public void TestFixtureSetUp() { // Create test content using (new SecurityDisabler()) { m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
public void TestFixtureSetUp() { // Create test content m_home = Sitecore.Context.Database.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { try { m_home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\blog manager content.xml")), true, PasteMode.Overwrite); } catch { // this "catch" is used to debug issues with the Paste() method call above int y = 0; y++; } Initialize(); // Create test user try { var user = Sitecore.Security.Accounts.User.Create("sitecore\\" + TESTUSERNAME, TESTUSERNAME); Roles.AddUserToRole("sitecore\\" + TESTUSERNAME, "sitecore\\sitecore client authoring"); var accessRule = AccessRule.Create(user, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow); var accessRules = new AccessRuleCollection(); accessRules.Add(accessRule); m_blog1.Security.SetAccessRules(accessRules); } catch { Membership.DeleteUser("sitecore\\" + TESTUSERNAME); } } }
protected virtual AccessRuleCollection BuildAccessRuleCollection(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); return(collection); }
protected virtual void FillAccessRules(AccessRuleCollection rules, DbItemAccess itemAccess, AccessRight accessRight, Func <DbItemAccess, bool?> canAct) { var canActRest = canAct(itemAccess); if (canActRest == null) { return; } var permission = (bool)canActRest ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess; rules.Add(AccessRule.Create(Context.User, accessRight, PropagationType.Entity, permission)); }
protected override void ProcessRecord() { if (!this.TryParseAccessRight(AccessRight, out var accessRight)) { return; } var account = this.GetAccountFromIdentity(Identity); var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission); WriteObject(accessRule); }
protected virtual AccessRuleCollection BuildAccessRuleCollectionFull(Account account, bool hasAccess) { var collection = new AccessRuleCollection(); // Add read and write item permission, if the user or user group has access. collection.Add(AccessRule.Create(account, AccessRight.ItemRead, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemWrite, PropagationType.Any, hasAccess ? SecurityPermission.AllowAccess : SecurityPermission.DenyAccess)); // Deny all other rights besides Read and Write. These permissions will be inherited for the Catalogs and Categories. collection.Add(AccessRule.Create(account, AccessRight.ItemAdmin, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemCreate, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemDelete, PropagationType.Any, SecurityPermission.DenyAccess)); collection.Add(AccessRule.Create(account, AccessRight.ItemRename, PropagationType.Any, SecurityPermission.DenyAccess)); return(collection); }
protected override void ProcessItem(Item item) { var accessRules = item.Security.GetAccessRules(); if (AccessRules == null) { AccessRight accessRight; if (!this.TryParseAccessRight(AccessRight, out accessRight)) { return; } Account account = this.GetAccountFromIdentity(Identity); var accessRule = AccessRule.Create(account, accessRight, PropagationType, SecurityPermission); accessRules.Add(accessRule); if (ShouldProcess(item.GetProviderPath(), string.Format( "Add access right '{0}' with PropagationType '{1}', SecurityPermission '{2}' for '{3}'", accessRight.Name, PropagationType, SecurityPermission, Identity.Name))) { item.Security.SetAccessRules(accessRules); } } else { if (ShouldProcess(item.GetProviderPath(), "Add Acl list.")) { accessRules.AddRange(AccessRules); item.Security.SetAccessRules(accessRules); } } if (PassThru) { WriteItem(item); } }
public void ShouldRestrictItemSecurity() { // arrange using (var db = new Db { new DbItem("home") { new DbItem("about") } }) { var item = db.GetItem("/sitecore/content/home"); var rules = new AccessRuleCollection { AccessRule.Create(Context.User, AccessRight.ItemRead, PropagationType.Descendants, AccessPermission.Deny) }; // act AuthorizationManager.SetAccessRules(item, rules); // assert Assert.NotNull(db.GetItem("/sitecore/content/home")); Assert.Null(db.GetItem("/sitecore/content/home/about")); } }
