public bool TryCheckAccess(Permission permission, IUser user, IContent content) { user = new ActiveDirectoryUser(); var context = new CheckAccessContext { Permission = permission, User = user, Content = content }; _authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null) { if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) && String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) { context.Granted = true; } } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray(); // determine what set of roles should be examined by the access check IEnumerable <string> rolesToExamine; if (context.User == null) { rolesToExamine = AnonymousRole; } else { // the current user is not null, so get his roles and add "Authenticated" to it. // This line has been changed from the core implementation of IAuthorizationService, // because our ActiveDirectoryUser implements the IUserRoles interface instead of having // an UserRolesPart included on the content. rolesToExamine = (context.User as IUserRoles).Roles; // when it is a simulated anonymous user in the admin if (!rolesToExamine.Contains(AnonymousRole[0])) { rolesToExamine = rolesToExamine.Concat(AuthenticatedRole); } } foreach (var role in rolesToExamine) { foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) { string possessedName = permissionName; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) { break; } } if (context.Granted) { break; } } } context.Adjusted = false; _authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) { break; } } _authorizationServiceEventHandler.Complete(context); return(context.Granted); }
public bool TryCheckAccess(Permission permission, IUser user, IContent content) { var context = new CheckAccessContext { Permission = permission, User = user, Content = content }; _authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null) { if (!String.IsNullOrEmpty(_workContextAccessor.GetContext().CurrentSite.SuperUser) && String.Equals(context.User.UserName, _workContextAccessor.GetContext().CurrentSite.SuperUser, StringComparison.Ordinal)) { context.Granted = true; } } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray(); // determine what set of roles should be examined by the access check IEnumerable <string> rolesToExamine; if (context.User == null) { rolesToExamine = AnonymousRole; } else if (context.User.Has <IUserRoles>()) { // the current user is not null, so get his roles and add "Authenticated" to it rolesToExamine = context.User.As <IUserRoles>().Roles; // when it is a simulated anonymous user in the admin if (!rolesToExamine.Contains(AnonymousRole[0])) { rolesToExamine = rolesToExamine.Concat(AuthenticatedRole); } } else { // the user is not null and has no specific role, then it's just "Authenticated" rolesToExamine = AuthenticatedRole; } foreach (var role in rolesToExamine) { foreach (var permissionName in _roleService.GetPermissionsForRoleByName(role)) { string possessedName = permissionName; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) { break; } } if (context.Granted) { break; } } } context.Adjusted = false; _authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) { break; } } _authorizationServiceEventHandler.Complete(context); return(context.Granted); }
public bool TryCheckAccess(Permission permission, IUserInfo user) { var context = new CheckAccessContext { Permission = permission, User = user }; authorizationServiceEventHandler.Checking(context); for (var adjustmentLimiter = 0; adjustmentLimiter != 3; ++adjustmentLimiter) { if (!context.Granted && context.User != null && context.User.SuperUser) { context.Granted = true; } if (!context.Granted) { // determine which set of permissions would satisfy the access check var grantingNames = PermissionNames(context.Permission, Enumerable.Empty <string>()).Distinct().ToArray(); // determine what set of roles should be examined by the access check IEnumerable <string> rolesToExamine; if (context.User == null) { rolesToExamine = anonymousRole; } else { rolesToExamine = roleService.GetRolesForUser(context.User.Id).Select(x => x.Name).ToList(); if (!rolesToExamine.Contains(anonymousRole[0])) { rolesToExamine = rolesToExamine.Concat(authenticatedRole); } } foreach (var role in rolesToExamine) { foreach (var rolePermission in roleService.GetPermissionsForRole(role)) { string possessedName = rolePermission.Name; if (grantingNames.Any(grantingName => String.Equals(possessedName, grantingName, StringComparison.OrdinalIgnoreCase))) { context.Granted = true; } if (context.Granted) { break; } } if (context.Granted) { break; } } } context.Adjusted = false; authorizationServiceEventHandler.Adjust(context); if (!context.Adjusted) { break; } } authorizationServiceEventHandler.Complete(context); return(context.Granted); }