value indicating whether the user assigned to this role has permission to edit an album.</param>
/// <param name="allowDeleteMediaObject">A value indicating whether the user assigned to this role has permission to delete media objects within an album.</param>
/// <param name="allowDeleteChildAlbum">A value indicating whether the user assigned to this role has permission to delete child albums.</param>
/// <param name="allowSynchronize">A value indicating whether the user assigned to this role has permission to synchronize an album.</param>
/// <param name="allowAdministerSite">A value indicating whether the user has administrative permission for all albums. This permission
/// automatically applies to all albums; it cannot be selectively applied.</param>
/// <param name="hideWatermark">A value indicating whether the user assigned to this role has a watermark applied to images.
/// This setting has no effect if watermarks are not used. A true value means the user does not see the watermark;
/// a false value means the watermark is applied.</param>
/// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
/// <returns>Returns an <see cref="IGalleryServerRole" /> object corresponding to the specified parameters.</returns>
/// <exception cref="InvalidGalleryServerRoleException">Thrown when a role with the specified role name already exists in the data store.</exception>
public static IGalleryServerRole CreateRole(string roleName, bool allowViewAlbumOrMediaObject, bool allowViewOriginalImage, bool allowAddMediaObject, bool allowAddChildAlbum, bool allowEditMediaObject, bool allowEditAlbum, bool allowDeleteMediaObject, bool allowDeleteChildAlbum, bool allowSynchronize, bool allowAdministerSite, bool hideWatermark, IIntegerCollection topLevelCheckedAlbumIds)
{
CreateRole(roleName);
IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(roleName, allowViewAlbumOrMediaObject, allowViewOriginalImage, allowAddMediaObject, allowAddChildAlbum, allowEditMediaObject, allowEditAlbum, allowDeleteMediaObject, allowDeleteChildAlbum, allowSynchronize, allowAdministerSite, hideWatermark);
UpdateRoleAlbumRelationships(role, topLevelCheckedAlbumIds);
role.Save();
return(role);
}
/// <summary>
/// Verify that any role needed for album ownership exists and is properly configured. If an album owner
/// is specified and the album is new (IsNew == true), the album is persisted to the data store. This is
/// required because the ID is not assigned until it is saved, and a valid ID is required to configure the
/// role.
/// </summary>
/// <param name="album">The album to validate for album ownership. If a null value is passed, the function
/// returns without error or taking any action.</param>
public static void ValidateRoleExistsForAlbumOwner(IAlbum album)
{
// For albums, verify that any needed roles for album ownership are present. Create/update as needed.
if (album == null)
{
return;
}
if (String.IsNullOrEmpty(album.OwnerUserName))
{
// If owner role is specified, delete it.
if (!String.IsNullOrEmpty(album.OwnerRoleName))
{
DeleteGalleryServerProRole(album.OwnerRoleName);
album.OwnerRoleName = String.Empty;
}
}
else
{
// If this is a new album, save it before proceeding. We will need its album ID to configure the role,
// and it is not assigned until it is saved.
if (album.IsNew)
{
album.Save();
}
// Verify that a role exists that corresponds to the owner.
IGalleryServerRole role = Factory.LoadGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName);
if (role == null)
{
// No role exists. Create it.
album.OwnerRoleName = CreateAlbumOwnerRole(album);
}
else
{
// Role exists. Make sure album is assigned to role and owner is a member.
if (!role.RootAlbumIds.Contains(album.Id))
{
// Current album is not a member. This should not typically occur, but just in case
// it does let's add the current album to it and save it.
role.RootAlbumIds.Add(album.Id);
role.Save();
}
string[] rolesForUser = GetRolesForUser(album.OwnerUserName);
if (Array.IndexOf <string>(rolesForUser, role.RoleName) < 0)
{
// Owner is not a member. Add.
AddUserToRole(album.OwnerUserName, role.RoleName);
}
}
}
}
private static void ReloadAllAlbumIds(IGalleryServerRole role)
{
role.ClearAllAlbumIds();
IDataReader dr = GetDataReaderRoleAllAlbums(role.RoleName);
while (dr.Read())
{
role.AddToAllAlbumIds(dr.GetInt32(0));
}
dr.Close();
}
/// <summary>
/// Creates a deep copy of this instance, including the RootAlbumIds and AllAlbumIds properties. The RoleName property
/// of the copied object is empty and must be assigned before persisting the copy to the data store.
/// </summary>
/// <returns>Returns a deep copy of this instance.</returns>
public IGalleryServerRole Copy()
{
IGalleryServerRole role = Factory.CreateGalleryServerRoleInstance(String.Empty, AllowViewAlbumOrMediaObject, AllowViewOriginalImage,
AllowAddMediaObject, AllowAddChildAlbum, AllowEditMediaObject, AllowEditAlbum,
AllowDeleteMediaObject, AllowDeleteChildAlbum, AllowSynchronize,
AllowAdministerSite, HideWatermark);
role.AllAlbumIds.AddRange(AllAlbumIds);
role.RootAlbumIds.AddRange(RootAlbumIds);
return(role);
}
/// <summary>
/// Performs any necessary actions that must occur before an album is deleted. Specifically, it deletes the owner role
/// if one exists for the album, but only when this album is the only one assigned to the role.
