public void Update(EditContentPermissionViewModel model, IList <ContentItem> contentItems, bool writeToActivityStream) { foreach (var contentItem in contentItems) { var snapshot = this.activityStreamService.TakeSnapshot(contentItem); var contentPermissionPart = contentItem.As <ContentItemPermissionPart>(); if (contentPermissionPart.Record.Items == null) { contentPermissionPart.Record.Items = new List <ContentItemPermissionDetailRecord>(); } var allPermissionRecords = contentPermissionPart.Record.Items; bool isAdmin = this.orchardServices.Authorizer.Authorize(Permissions.AdvancedOperatorPermission); int userId = this.orchardServices.WorkContext.CurrentUser.Id; var currentUserPermissions = isAdmin ? allPermissionRecords.ToList() : this.GetUserPermissionRecordsForItem(contentItem, userId).ToList(); var targets = model.Targets.Where(c => c.Checked).ToList(); bool hasAssignee = allPermissionRecords.Any(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee); // if item has assignee and there are some permissions for the item, but none of them belongs to the user, then the user doesn't have access to the item if (allPermissionRecords.Count > 0 && hasAssignee) { if (!isAdmin && currentUserPermissions.Count(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee || c.AccessType == ContentItemPermissionAccessTypes.SharedForEdit) == 0) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } // only assignee can change the assignee if (!isAdmin && currentUserPermissions.Count(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee) == 0 && model.AccessType == ContentItemPermissionAccessTypes.Assignee) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } } else { // if there is no permission for current user, then he/she must have a EditShare permission if (model.Targets.Count(c => c.UserId == userId) == 0 && !allPermissionRecords.Any(c => c.User != null && c.User.Id == userId)) { ContentItemPermissionDetailRecord newPermission = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.SharedForEdit, ContentItemPermissionPartRecord = contentPermissionPart.Record, User = new Users.Models.UserPartRecord { Id = userId } }; contentPermissionPart.Record.Items.Add(newPermission); this.Create(newPermission, contentItem, false); } } foreach (var item in targets) { int?[] temp = new int?[] { item.BusinessUnitId, item.TeamId, item.UserId }; if (temp.Count(c => c.HasValue) != 1) { throw new Security.OrchardSecurityException(T("You don't have permission to change access to the contentItem")); } // try to find a permission with the same user, team and business values, if there is such permission, we // must not create a new permission and we just have to change the AccessType of the exsiting one var existingPermission = allPermissionRecords.FirstOrDefault(d => ((item.TeamId == null && d.Team == null) || (item.TeamId.HasValue && d.Team != null && item.TeamId.Value == d.Team.Id)) && ((item.BusinessUnitId == null && d.BusinessUnit == null) || (item.BusinessUnitId.HasValue && d.BusinessUnit != null && item.BusinessUnitId.Value == d.BusinessUnit.Id)) && ((item.UserId == null && d.User == null) || (item.UserId.HasValue && d.User != null && item.UserId.Value == d.User.Id)) ); if (existingPermission != null) { existingPermission.AccessType = model.AccessType; // we should remove the permission from currentUserPermissions in order to prevent it to be deleted currentUserPermissions.Remove(existingPermission); continue; } // setting the parent doesn't have been done. ContentItemPermissionDetailRecord newPermission = new ContentItemPermissionDetailRecord { AccessType = model.AccessType, ContentItemPermissionPartRecord = contentPermissionPart.Record }; if (item.BusinessUnitId.HasValue) { var businessUnitRecord = this.basicDataService.GetBusinessUnits().Select(c => c.As <BusinessUnitPart>()).FirstOrDefault(c => c.Id == item.BusinessUnitId.Value); if (businessUnitRecord != null) { newPermission.BusinessUnit = new BusinessUnitPartRecord { Id = item.BusinessUnitId.Value, Name = businessUnitRecord.Name }; } } if (item.TeamId.HasValue) { var teamRecord = this.basicDataService.GetTeams().Select(c => c.As <TeamPart>()).FirstOrDefault(c => c.Id == item.TeamId.Value); if (teamRecord != null) { newPermission.Team = new TeamPartRecord { Id = item.TeamId.Value, Name = teamRecord.Name }; } } if (item.UserId.HasValue) { var userRecord = this.userRepository.Table.FirstOrDefault(c => c.Id == item.UserId.Value); if (userRecord != null) { newPermission.User = new Users.Models.UserPartRecord { Id = item.UserId.Value, UserName = userRecord.UserName, Email = userRecord.Email }; } } contentPermissionPart.Record.Items.Add(newPermission); this.Create(newPermission, contentItem, true); } if (model.AccessType == ContentItemPermissionAccessTypes.Assignee) { if (model.RemoveOldPermission) { // remove previous assignee and sharedForEdit permissions foreach (var permission in currentUserPermissions.Where(c => c.AccessType != ContentItemPermissionAccessTypes.SharedForView)) { contentPermissionPart.Record.Items.Remove(permission); this.permissionDetailRecordRepository.Delete(permission); } } else { foreach (var permission in currentUserPermissions.Where(c => c.AccessType == ContentItemPermissionAccessTypes.Assignee)) { permission.AccessType = ContentItemPermissionAccessTypes.SharedForEdit; } } } contentPermissionPart.Record.HasOwner = contentPermissionPart .Record .Items .Count(d => d.AccessType == ContentItemPermissionAccessTypes.Assignee && (d.User != null || d.Team != null || d.BusinessUnit != null)) > 0; this.permissionDetailRecordRepository.Flush(); if (writeToActivityStream) { this.activityStreamService.WriteChangesToStreamActivity(contentItem, snapshot, StreamWriters.ContentItemPermissionStreamWriter); } } }
