public void SetRequestTypesAcl(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, ILookup <BigTuple <Guid>, AclEntry> reqAcls)
{
foreach (var rt in Plugins.GetPluginRequestTypes().Values)
{
var reqTarget = Sec.Target(project, organization, dataMart, rt.RequestType.AsSecurityObject());
Security.SetAcl(reqTarget, reqAcls[reqTarget.Id()]);
}
}
public void SetObjectInheritanceParent(ISecurityObject obj, ISecurityObject parent)
{
if (obj.Kind != parent.Kind)
{
throw new InvalidOperationException("Trying to set an object of kind " + parent.Kind + " as a parent for object of kind " + obj.Kind + ". Parent and child in access control inheritance tree must be of same kind.");
}
Dag.SetAdjacency(obj.ID, new[] { parent.ID });
}
public ObjectRule(ISecurityObject iobject,
IOperator ioperator,
OperatorMethod method)
{
this.securityObject = iobject;
this.ioperator = ioperator;
this.method = method;
this.ruleId = Guid.NewGuid();
}
public ObjectRule(ISecurityObject iobject,
IOperator ioperator,
OperatorMethod method)
{
this.securityObject = iobject;
this.ioperator = ioperator;
this.method = method;
this.ruleId = Guid.NewGuid();
}
private void FillObjects(SecurityObjectBuilder securityObjectBuilder)
{
ISecurityObject securityObject = securityObjectBuilder.SecurityObject as ISecurityObject;
if (securityObject != null)
{
securityObject.BlockedMembers = securityObjectBuilder.GetBlockedMembers();
securityObject.ReadOnlyMembers = processor.GetReadOnlyMembersString(securityObject.GetType());
securityObject.ReadOnlyMembersOnLoad = GetReadOnlyMembersOnLoad(securityObjectBuilder);
}
}
public RequestTypesAclModel RequestTypesPrivilegesForEdit(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
{
return(new RequestTypesAclModel
{
Targets = Plugins.GetPluginRequestTypes()
.Select(rt => rt.Value)
.Where(rt => filter == null || filter(rt))
.Select(rt => Pair.Create(Sec.Target(project, organization, dataMart, rt.RequestType.AsSecurityObject()), rt)),
Privileges = new[] {
Pair.Create(SecPrivileges.RequestType.SubmitManual, "Manual"),
Pair.Create(SecPrivileges.RequestType.SubmitAuto, "Auto")
}
});
}
private bool CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action, bool silent)
{
if (securityObj == null)
{
throw new Exception(Resources.CalendarApiResource.ErrorItemNotFound);
}
if (silent)
{
return(SecurityContext.CheckPermissions(securityObj, action));
}
else
{
SecurityContext.DemandPermissions(securityObj, action);
}
return(true);
}
public AjaxResponse SaveMembers(int id, bool isCategory, string userIDs)
{
AjaxResponse resp = new AjaxResponse();
resp.rs2 = id.ToString();
resp.rs4 = isCategory ? "1" : "0";
ISecurityObject securityObj = null;
try
{
if (!ForumManager.Instance.ValidateAccessSecurityAction(ASC.Forum.ForumAction.GetAccessForumEditor, null))
{
new Exception(Resources.ForumResource.ErrorAccessDenied);
}
var categories = new List <ThreadCategory>();
var threads = new List <Thread>();
ForumDataProvider.GetThreadCategories(TenantProvider.CurrentTenantID, out categories, out threads);
if (isCategory)
{
securityObj = categories.Find(c => c.ID == id);
}
else
{
securityObj = threads.Find(t => t.ID == id);
}
resp.rs1 = "1";
}
catch (Exception e)
{
resp.rs1 = "0";
resp.rs3 = "<div>" + e.Message.HtmlEncode() + "</div>";
}
return(resp);
}
private void ValidateAccessHandler(object sender, SecurityAccessEventArgs e)
{
ISecurityObject securityObject = null;
if (e.TargetObject is ISecurityObject)
{
securityObject = (ISecurityObject)e.TargetObject;
}
switch (e.Action)
{
case ForumAction.ReadPosts:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ReadPostsAction);
break;
case ForumAction.PostCreate:
Topic topic = (Topic)e.TargetObject;
if (CommunitySecurity.CheckPermissions(topic, Constants.PostCreateAction))
{
if (!topic.Closed)
{
_view.IsAccessible = true;
}
else if (topic.Closed && CommunitySecurity.CheckPermissions(topic, Constants.TopicCloseAction))
{
_view.IsAccessible = true;
}
else
{
_view.IsAccessible = false;
}
}
else
{
_view.IsAccessible = false;
}
break;
