private static void ValidateO2MRelationSecurity(List <KeyValuePair <int, FieldValue> > o2MValues) { var fieldsToCheck = o2MValues.Select(n => n.Value.Field).Distinct().Where(n => n.UseRelationSecurity); foreach (var field in fieldsToCheck) { var ids = o2MValues.Where(n => Equals(n.Value.Field, field)) .Select(n => n.Value.Value) .Distinct() .Select(int.Parse) .ToArray(); if (field.RelateToContentId != null) { var notAccessed = new HashSet <string>(ArticleRepository.CheckRelationSecurity(field.RelateToContentId.Value, ids, false) .Where(n => !n.Value) .Select(n => n.Key.ToString()) .ToArray()); if (notAccessed.Any()) { var errorItem = o2MValues.First(n => notAccessed.Contains(n.Value.Value)); throw new ArgumentException(string.Format(ImportStrings.InaccessibleO2M, errorItem.Key, field.Name, errorItem.Value.Value)); } } } }
public Dictionary <int, bool> CheckRelationSecurity(int contentId, int[] ids, bool isDeletable) { using (new QPConnectionScope(ConnectionString)) { QPContext.CurrentUserId = TestedUserId; var result = ArticleRepository.CheckRelationSecurity(contentId, ids, isDeletable); QPContext.CurrentUserId = 0; return(result); } }
public static CheckIdResult <Article> CreateForPublish(int contentId, int[] ids, bool disableSecurityCheck) { var result = new CheckIdResult <Article>(); var list = EntityObjectRepository.GetList(EntityTypeCode.Article, ids).Cast <Article>(); if (list == null) { result._NotFoundIds.AddRange(ids); } else { result._NotFoundIds.AddRange(ids.Except(list.Select(n => n.Id))); var checkResult = ArticleRepository.CheckSecurity(contentId, ids, false, disableSecurityCheck); var relationCheckResult = ArticleRepository.CheckRelationSecurity(contentId, ids, false); foreach (var article in list) { if (article.StatusTypeId == article.ActualWorkflowBinding.MaxStatus.Id && !article.Splitted) { result._RedundantIds.Add(article.Id); } else if (article.LockedByAnyoneElse && !QPContext.CanUnlockItems) { result._LockedItems.Add(article); } else if (!checkResult[article.Id]) { result._NotAccessedIds.Add(article.Id); } else if (!article.IsPublishableWithWorkflow) { result._BlockedByWorkflowIds.Add(article.Id); } else if (!relationCheckResult[article.Id]) { result._BlockedByRelationSecurityIds.Add(article.Id); } else { result._ValidItems.Add(article); } } } return(result); }
public static CheckIdResult <Article> CreateForRemove(int contentId, int[] ids, bool disableSecurityCheck) { var result = new CheckIdResult <Article>(); var list = EntityObjectRepository.GetList(EntityTypeCode.Article, ids).Cast <Article>(); if (list == null) { result._NotFoundIds.AddRange(ids); } else { result._NotFoundIds.AddRange(ids.Except(list.Select(n => n.Id))); var checkResult = ArticleRepository.CheckSecurity(contentId, ids, true, disableSecurityCheck); var relationCheckResult = ArticleRepository.CheckRelationSecurity(contentId, ids, true); foreach (var article in list) { if (article.LockedByAnyoneElse) { result._LockedItems.Add(article); } else if (!checkResult[article.Id]) { result._NotAccessedIds.Add(article.Id); } else if (!article.IsRemovableWithWorkflow) { result._BlockedByWorkflowIds.Add(article.Id); } else if (!relationCheckResult[article.Id]) { result._BlockedByRelationSecurityIds.Add(article.Id); } else { result._ValidItems.Add(article); } } } return(result); }
private static void UpdateM2MValues(List <KeyValuePair <int, FieldValue> > values) { var m2MFields = new Dictionary <string, Field>(); foreach (var fieldV in values) { if (!m2MFields.Keys.Contains(fieldV.Value.Field.Name)) { m2MFields.Add(fieldV.Value.Field.Name, fieldV.Value.Field); } } var doc = new XDocument(); var items = new XElement("items"); doc.Add(items); foreach (var field in m2MFields.Values) { var m2MField = field; var condition = m2MField.RelationCondition; var linkId = m2MField.LinkId ?? 0; if (m2MField.RelateToContentId != null) { var contentId = m2MField.RelateToContentId.Value; var filteredValues = values.Where(f => f.Value.Field.Name == m2MField.Name).ToArray(); var relatedIds = filteredValues .Where(n => n.Value.NewRelatedItems != null) .SelectMany(n => n.Value.NewRelatedItems) .Distinct() .ToList(); var validatedIds = new HashSet <int>(ArticleRepository.CheckForArticleExistence(relatedIds, condition, contentId)); var grantedIds = field.UseRelationSecurity ? new HashSet <int>(ArticleRepository.CheckRelationSecurity(contentId, validatedIds.ToArray(), false).Where(n => n.Value).Select(m => m.Key)) : validatedIds; foreach (var item in filteredValues) { var value = string.Empty; if (item.Value.NewRelatedItems != null) { var notValidIds = item.Value.NewRelatedItems.Where(n => !validatedIds.Contains(n)).ToArray(); if (notValidIds.Any()) { throw new ArgumentException(string.Format(ImportStrings.IncorrectM2M, item.Key, item.Value.Field.Name, string.Join(",", notValidIds))); } var notGrantedIds = item.Value.NewRelatedItems.Where(n => !grantedIds.Contains(n)).ToArray(); if (notGrantedIds.Any()) { throw new ArgumentException(string.Format(ImportStrings.InaccessibleM2M, item.Key, item.Value.Field.Name, string.Join(",", notGrantedIds))); } value = string.Join(",", item.Value.NewRelatedItems); } var itemXml = new XElement("item"); itemXml.Add(new XAttribute("id", item.Key)); itemXml.Add(new XAttribute("linkId", linkId)); itemXml.Add(new XAttribute("value", value)); doc.Root?.Add(itemXml); } } } ArticleRepository.UpdateM2MValues(doc.ToString(SaveOptions.None)); }