public async Task <TreeNode> GetCurrentPageAsync()
{
TreeNode foundNode = null;
string SiteName = SiteContextSafe().SiteName;
string DefaultCulture = SiteContextSafe().DefaultVisitorCulture;
// Create GetPage Event Arguments
GetPageEventArgs pageArgs = new GetPageEventArgs()
{
RelativeUrl = GetUrl(UriHelper.GetDisplayUrl(_httpContext.Request), (_httpContext.Request.PathBase.HasValue ? _httpContext.Request.PathBase.Value : ""), SiteName),
HttpContext = _httpContext,
SiteName = SiteName,
Culture = await GetCultureAsync(),
DefaultCulture = DefaultCulture
};
var customTreeNode = await _authorizationContextCustomizer.GetCustomPageAsync(pageArgs, AuthorizationEventType.Before);
if (customTreeNode != null)
{
if (customTreeNode.NodeACLID <= 0)
{
throw new NullReferenceException("The TreeNode does not contain the NodeACLID property, which is required for Permission lookup.");
}
foundNode = customTreeNode;
}
if (foundNode == null)
{
// Try to find the page from node alias path, default lookup type
try
{
if (_pageDataContextRetriever.TryRetrieve <TreeNode>(out var pageContext))
{
foundNode = pageContext.Page;
}
}
catch (InvalidOperationException)
{
// this may be thrown for invalid pages or internal requests
}
if (foundNode == null)
{
foundNode = await _progressiveCache.LoadAsync(async cs =>
{
var pages = await DocumentHelper.GetDocuments()
.Path(pageArgs.RelativeUrl, PathTypeEnum.Single)
.Culture(!string.IsNullOrWhiteSpace(pageArgs.Culture) ? pageArgs.Culture : pageArgs.DefaultCulture)
.CombineWithAnyCulture()
.CombineWithDefaultCulture()
.OnSite(pageArgs.SiteName)
.Columns("NodeACLID", "NodeID", "DocumentID", "DocumentCulture") // The Fields required for authorization
.GetEnumerableTypedResultAsync();
var pageList = pages.ToList();
var page = pageList.FirstOrDefault();
if (cs.Cached && pageList.Any())
{
cs.CacheDependency = CacheHelper.GetCacheDependency(new string[]
{
$"nodeid|{page.NodeID}",
$"documentid|{page.DocumentID}"
});
}
return(page);
}, new CacheSettings(1440, "KenticoAuthorizeGetTreeNode", pageArgs.RelativeUrl, pageArgs.SiteName));
}
pageArgs.FoundPage = foundNode;
var customTreeNodeAfter = await _authorizationContextCustomizer.GetCustomPageAsync(pageArgs, AuthorizationEventType.After);
if (customTreeNodeAfter != null)
{
if (customTreeNode.NodeACLID <= 0)
{
new NullReferenceException("The TreeNode does not contain the NodeACLID property, which is required for Permission lookup.");
}
foundNode = pageArgs.FoundPage;
}
}
return(foundNode);
}
public async Task <bool> IsAuthorizedAsync(UserContext user, AuthorizationConfiguration authConfig, TreeNode currentPage = null, string pageTemplateIdentifier = null)
{
bool authorized = false;
// Will remain true only if no other higher priority authorization items were specified
bool OnlyAuthenticatedCheck = true;
// Global admin
if (!authorized && user.IsGlobalAdmin)
{
authorized = true;
OnlyAuthenticatedCheck = false;
}
// Roles
if (!authorized && authConfig.Roles.Any())
{
OnlyAuthenticatedCheck = false;
authorized = (user.Roles.Intersect(authConfig.Roles, StringComparer.InvariantCultureIgnoreCase).Any());
}
// Users no longer there
if (!authorized && authConfig.Users.Any())
{
OnlyAuthenticatedCheck = false;
authorized = authConfig.Users.Contains(user.UserName, StringComparer.InvariantCultureIgnoreCase);
}
// Explicit Permissions
if (!authorized && authConfig.ResourceAndPermissionNames.Any())
{
OnlyAuthenticatedCheck = false;
authorized = authConfig.ResourceAndPermissionNames.Intersect(user.Permissions, StringComparer.InvariantCultureIgnoreCase).Any();
}
// Check page level security
if (!authorized && authConfig.CheckPageACL && currentPage != null)
{
// Need basic user from username
var userInfo = await _progressiveCache.LoadAsync(async cs =>
{
if (cs.Cached)
{
cs.CacheDependency = CacheHelper.GetCacheDependency($"{UserInfo.OBJECT_TYPE}|byname|{user.UserName}");
}
var userResult = (await _userInfoProvider.GetAsync(user.UserName));
return(userResult);
}, new CacheSettings(30, "GetUserInfoForAuthorization", user.UserName));
// Kentico has own caching so okay to call uncached
if (TreeSecurityProvider.IsAuthorizedPerNode(currentPage, authConfig.NodePermissionToCheck, userInfo) != AuthorizationResultEnum.Denied)
{
authorized = true;
}
}
// If there were no other authentication properties, check if this is purely an "just requires authentication" area
if (OnlyAuthenticatedCheck && (!authConfig.UserAuthenticationRequired || user.IsAuthenticated))
{
authorized = true;
}
return(authorized);
}