public void TestFixtureSetUp() { // Create test content var db = Sitecore.Configuration.Factory.GetDatabase("master"); var home = db.GetItem("/sitecore/content/home"); using (new SecurityDisabler()) { home.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite); // Retrieve created content items m_testRoot = home.Axes.GetChild("test content"); m_blog1 = m_testRoot.Axes.GetChild("blog1"); m_blog2 = m_testRoot.Axes.GetChild("blog2"); m_blog3 = m_testRoot.Axes.GetChild("blog3"); // Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created. // Remove the following section once the bug has been fixed // START: Workaround var template = m_blog1.Database.Templates[Settings.EntryTemplateID]; var entry11Check = m_blog1.Axes.GetDescendant("Entry11"); if (entry11Check == null) { m_blog1.Add("Entry11", template); } var entry12Check = m_blog1.Axes.GetDescendant("Entry12"); if (entry12Check == null) { System.Threading.Thread.Sleep(2000); m_blog1.Add("Entry12", template); } // END: Workaround // Create test users m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user1", PASSWORD); m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user2", PASSWORD); // Add users to roles m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring")); var rules = new AccessRuleCollection(); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Descendants, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Descendants, AccessPermission.Allow)); m_blog1.Security.SetAccessRules(rules); m_blog2.Security.SetAccessRules(rules); ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web")); var entry11 = m_blog1.Axes.GetDescendant("Entry11"); ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web")); var entry12 = m_blog1.Axes.GetDescendant("Entry12"); ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web")); // Rebuild the search index to ensure all manager calls work as expected var index = SearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); } m_api = new Mod.MetaBlogApi(); }
public void TestFixtureSetUp() { // Create test content using (new SecurityDisabler()) { m_testContentRoot.Paste(File.ReadAllText(HttpContext.Current.Server.MapPath(@"~\test data\MetaBlog content.xml")), true, PasteMode.Overwrite); // Retrieve created content items m_testRoot = m_testContentRoot.Axes.GetChild("test content"); m_blog1 = m_testRoot.Axes.GetChild("blog1"); m_blog2 = m_testRoot.Axes.GetChild("blog2"); m_blog3 = m_testRoot.Axes.GetChild("blog3"); // Ensure blog 1 entries. Current NewsMover has a bug which is removing them as they are created. // Remove the following section once the bug has been fixed // START: Workaround var template = m_blog1.Database.Templates[Settings.EntryTemplateID]; var entry11Check = m_blog1.Axes.GetDescendant("Entry11"); if (entry11Check == null) { var entry = m_blog1.Add("Entry11", template); using (new EditContext(entry)) { entry["Entry Date"] = "20120105T233207"; } } var entry12Check = m_blog1.Axes.GetDescendant("Entry12"); if (entry12Check == null) { System.Threading.Thread.Sleep(2000); var entry = m_blog1.Add("Entry12", template); using (new EditContext(entry)) { entry["Entry Date"] = "20120106T233145"; } } // END: Workaround // Create test users // Use random usernames to ensure we're not trying to create users that might already exist m_userAuthor = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD); m_userNothing = Sitecore.Security.Accounts.User.Create("sitecore\\user" + m_random.Next(999999), PASSWORD); // Add users to roles m_userAuthor.Roles.Add(Role.FromName("sitecore\\Sitecore Client Authoring")); var rules = new AccessRuleCollection(); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemWrite, PropagationType.Any, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemDelete, PropagationType.Any, AccessPermission.Allow)); rules.Add(AccessRule.Create(m_userAuthor, AccessRight.ItemCreate, PropagationType.Any, AccessPermission.Allow)); m_blog1.Security.SetAccessRules(rules); m_blog2.Security.SetAccessRules(rules); ContentHelper.PublishItemAndRequiredAncestors(m_blog1, Sitecore.Configuration.Factory.GetDatabase("web")); var entry11 = m_blog1.Axes.GetDescendant("Entry11"); ContentHelper.PublishItemAndRequiredAncestors(entry11, Sitecore.Configuration.Factory.GetDatabase("web")); var entry12 = m_blog1.Axes.GetDescendant("Entry12"); ContentHelper.PublishItemAndRequiredAncestors(entry12, Sitecore.Configuration.Factory.GetDatabase("web")); // Rebuild the search index to ensure all manager calls work as expected #if FEATURE_CONTENT_SEARCH var index = ContentSearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); #else var index = SearchManager.GetIndex(Settings.SearchIndexName); index.Rebuild(); #endif } m_api = new Mod.MetaBlogApi(); }