case ForumAction.ApprovePost:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostApproveAction);
break;
case ForumAction.PostEdit:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostEditAction);
break;
case ForumAction.PostDelete:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostDeleteAction);
break;
case ForumAction.TopicCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCreateAction);
break;
case ForumAction.PollCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PollCreateAction);
break;
case ForumAction.TopicClose:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCloseAction);
break;
case ForumAction.TopicSticky:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicStickyAction);
break;
case ForumAction.TopicEdit:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicEditAction);
break;
case ForumAction.TopicDelete:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicDeleteAction);
break;
case ForumAction.PollVote:
Question question = (Question)e.TargetObject;
_view.IsAccessible = CommunitySecurity.CheckPermissions(new Topic()
{
ID = question.TopicID
}, Constants.PollVoteAction);
break;
case ForumAction.TagCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagCreateAction);
break;
case ForumAction.AttachmentCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentCreateAction);
break;
case ForumAction.AttachmentDelete:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentDeleteAction);
break;
case ForumAction.GetAccessForumEditor:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ForumManagementAction);
break;
case ForumAction.GetAccessTagEditor:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagManagementAction);
break;
}
}
public static bool HasPrivilege <TDomain>(
this ISecurityService <TDomain> service, ISecurityObject obj, ISecuritySubject subject, SecurityPrivilege privilege)
{
return(service.HasPrivilege(Sec.Target(obj), subject, privilege));
}
public static void DemandPermissions(ISecurityObject securityObject, params IAction[] actions)
{
DemandPermissions(securityObject, null, actions);
}
public ILookup <BigTuple <Guid>, AnnotatedAclEntry> RequestTypesEntriesForEdit(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
{
var allReqTypes = Plugins.GetPluginRequestTypes();
var requestTypeIDs = allReqTypes.Select(a => a.Key).ToArray();
var result = Security
.GetAllAcls(SecTargetKinds.RequestTypePerDataMart.ObjectKindsInOrder.Count())
.WhereFirstIs(project.ID)
.WhereSecondIs(organization.ID)
.WhereThirdIs(dataMart.ID)
.Where(s => requestTypeIDs.Contains(s.TargetId.X3))
.ToArray();
var result2 = result
.Where(e =>
{
var rt = allReqTypes[e.TargetId.X3];
return(rt != null && (filter == null || filter(rt)));
});
var result3 = result2
.ToLookup(
e => e.TargetId,
e => e.Entries.Where(ee => !ee.ViaMembership).Select(en => Security.ResolveAclEntry(en, SecTargetKinds.RequestTypePerDataMart))
);
return(result3);
}
public static bool CheckPermissions(ISecurityObject securityObject, params IAction[] actions)
{
return CheckPermissions(securityObject, null, actions);
}
public IQueryable <Guid> GetObjectTransitiveChildren(ISecurityObject obj, bool includeSelf = false)
{
//Contract.Requires( obj != null );
//Contract.Ensures( //Contract.Result<IQueryable<Guid>>() != null );
return(null);
}
private void CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action)
{
CheckPermissions(securityObj, action, false);
}
public IQueryable <Guid> GetObjectTransitiveChildren(ISecurityObject obj, bool includeSelf = false)
{
return(Dag.GetAdjacentStarts(obj.ID, false, includeSelf));
}
public static void Demand <TDomain>(this ISecurityService <TDomain> service, ISecurityObject o, ISecuritySubject subject, params SecurityPrivilege[] ps)
{
service.Demand(Sec.Target(o), subject, ps);
}
public void SetRequestTypesAcl(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, string acl, Guid replaceNullObjectWith)
{
SetRequestTypesAcl(project, organization, dataMart, SecurityUI.ParseAcls(acl).ReplaceObject(Sec.NullObject, replaceNullObjectWith));