/// </summary>
/// <param name="album">The album to be deleted.</param>
private static void OnBeforeAlbumDelete(IAlbum album)
{
// If there is an owner role associated with this album, and the role is not assigned to any other albums, delete it.
if (!String.IsNullOrEmpty(album.OwnerRoleName))
{
IGalleryServerRole role = RoleController.GetGalleryServerRoles().GetRoleByRoleName(album.OwnerRoleName);
if ((role != null) && (role.AllAlbumIds.Count == 1) && role.AllAlbumIds.Contains(album.Id))
{
RoleController.DeleteGalleryServerProRole(role.RoleName);
}
}
}
private static void PersistRoleToDataStore(IGalleryServerRole role)
{
// The update stored procedure will automatically call the insert stored procedure if it does not
// find a matching role to update.
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
using (SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role, cn))
{
cn.Open();
cmd.ExecuteNonQuery();
}
}
}
private static SqlCommand GetCommandGalleryServerRole_AlbumInsert(IGalleryServerRole role)
{
DataStore dataStoreConfig = ConfigManager.GetGalleryServerProConfigSection().DataStore;
SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_Role_AlbumInsert"), SqlDataProvider.GetDbConnection());
cmd.CommandType = CommandType.StoredProcedure;
// Add parameters
cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, dataStoreConfig.RoleNameLength));
cmd.Parameters.Add(new SqlParameter("@AlbumId", SqlDbType.Int));
cmd.Parameters["@RoleName"].Value = role.RoleName;
return(cmd);
}
/// <summary>
/// Determines whether the specified <see cref="System.Object"/> is equal to this instance.
/// </summary>
/// <param name="obj">The <see cref="System.Object"/> to compare with this instance.</param>
/// <returns>
/// <c>true</c> if the specified <see cref="System.Object"/> is equal to this instance; otherwise, <c>false</c>.
/// </returns>
/// <exception cref="T:System.NullReferenceException">
/// The <paramref name="obj"/> parameter is null.
/// </exception>
public override bool Equals(Object obj)
{
if (obj == null)
{
return(false);
}
IGalleryServerRole role = obj as IGalleryServerRole;
if (role == null)
{
return(false);
}
return(this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
}
private void PersistRoleToDataStore(IGalleryServerRole role)
{
// Update the existing role or insert if it doesn't exist.
var roleDto = Find(role.RoleName);
if (roleDto == null)
{
roleDto = new RoleDto
{
RoleName = role.RoleName,
AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject,
AllowViewOriginalImage = role.AllowViewOriginalImage,
AllowAddChildAlbum = role.AllowAddChildAlbum,
AllowAddMediaObject = role.AllowAddMediaObject,
AllowEditAlbum = role.AllowEditAlbum,
AllowEditMediaObject = role.AllowEditMediaObject,
AllowDeleteChildAlbum = role.AllowDeleteChildAlbum,
AllowDeleteMediaObject = role.AllowDeleteMediaObject,
AllowSynchronize = role.AllowSynchronize,
HideWatermark = role.HideWatermark,
AllowAdministerGallery = role.AllowAdministerGallery,
AllowAdministerSite = role.AllowAdministerSite
};
Add(roleDto);
}
else
{
roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject;
roleDto.AllowViewOriginalImage = role.AllowViewOriginalImage;
roleDto.AllowAddChildAlbum = role.AllowAddChildAlbum;
roleDto.AllowAddMediaObject = role.AllowAddMediaObject;
roleDto.AllowEditAlbum = role.AllowEditAlbum;
roleDto.AllowEditMediaObject = role.AllowEditMediaObject;
roleDto.AllowDeleteChildAlbum = role.AllowDeleteChildAlbum;
roleDto.AllowDeleteMediaObject = role.AllowDeleteMediaObject;
roleDto.AllowSynchronize = role.AllowSynchronize;
roleDto.HideWatermark = role.HideWatermark;
roleDto.AllowAdministerGallery = role.AllowAdministerGallery;
roleDto.AllowAdministerSite = role.AllowAdministerSite;
}
Save();
}
/// <summary>
/// Remove the user from any roles. If a role is an ownership role, then delete it if the user is the only member.
/// Remove the user from ownership of any albums.
/// </summary>
/// <param name="userName">Name of the user to be deleted.</param>
/// <remarks>The user will be specified as an owner only for those albums that belong in ownership roles, so
/// to find all albums the user owns, we need only to loop through the user's roles and inspect the ones
/// where the names begin with the album owner role name prefix variable.</remarks>
private static void UpdateRolesAndOwnershipForDeletedUser(string userName)
{
List <string> rolesToDelete = new List <string>();
string[] userRoles = RoleController.GetRolesForUser(userName);
foreach (string roleName in userRoles)
{
if (RoleController.IsRoleAnAlbumOwnerRole(roleName))
{
// This is a role that was automatically created to provide ownership permission to an album. Check each
// album and empty out the OwnerUserName field if the listed owner matches our user.
IGalleryServerRole role = Factory.LoadGalleryServerRole(roleName);
foreach (int albumId in role.RootAlbumIds)
{
IAlbum album = Factory.LoadAlbumInstance(albumId, false);
if (album.OwnerUserName == userName)
{
album.OwnerUserName = String.Empty;
GalleryObjectController.SaveGalleryObject(album);
}
}
if (RoleController.GetUsersInRole(roleName).Length <= 1)
{
// The user we are deleting is the only user in the owner role. Mark for deletion.
rolesToDelete.Add(roleName);
}
}
}
if (userRoles.Length > 0)
{
foreach (string role in userRoles)
{
RoleController.RemoveUserFromRole(userName, role);
}
}
foreach (string roleName in rolesToDelete)
{
RoleController.DeleteGalleryServerProRole(roleName);
}
}
/// <summary>
/// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy
/// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership
/// functionality, it is necessary to clear the owner field of all affected albums.
