private static Dictionary <string, IEnumerable <Dictionary <string, object> > > BuildQueryAndRun(App app, string name, string stream, bool includeGuid, ModuleInfo module, Log log)
{
log.Add($"build and run query name:{name}, with module:{module?.ModuleID}");
var query = app.GetQuery(name);
if (query == null)
{
throw HttpErr(HttpStatusCode.NotFound, "query not found", $"query '{name}' not found");
}
var permissionChecker = new DnnPermissionController(query.QueryDefinition, log, module);
var readExplicitlyAllowed = permissionChecker.UserMay(PermissionGrant.Read);
var isAdmin = module != null && DotNetNuke.Security.Permissions
.ModulePermissionController.CanAdminModule(module);
// Only return query if permissions ok
if (!(readExplicitlyAllowed || isAdmin))
{
throw HttpErr(HttpStatusCode.Unauthorized, "Request not allowed", $"Request not allowed. User does not have read permissions for query '{name}'");
}
var serializer = new Serializer {
IncludeGuid = includeGuid
};
return(serializer.Prepare(query, stream?.Split(',')));
}
private void CheckTemplatePermissions(PortalSettings portalSettings)
{
// 2015-05-19 2dm: new: do security check if security exists
// should probably happen somewhere else - so it doesn't throw errors when not even rendering...
var permissionsOnThisTemplate = new DnnPermissionController(/*App.ZoneId, App.AppId,*/ Template.Entity /*.Guid*/, Log, ModuleInfo);
// Views only use permissions to prevent access, so only check if there are any configured permissions
if (!portalSettings.UserInfo.IsInRole(portalSettings.AdministratorRoleName) && permissionsOnThisTemplate.PermissionList.Any())
{
if (!permissionsOnThisTemplate.UserMay(PermissionGrant.Read))
{
throw new RenderingException(new UnauthorizedAccessException(
"This view is not accessible for the current user. To give access, change permissions in the view settings. See http://2sxc.org/help?tag=view-permissions"));
}
}
}