}
public IJsControlledView RequestTypesPrivilegesEditor(ISecurityObject project, ISecurityObject organization, ISecurityObject dataMart, Func <PluginRequestType, bool> filter = null)
{
var mdl = RequestTypesPrivilegesForEdit(project, organization, dataMart, filter);
return(null);
}
private void CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action)
{
CheckPermissions(securityObj, action, false);
}
public static bool CheckPermissions(ISecurityObject securityObject, params IAction[] actions)
{
return(CheckPermissions(securityObject, null, actions));
}
private void ValidateAccessHandler(object sender, SecurityAccessEventArgs e)
{
ISecurityObject securityObject = null;
if (e.TargetObject is ISecurityObject)
securityObject = (ISecurityObject)e.TargetObject;
var topic = e.TargetObject as Topic;
var isTopicAutor = topic != null && topic.PosterID == SecurityContext.CurrentAccount.ID;
switch (e.Action)
{
case ForumAction.ReadPosts:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ReadPostsAction);
break;
case ForumAction.PostCreate:
if (topic == null || CommunitySecurity.CheckPermissions(topic, Constants.PostCreateAction))
{
if (!topic.Closed)
_view.IsAccessible = true;
else if (topic.Closed && CommunitySecurity.CheckPermissions(topic, Constants.TopicCloseAction))
_view.IsAccessible = true;
else
_view.IsAccessible = false;
}
else
_view.IsAccessible = false;
break;
case ForumAction.ApprovePost:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostApproveAction);
break;
case ForumAction.PostEdit:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostEditAction);
break;
case ForumAction.PostDelete:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PostDeleteAction);
break;
case ForumAction.TopicCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCreateAction);
break;
case ForumAction.PollCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.PollCreateAction);
break;
case ForumAction.TopicClose:
_view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicCloseAction);
break;
case ForumAction.TopicSticky:
_view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicStickyAction);
break;
case ForumAction.TopicEdit:
_view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicEditAction);
break;
case ForumAction.TopicDelete:
_view.IsAccessible = isTopicAutor || CommunitySecurity.CheckPermissions(securityObject, Constants.TopicDeleteAction);
break;
case ForumAction.PollVote:
Question question = (Question)e.TargetObject;
_view.IsAccessible = CommunitySecurity.CheckPermissions(new Topic() { ID = question.TopicID }, Constants.PollVoteAction);
break;
case ForumAction.TagCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagCreateAction);
break;
case ForumAction.AttachmentCreate:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentCreateAction);
break;
case ForumAction.AttachmentDelete:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.AttachmentDeleteAction);
break;
case ForumAction.GetAccessForumEditor:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.ForumManagementAction);
break;
case ForumAction.GetAccessTagEditor:
_view.IsAccessible = CommunitySecurity.CheckPermissions(securityObject, Constants.TagManagementAction);
break;
}
}
public static void DemandPermissions(ISecurityObject securityObject, params IAction[] actions)
{
DemandPermissions(securityObject, null, actions);
}
public IAclRight AddRightFor(ISecurityObject securityObject)
{
return(Query <IAclRight>(parameters: new object[] { securityObject }));
}
public void SetObjectInheritanceParent(ISecurityObject obj, ISecurityObject parent)
{
//Contract.Requires( obj != null );
throw new NotImplementedException();
}
private bool CheckPermissions(ISecurityObject securityObj, ASC.Common.Security.Authorizing.Action action, bool silent)
{
if (securityObj == null)
throw new Exception(Resources.CalendarApiResource.ErrorItemNotFound);
if (silent)
return SecurityContext.CheckPermissions(securityObj, action);
else
SecurityContext.DemandPermissions(securityObj, action);
return true;
}