/// </summary>
/// <param name="role">Name of the role to be deleted.</param>
private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role)
{
// Proceed only when dealing with an album ownership role.
if (!IsRoleAnAlbumOwnerRole(role.RoleName))
{
return;
}
// Loop through each album assigned to this role. If this role is assigned as the owner role,
// clear the OwnerUserName property.
foreach (int albumId in role.RootAlbumIds)
{
IAlbum album = Factory.LoadAlbumInstance(albumId, false);
if (album.OwnerRoleName == role.RoleName)
{
album.OwnerUserName = String.Empty;
GalleryObjectController.SaveGalleryObject(album);
}
}
}
/// <summary>
/// Select (check) the permissions checkboxes corresponding to the permissions of the specified role. Specify null
/// when adding a new role and the checkboxes will be set to their default values (unselected.)
/// </summary>
/// <param name="role">The Gallery Server role to be bound to the checkbox list of permissions, or null if adding
/// a new role.</param>
private void BindRolePermissionCheckboxes(IGalleryServerRole role)
{
if (role == null)
{
chkAddAlbum.Checked = false;
chkAddMediaObject.Checked = false;
chkAdministerSite.Checked = false;
chkDeleteChildAlbum.Checked = false;
chkDeleteMediaObject.Checked = false;
chkEditAlbum.Checked = false;
chkEditMediaObject.Checked = false;
chkSynchronize.Checked = false;
chkViewHiResImage.Checked = false;
chkViewObject.Checked = false;
chkHideWatermark.Checked = false;
}
else
{
chkAddAlbum.Checked = role.AllowAddChildAlbum;
chkAddMediaObject.Checked = role.AllowAddMediaObject;
chkAdministerSite.Checked = role.AllowAdministerSite;
chkDeleteChildAlbum.Checked = role.AllowDeleteChildAlbum;
chkDeleteMediaObject.Checked = role.AllowDeleteMediaObject;
chkEditAlbum.Checked = role.AllowEditAlbum;
chkEditMediaObject.Checked = role.AllowEditMediaObject;
chkSynchronize.Checked = role.AllowSynchronize;
chkViewHiResImage.Checked = role.AllowViewOriginalImage;
chkViewObject.Checked = role.AllowViewAlbumOrMediaObject;
chkHideWatermark.Checked = role.HideWatermark;
}
}
/// <summary> /// Permanently delete this gallery server role from the data store, including the list of role/album relationships /// associated with this role. This action cannot be undone. /// </summary> /// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param> public abstract void Role_Delete(IGalleryServerRole role);
/// <summary> /// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored /// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically /// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property. /// </summary> /// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param> public abstract void Role_Save(IGalleryServerRole role);
/// <summary>
/// Persist the <paramref name="roleToSave" /> to the data store, associating any album IDs listed in <paramref name="topLevelCheckedAlbumIds" />
/// with it. Prior to saving, validation is performed and a <see cref="GallerySecurityException" /> is thrown if a business rule
/// is violated.
/// </summary>
/// <param name="roleToSave">The role to save.</param>
/// <param name="topLevelCheckedAlbumIds">The top level album IDs. May be null.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> is null.</exception>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
/// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the
/// role name of the <paramref name="roleToSave" /> parameter.</exception>
public static void Save(IGalleryServerRole roleToSave, IIntegerCollection topLevelCheckedAlbumIds)
{
if (roleToSave == null)
throw new ArgumentNullException("roleToSave");
ValidateSaveRole(roleToSave);
UpdateRoleAlbumRelationships(roleToSave, topLevelCheckedAlbumIds);
roleToSave.Save();
}
/// <summary>
/// Determines whether the specified <paramref name="role" /> is equal to this instance.
/// </summary>
/// <param name="role">The role to compare to this instance.</param>
/// <returns><c>true</c> if the specified <paramref name="role" /> is equal to this instance; otherwise, <c>false</c>.</returns>
public bool Equals(IGalleryServerRole role)
{
if (role == null)
{
return false;
}
return (this.RoleName.Equals(role.RoleName, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Permanently delete this gallery server role from the data store, including the list of role/album relationships
/// associated with this role. This action cannot be undone.
/// </summary>
/// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param>
public override void Role_Delete(IGalleryServerRole role)
{
Role.Delete(role);
}
/// <summary>
/// Update the list of root album IDs associated with this role based on the user's selection.
/// Note that clearing the RootAlbumIds collection causes the AllAlbumIds property to be
/// cleared out (Count = 0).