public override IEnumerable <LocalizedString> Execute(WorkflowContext workflowContext, ActivityContext activityContext) { TicketPart ticketPart = workflowContext.Content.As <TicketPart>(); if (!workflowContext.Tokens.ContainsKey("Permission")) { this.Logger.Debug("There is no Permission among the tokens"); return(new[] { T("Failed") }); } ContentItemPermissionDetailRecord permission = (ContentItemPermissionDetailRecord)workflowContext.Tokens["Permission"]; if (permission == null) { this.Logger.Debug("There is no Permission among the tokens"); return(new[] { T("Failed") }); } if (ticketPart == null) { this.Logger.Debug("ContentItem mismatch: Expexting TicketPart"); return(new[] { T("Failed") }); } // setup tokenizer Dictionary <string, object> temp = new Dictionary <string, object>(); temp.Add(ActivityTokenProvider.PermissionDetailKey, permission); var titlePart = ticketPart.As <TitlePart>(); if (titlePart != null) { temp.Add(ActivityTokenProvider.TitkeKey, titlePart); } CRMCommentPart commentPart = workflowContext.Content.As <CRMCommentPart>(); if (commentPart != null) { temp.Add(ActivityTokenProvider.CRMCommentKey, commentPart); } string emailTemplateIdString = activityContext.GetState <string>(EmailTemplateActivityForm.EmailTemplateIdFieldName); int emailTemplateId; if (!int.TryParse(emailTemplateIdString, out emailTemplateId)) { this.Logger.Debug("There is no email Template for new Tickets"); return(new[] { T("Failed") }); } var ticketEmailTemplate = this.emailTemplateRepository.Table.First(c => c.Id == emailTemplateId); if (ticketEmailTemplate == null) { this.Logger.Debug("There is no email Template for new Tickets"); return(new[] { T("Failed") }); } var queued = activityContext.GetState <bool>("Queued"); var priority = activityContext.GetState <int>("Priority"); var recipients = this.GetRecipients(permission); foreach (var recipient in recipients.Where(c => !string.IsNullOrEmpty(c.Email))) { temp.Add(ActivityTokenProvider.UserKey, recipient); string body = this.tokenizer.Replace(ticketEmailTemplate.Body, temp); string subject = this.tokenizer.Replace(ticketEmailTemplate.Subject, temp); this.SendEmail(subject, body, recipient.Email, queued, priority); } return(new[] { T("Done") }); }
private void SetPermissions(WorkflowContext workflowContext, ActivityContext activityContext, ContentItem ticket, TicketPart ticketPart) { // Permission var contentPermissionPart = ticket.As <ContentItemPermissionPart>(); contentPermissionPart.Record.Ticket = ticketPart.Record; // EditableBy string editableBy = activityContext.GetState <string>("EditableBy"); List <UserPartRecord> users = new List <UserPartRecord>(); if (!string.IsNullOrEmpty(editableBy)) { var usernames = editableBy.Split(',').Select(c => c.Trim().ToLower()).ToArray(); users = this.userRepository.Table.Where(c => usernames.Contains(c.UserName)).ToList(); // remove redundants users = users.GroupBy(c => c.Id).Select(c => c.First()).ToList(); foreach (var user in users) { var permissionRecord = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.SharedForEdit, User = new UserPartRecord { Id = user.Id }, ContentItemPermissionPartRecord = contentPermissionPart.Record }; this.contentOwnershipHelper.Create(permissionRecord, ticket, false); } } // businessUnit string groupId = activityContext.GetState <string>("GroupId"); if (!string.IsNullOrEmpty(groupId)) { var targetContentItemPermissionViewModel = Converter.DecodeGroupId(groupId); if (targetContentItemPermissionViewModel.BusinessUnitId.HasValue) { var permissionRecord = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.Assignee, BusinessUnit = new BusinessUnitPartRecord { Id = targetContentItemPermissionViewModel.BusinessUnitId.Value }, ContentItemPermissionPartRecord = contentPermissionPart.Record }; this.contentOwnershipHelper.Create(permissionRecord, ticket, false); contentPermissionPart.Record.HasOwner = true; } else if (targetContentItemPermissionViewModel.TeamId.HasValue) { var permissionRecord = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.Assignee, Team = new TeamPartRecord { Id = targetContentItemPermissionViewModel.TeamId.Value }, ContentItemPermissionPartRecord = contentPermissionPart.Record }; this.contentOwnershipHelper.Create(permissionRecord, ticket, false); contentPermissionPart.Record.HasOwner = true; } } else { // user int?userId = GetValueFromActivityContext(activityContext, CreateTicketActivityForm.SelectedUserId); if (userId != null && !users.Any(c => c.Id == userId.Value)) { var permissionRecord = new ContentItemPermissionDetailRecord { AccessType = ContentItemPermissionAccessTypes.Assignee, User = new UserPartRecord { Id = userId.Value }, ContentItemPermissionPartRecord = contentPermissionPart.Record }; contentPermissionPart.Record.HasOwner = true; this.contentOwnershipHelper.Create(permissionRecord, ticket, false); } } }