/// </summary>
/// <param name="role">The role whose root album/role relationships should be updated. When editing
/// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
/// saving it.</param>
private void UpdateRoleAlbumRelationships(IGalleryServerRole role)
{
role.RootAlbumIds.Clear();
if (role.AllowAdministerSite)
{
// Administer site permission automatically applies to all albums, so all we need to do is get
// a reference to the root album ID.
role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id);
}
else
{
role.RootAlbumIds.AddRange(tvUC.TopLevelCheckedAlbumIds);
}
}
private static SqlCommand GetCommandGalleryServerRoleDelete(IGalleryServerRole role, SqlConnection cn)
{
SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleDelete"), cn);
cmd.CommandType = CommandType.StoredProcedure;
// Add parameters
cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
cmd.Parameters["@RoleName"].Value = role.RoleName;
return cmd;
}
/// <summary>
/// Verify the the current user isn't jeopardizing their ability to administer the site or current gallery. Specifically, if
/// the user is a member of the role being saved and admin site or gallery permissions are being removed from it, make sure
/// the user is in at least one other role with similar permissions. Verifies only the current gallery: That is, it is possible
/// for the user to remove their ability to administer another gallery.
/// </summary>
/// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
/// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
/// <paramref name="roleToSave" />.</param>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
private static void ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(IGalleryServerRole roleToSave, IGalleryServerRole existingRole)
{
if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole));
}
if (IsUserInRole(Utils.UserName, roleToSave.RoleName))
{
bool adminSitePermissionBeingRevoked = (!roleToSave.AllowAdministerSite && existingRole.AllowAdministerSite);
bool adminGalleryPermissionBeingRevoked = (!roleToSave.AllowAdministerGallery && existingRole.AllowAdministerGallery);
bool userHasAdminSitePermissionThroughAtLeastOneOtherRole = false;
bool userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = false;
foreach (IGalleryServerRole roleForUser in GetGalleryServerRolesForUser())
{
if (!roleForUser.RoleName.Equals(roleToSave.RoleName))
{
if (roleForUser.AllowAdministerSite)
{
userHasAdminSitePermissionThroughAtLeastOneOtherRole = true;
}
if (roleForUser.AllowAdministerGallery)
{
userHasAdminGalleryPermissionThroughAtLeastOneOtherRole = true;
}
}
}
if (adminSitePermissionBeingRevoked && !userHasAdminSitePermissionThroughAtLeastOneOtherRole)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg);
}
if (adminGalleryPermissionBeingRevoked && !userHasAdminGalleryPermissionThroughAtLeastOneOtherRole)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Save_Role_User_Would_Lose_Admin_Ability_Msg);
}
}
}
/// <summary>
/// Determines whether the user has permission to edit the specified role. Determines this by checking
/// whether the logged on user is a site administrator or a gallery administrator for every
/// gallery associated with the role. If the role is not assigned to any albums, it verifies the user is
/// a gallery admin to at least one gallery (doesn't matter which one).
/// </summary>
/// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
/// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
/// <paramref name="roleToSave" />.</param>
/// <param name="rolesForCurrentUser">The roles for current user.</param>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
private static void ValidateUserCanEditRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole, IGalleryServerRoleCollection rolesForCurrentUser)
{
if (Utils.IsCurrentUserSiteAdministrator())
{
return;
}
if (roleToSave.Galleries.Count == 0)
{
// The role isn't assigned to any albums, so let's make sure the user is a gallery admin to at
// least one gallery.
if (GalleryController.GetGalleriesCurrentUserCanAdminister().Count == 0)
{
throw new GallerySecurityException("Your account does not have permission to make changes to roles.");
}
}
if (existingRole.Galleries.Any(gallery => !Utils.IsUserGalleryAdministrator(rolesForCurrentUser, gallery.GalleryId)))
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg2);
}
}
/// <summary>
/// Don't let user delete a role with site admin or gallery admin permissions if that means the user will
/// lose their own administrative access. This should be called before a role is deleted as a validation step.
/// </summary>
/// <param name="roleToDelete">The role to be deleted.</param>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception>
private static void ValidatePreventLoggedOnUserFromLosingAdminAccess(IGalleryServerRole roleToDelete)
{
string roleName = roleToDelete.RoleName;
if (roleToDelete.AllowAdministerSite || roleToDelete.AllowAdministerGallery)
{
bool needToVerify = false;
IGalleryServerRoleCollection roles = GetGalleryServerRolesForUser(Utils.UserName);
foreach (IGalleryServerRole role in roles)
{
if (role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase))
{
needToVerify = true;
break;
}
}
if (needToVerify)
{
// User is deleting a role he is a member of. Make sure user is in at least one other role with the same type of access.
bool userIsInAnotherRoleWithAdminAccess = false;
if (roleToDelete.AllowAdministerSite)
{
foreach (IGalleryServerRole role in roles)
{
if (role.AllowAdministerSite && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase)))
{
userIsInAnotherRoleWithAdminAccess = true;
break;
}
}
}
else if (roleToDelete.AllowAdministerGallery)
{
foreach (IGalleryServerRole role in roles)
{
if (role.AllowAdministerGallery && (!role.RoleName.Equals(roleName, StringComparison.OrdinalIgnoreCase)))
{
userIsInAnotherRoleWithAdminAccess = true;
break;
}
}
}
if (!userIsInAnotherRoleWithAdminAccess)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Remove_Self_Admin_Msg);
}
}
}
}
/// <summary>
/// Make sure the loggod-on person has authority to save the role and that h/she isn't doing anything stupid, like removing
/// Administer site permission from the only role that has it.
/// </summary>
/// <param name="roleToSave">The role to be saved.</param>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave"/> is null.</exception>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
/// <exception cref="InvalidGalleryServerRoleException">Thrown when an existing role cannot be found in the database that matches the
/// role name of the <paramref name="roleToSave" /> parameter.</exception>
private static void ValidateSaveRole(IGalleryServerRole roleToSave)
{
#region Parameter Validation
if (roleToSave == null)
throw new ArgumentNullException("roleToSave");
if (String.IsNullOrEmpty(roleToSave.RoleName))
return; // Role name will be empty when adding a new one, so the validation below doesn't apply.
IGalleryServerRole existingRole = Factory.LoadGalleryServerRole(roleToSave.RoleName) ?? roleToSave;
#endregion
ValidateCanRemoveSiteAdminPermission(roleToSave, existingRole);
ValidateUserHasPermissionToSaveRole(roleToSave, existingRole);
ValidateUserDoesNotLoseAbilityToAdminCurrentGallery(roleToSave, existingRole);
}
/// <summary>
/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
/// isAdministratorChecked parameter is true.
/// </summary>
/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
private void BindAlbumTreeview(IGalleryServerRole role)
{
bool isAdmin = ((role != null) && (role.AllowAdministerSite));
BindAlbumTreeview(role, isAdmin);
}
/// <summary>
/// Fill the treeview with all albums. All nodes representing albums for which the specified role has permission
/// will be checked. If the overload that doesn't take a role parameter is used, then check all checkboxes if the
/// isAdministratorChecked parameter is true.
/// </summary>
/// <param name="role">The role to be updated. If adding a new role, then set this parameter to null.</param>
/// <param name="isAdministrator">Indicates whether the administrator permission checkbox has been
/// checked or the specified role has administrative permission. Since administrative permission applies to all
/// albums, when this parameter is true, all checkboxes for all albums will be checked. An exception is thrown
/// if the role.AllowAdministerSite property and the isAdministrator parameter do not match.</param>
private void BindAlbumTreeview(IGalleryServerRole role, bool isAdministrator)
{
if ((role != null) && (role.AllowAdministerSite != isAdministrator))
{
throw new ArgumentException("Invalid arguments passed to BindAlbumTreeview method: The role.AllowAdministerSite property and the isAdministrator parameter must match.");
}
if (role != null) // Role will be null when user is adding a new role
{
IIntegerCollection albumIds = tvUC.AlbumIdsToCheck;
albumIds.Clear();
albumIds.AddRange(role.RootAlbumIds);
if (role.RootAlbumIds.Contains(Factory.LoadRootAlbumInstance().Id))
{
// The role applies to all albums. Since the treeview initially renders to two levels, we need
// to add the album IDs for the root album's child albums.
foreach (IGalleryObject album in Factory.LoadRootAlbumInstance().GetChildGalleryObjects(GalleryObjectType.Album))
{
albumIds.Add(album.Id);
}
}
}
tvUC.DataBind();
}
/// <summary>
/// Permanently delete this gallery server role from the data store, including the list of role/album relationships
/// associated with this role. This action cannot be undone.
/// </summary>
/// <param name="role">An instance of <see cref="IGalleryServerRole" /> to delete from the data store.</param>
public static void Delete(IGalleryServerRole role)
{
DeleteFromDataStore(role);
}
/// <summary>
/// Persist this gallery server role to the data store. The list of top-level albums this role applies to, which is stored
/// in the <see cref="IGalleryServerRole.RootAlbumIds"/> property, must also be saved. The data provider automatically
/// repopulates the <see cref="IGalleryServerRole.AllAlbumIds"/> property.
/// </summary>
/// <param name="role">An instance of IGalleryServerRole to persist to the data store.</param>
public override void Role_Save(IGalleryServerRole role)
{
Role.Save(role);
}
private static void PersistRoleToDataStore(IGalleryServerRole role)
{
// The update stored procedure will automatically call the insert stored procedure if it does not
// find a matching role to update.
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
using (SqlCommand cmd = GetCommandGalleryServerRoleUpdate(role, cn))
{
cn.Open();
cmd.ExecuteNonQuery();
}
}
}
/// <summary>
/// Replace the list of root album IDs for the <paramref name="role"/> with the album ID's specified in
/// <paramref name="topLevelCheckedAlbumIds"/>. Note that this function will cause the AllAlbumIds property
/// to be cleared out (Count = 0). The property can be repopulated by calling <see cref="IGalleryServerRole.Save"/>.
/// </summary>
/// <param name="role">The role whose root album/role relationships should be updated. When editing
/// an existing role, specify this.GalleryRole. For new roles, pass the newly created role before
/// saving it.</param>
/// <param name="topLevelCheckedAlbumIds">The top level checked album ids. May be null.</param>
public static void UpdateRoleAlbumRelationships(IGalleryServerRole role, IIntegerCollection topLevelCheckedAlbumIds)
{
if (role == null)
throw new ArgumentNullException("role");
if (topLevelCheckedAlbumIds == null)
topLevelCheckedAlbumIds = new IntegerCollection();
int[] rootAlbumIdsOld = new int[role.RootAlbumIds.Count];
role.RootAlbumIds.CopyTo(rootAlbumIdsOld, 0);
role.RootAlbumIds.Clear();
if (role.AllowAdministerSite)
{
// Administer site permission automatically applies to all albums, so all we need to do is get
// a reference to the root album ID.
role.RootAlbumIds.Add(Factory.LoadRootAlbumInstance().Id);
}
else
{
role.RootAlbumIds.AddRange(topLevelCheckedAlbumIds);
}
if (IsRoleAnAlbumOwnerRole(role.RoleName))
ValidateAlbumOwnerRoles(role.RoleName, rootAlbumIdsOld, role.RootAlbumIds);
}
/// <summary>
/// Don't let user delete a role that affects any gallery where the user is not a site admin or gallery admin. This should be called before
/// a role is deleted as a validation step. The only exception is that we allow a user to delete an album owner role, since that will typically
/// be assigned to a single album, and we have logic elsewhere that verifies the user has permission to delete the album.
/// </summary>
/// <param name="roleToDelete">The role to be deleted.</param>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be deleted because doing so violates one of the business rules.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToDelete" /> is null.</exception>
private static void ValidatePreventRoleDeletionAffectingOtherGalleries(IGalleryServerRole roleToDelete)
{
if (roleToDelete == null)
throw new ArgumentNullException("roleToDelete");
if (IsRoleAnAlbumOwnerRole(roleToDelete.RoleName))
{
return;
}
IGalleryCollection adminGalleries = UserController.GetGalleriesCurrentUserCanAdminister();
foreach (IGallery gallery in roleToDelete.Galleries)
{
if (!adminGalleries.Contains(gallery))
{
throw new GallerySecurityException(String.Format(CultureInfo.InvariantCulture, Resources.GalleryServerPro.Admin_Cannot_Delete_Role_Insufficient_Permission_Msg, roleToDelete.RoleName, gallery.Description));
}
}
}
/// <summary>
/// Permanently delete the specified gallery server role from the data store. The stored procedure deletes the record
/// in the gs_Role table corresponding to this role and also all records in the gs_Role_Album table that reference
/// this role.
/// </summary>
/// <param name="role">An instance of IGalleryServerRole to delete from the data store.</param>
private static void DeleteFromDataStore(IGalleryServerRole role)
{
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
using (SqlCommand cmd = GetCommandGalleryServerRoleDelete(role, cn))
{
cn.Open();
cmd.ExecuteNonQuery();
}
}
}
/// <summary>
/// Permanently delete this gallery server role from the data store, including the list of role/album relationships
/// associated with this role. This action cannot be undone.
/// </summary>
/// <param name="role">An instance of <see cref="IGalleryServerRole"/> to delete from the data store.</param>
public override void Role_Delete(IGalleryServerRole role)
{
// Delete a gallery server role. This procedure only deletes it from the custom gallery server tables,
// not the ASP.NET role membership table(s). The web application code that invokes this procedure also
// uses the standard ASP.NET technique to delete the role from the membership table(s).
// First delete the records from the role/album association table, then delete the role.
using (GspContext ctx = new GspContext())
{
foreach (RoleAlbumDto raDto in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra))
{
ctx.RoleAlbums.Remove(raDto);
}
ctx.Roles.Remove(ctx.Roles.Find(role.RoleName));
ctx.SaveChanges();
}
}
private static SqlCommand GetCommandGalleryServerRoleUpdate(IGalleryServerRole role, SqlConnection cn)
{
SqlCommand cmd = new SqlCommand(Util.GetSqlName("gs_RoleUpdate"), cn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@RoleName", SqlDbType.NVarChar, DataConstants.RoleNameLength));
cmd.Parameters.Add(new SqlParameter("@AllowViewAlbumsAndObjects", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowViewOriginalImage", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowAddChildAlbum", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowAddMediaObject", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowEditAlbum", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowEditMediaObject", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowDeleteChildAlbum", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowDeleteMediaObject", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowSynchronize", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@HideWatermark", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowAdministerGallery", SqlDbType.Bit));
cmd.Parameters.Add(new SqlParameter("@AllowAdministerSite", SqlDbType.Bit));
cmd.Parameters["@RoleName"].Value = role.RoleName;
cmd.Parameters["@AllowViewAlbumsAndObjects"].Value = role.AllowViewAlbumOrMediaObject;
cmd.Parameters["@AllowViewOriginalImage"].Value = role.AllowViewOriginalImage;
cmd.Parameters["@AllowAddChildAlbum"].Value = role.AllowAddChildAlbum;
cmd.Parameters["@AllowAddMediaObject"].Value = role.AllowAddMediaObject;
cmd.Parameters["@AllowEditAlbum"].Value = role.AllowEditAlbum;
cmd.Parameters["@AllowEditMediaObject"].Value = role.AllowEditMediaObject;
cmd.Parameters["@AllowDeleteChildAlbum"].Value = role.AllowDeleteChildAlbum;
cmd.Parameters["@AllowDeleteMediaObject"].Value = role.AllowDeleteMediaObject;
cmd.Parameters["@AllowSynchronize"].Value = role.AllowSynchronize;
cmd.Parameters["@HideWatermark"].Value = role.HideWatermark;
cmd.Parameters["@AllowAdministerGallery"].Value = role.AllowAdministerGallery;
cmd.Parameters["@AllowAdministerSite"].Value = role.AllowAdministerSite;
return cmd;
}
/// <summary>
/// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
/// relationship. This procedure adds and deletes records as needed.
/// </summary>
/// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
{
// Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
// so we don't want to mess with the actual list attached to the object.
List<int> roleAlbumRelationshipsToPersist = new List<int>();
foreach (int albumId in role.RootAlbumIds)
{
roleAlbumRelationshipsToPersist.Add(albumId);
}
using (GspContext ctx = new GspContext())
{
// Step 2: Get a list of all root album IDs in the data store for this role.
List<int> roleAlbumRelationshipsToDelete = new List<int>();
foreach (int albumId in (from ra in ctx.RoleAlbums where ra.FKRoleName == role.RoleName select ra.FKAlbumId))
{
// Step 3: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
// remove it from the list (see step 5 why). If not, the user must have unchecked it so add it to a list of
// relationships to be deleted.
if (roleAlbumRelationshipsToPersist.Contains(albumId))
{
roleAlbumRelationshipsToPersist.Remove(albumId);
}
else
{
roleAlbumRelationshipsToDelete.Add(albumId);
}
}
// Step 4: Delete the records we accumulated in our list.
var roleAlbumDtos = from ra in ctx.RoleAlbums where roleAlbumRelationshipsToDelete.Contains(ra.FKAlbumId) select ra;
foreach (RoleAlbumDto roleAlbumDto in roleAlbumDtos)
{
ctx.RoleAlbums.Remove(roleAlbumDto);
}
// Step 5: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
foreach (int albumid in roleAlbumRelationshipsToPersist)
{
ctx.RoleAlbums.Add(new RoleAlbumDto { FKAlbumId = albumid, FKRoleName = role.RoleName });
}
ctx.SaveChanges();
}
}
/// <summary>
/// Save the list of root album IDs to the data store. The table gs_Role_Album contains one record for each role/album
/// relationship. This procedure adds and deletes records as needed.
/// </summary>
/// <param name="role">The gallery server role containing the list of root Album IDs to persist to the data store.</param>
private static void PersistRoleAlbumRelationshipsToDataStore(IGalleryServerRole role)
{
// Step 1: Copy the list of root album IDs to a new list. We'll be removing items from the list as we process them,
// so we don't want to mess with the actual list attached to the object.
List<int> roleAlbumRelationshipsToPersist = new List<int>();
foreach (int albumId in role.RootAlbumIds)
{
roleAlbumRelationshipsToPersist.Add(albumId);
}
// Step 2: Iterate through each role/album relationship that is stored in the data store. If it is in our list, then
// remove it from the list (see step 4 why). If not, the user must have unchecked it so add it to a list of
// relationships to be deleted.
List<int> roleAlbumRelationshipsToDelete = new List<int>();
foreach (int albumId in GetDataReaderRoleRootAlbums(role.RoleName))
{
if (roleAlbumRelationshipsToPersist.Contains(albumId))
{
roleAlbumRelationshipsToPersist.Remove(albumId);
}
else
{
roleAlbumRelationshipsToDelete.Add(albumId);
}
}
using (SqlConnection cn = SqlDataProvider.GetDbConnection())
{
cn.Open();
// Step 3: Delete the records we accumulated in our list.
using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumDelete(role, cn))
{
foreach (int albumId in roleAlbumRelationshipsToDelete)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
}
using (SqlCommand cmd = GetCommandGalleryServerRoleAlbumInsert(role, cn))
{
// Step 4: Any items still left in the roleAlbumRelationshipsToPersist list must be new ones checked by the user. Add them.
foreach (int albumId in roleAlbumRelationshipsToPersist)
{
cmd.Parameters["@AlbumId"].Value = albumId;
cmd.ExecuteNonQuery();
}
}
}
}
private static void PersistRoleToDataStore(IGalleryServerRole role)
{
// Update the existing role or insert if it doesn't exist.
using (GspContext ctx = new GspContext())
{
RoleDto roleDto = ctx.Roles.Find(role.RoleName);
if (roleDto == null)
{
roleDto = new RoleDto
{
RoleName = role.RoleName,
AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject,
AllowViewOriginalImage = role.AllowViewOriginalImage,
AllowAddChildAlbum = role.AllowAddChildAlbum,
AllowAddMediaObject = role.AllowAddMediaObject,
AllowEditAlbum = role.AllowEditAlbum,
AllowEditMediaObject = role.AllowEditMediaObject,
AllowDeleteChildAlbum = role.AllowDeleteChildAlbum,
AllowDeleteMediaObject = role.AllowDeleteMediaObject,
AllowSynchronize = role.AllowSynchronize,
HideWatermark = role.HideWatermark,
AllowAdministerGallery = role.AllowAdministerGallery,
AllowAdministerSite = role.AllowAdministerSite
};
ctx.Roles.Add(roleDto);
}
else
{
roleDto.AllowViewAlbumsAndObjects = role.AllowViewAlbumOrMediaObject;
roleDto.AllowViewOriginalImage = role.AllowViewOriginalImage;
roleDto.AllowAddChildAlbum = role.AllowAddChildAlbum;
roleDto.AllowAddMediaObject = role.AllowAddMediaObject;
roleDto.AllowEditAlbum = role.AllowEditAlbum;
roleDto.AllowEditMediaObject = role.AllowEditMediaObject;
roleDto.AllowDeleteChildAlbum = role.AllowDeleteChildAlbum;
roleDto.AllowDeleteMediaObject = role.AllowDeleteMediaObject;
roleDto.AllowSynchronize = role.AllowSynchronize;
roleDto.HideWatermark = role.HideWatermark;
roleDto.AllowAdministerGallery = role.AllowAdministerGallery;
roleDto.AllowAdministerSite = role.AllowAdministerSite;
}
ctx.SaveChanges();
}
}
private static bool IsAuthenticatedUserAuthorized(SecurityActions securityRequest, IGalleryServerRole role, int albumId)
{
if ((role.AllowAdministerSite) && (securityRequest != SecurityActions.HideWatermark))
{
// Administer permissions imply permissions to carry out all other actions, except for hide watermark, which is more of
// a preference assigned to the user.
return true;
}
switch (securityRequest)
{
case SecurityActions.AdministerSite: if (role.AllowAdministerSite) return true; break;
case SecurityActions.ViewAlbumOrMediaObject: if (role.AllowViewAlbumOrMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.ViewOriginalImage: if (role.AllowViewOriginalImage && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.AddChildAlbum: if (role.AllowAddChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.AddMediaObject: if (role.AllowAddMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.DeleteAlbum:
{
// It is OK to delete the album if the AllowDeleteChildAlbum permission is true and one of the following is true:
// 1. The album is the root album and its ID is in the list of targeted albums (Note that we never actually delete the root album.
// Instead, we delete all objects within the album. But the idea of deleting the top level album to clear out all objects in the
// gallery is useful to the user.)
// 2. The album is not the root album and its parent album's ID is in the list of targeted albums.
if (role.AllowDeleteChildAlbum)
{
IAlbum album = Factory.LoadAlbumInstance(albumId, false);
if (album.IsRootAlbum)
{
if (role.AllAlbumIds.Contains(album.Id)) return true; break;
}
else
{
if (role.AllAlbumIds.Contains(album.Parent.Id)) return true; break;
}
}
break;
}
case SecurityActions.DeleteChildAlbum: if (role.AllowDeleteChildAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.DeleteMediaObject: if (role.AllowDeleteMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.EditAlbum: if (role.AllowEditAlbum && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.EditMediaObject: if (role.AllowEditMediaObject && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.HideWatermark: if (role.HideWatermark && role.AllAlbumIds.Contains(albumId)) return true; break;
case SecurityActions.Synchronize: if (role.AllowSynchronize && role.AllAlbumIds.Contains(albumId)) return true; break;
default: throw new GalleryServerPro.ErrorHandler.CustomExceptions.BusinessException(string.Format(CultureInfo.CurrentCulture, "The IsUserAuthorized function is not designed to handle the {0} SecurityActions. It must be updated by a developer.", securityRequest.ToString()));
}
return false;
}
private static void SaveRole(IGalleryServerRole role)
{
PersistRoleToDataStore(role);
PersistRoleAlbumRelationshipsToDataStore(role);
}
/// <summary>
/// For roles that provide album ownership functionality, remove users belonging to this role from the OwnedBy
/// property of any albums this role is assigned to. Since we are deleting the role that provides the ownership
/// functionality, it is necessary to clear the owner field of all affected albums.
/// </summary>
/// <param name="role">Name of the role to be deleted.</param>
private static void UpdateAlbumOwnerBeforeRoleDelete(IGalleryServerRole role)
{
// Proceed only when dealing with an album ownership role.
if (!IsRoleAnAlbumOwnerRole(role.RoleName))
return;
// Loop through each album assigned to this role. If this role is assigned as the owner role,
// clear the OwnerUserName property.
foreach (int albumId in role.RootAlbumIds)
{
IAlbum album = Factory.LoadAlbumInstance(albumId, false);
if (album.OwnerRoleName == role.RoleName)
{
album.OwnerUserName = String.Empty;
GalleryObjectController.SaveGalleryObject(album);
}
}
}
/// <summary>
/// Verify the user has permission to save the role.
/// Specifically, the user is not allowed to add administer site permission or save any gallery she is not a gallery
/// administrator for. It is up to the caller to verify that only site or gallery administrators call this function!
/// </summary>
/// <param name="roleToSave">The role to save. It's role name must match the role name of <paramref name="existingRole" />.</param>
/// <param name="existingRole">The existing role, as it is stored in the database. It's role name must match the role name of
/// <paramref name="roleToSave" />.</param>
/// <exception cref="GallerySecurityException">Thrown when the role cannot be saved because doing so would violate a business rule.</exception>
/// <exception cref="ArgumentNullException">Thrown when <paramref name="roleToSave" /> or <paramref name="existingRole" /> is null.</exception>
private static void ValidateUserHasPermissionToSaveRole(IGalleryServerRole roleToSave, IGalleryServerRole existingRole)
{
if (roleToSave == null)
throw new ArgumentNullException("roleToSave");
if (existingRole == null)
throw new ArgumentNullException("existingRole");
if (!roleToSave.RoleName.Equals(existingRole.RoleName, StringComparison.OrdinalIgnoreCase))
{
throw new ArgumentOutOfRangeException(String.Format(CultureInfo.CurrentCulture, "The role name of the roleToSave and existingRole parameters must match, but they do not. roleToSave='{0}'; existingRole='{1}'", roleToSave, existingRole));
}
var roles = GetGalleryServerRolesForUser();
ValidateUserCanEditRole(roleToSave, existingRole, roles);
if (!Utils.IsUserSiteAdministrator(roles))
{
// User is a gallery admin but not a site admin (we deduce this because ONLY site or gallery admins will get this
// far in the function. The user CANNOT save add AllowAdminSite permission.
if (roleToSave.AllowAdministerSite)
{
throw new GallerySecurityException(Resources.GalleryServerPro.Admin_Manage_Roles_Cannot_Delete_Role_Insufficient_Permission_Msg);
}
}
}
