protected override void ProcessRequest(HttpContext context, ICmsEntityServiceProvider serviceProvider, Guid portalScopeId, IPortalContext portal, OrganizationServiceContext serviceContext, Entity entity, CmsEntityMetadata entityMetadata, ICrmEntitySecurityProvider security)
{
if (!IsRequestMethod(context.Request, "GET"))
{
throw new CmsEntityServiceException(HttpStatusCode.MethodNotAllowed, "Request method {0} not allowed for this resource.".FormatWith(context.Request.HttpMethod));
}
var children = GetChildren(serviceContext, entity, entityMetadata)
.Where(child => security.TryAssert(serviceContext, child, CrmEntityRight.Read))
.ToList();
children.Sort(new EntitySiteMapDisplayOrderComparer());
var entityMetadataCache = new Dictionary <string, CmsEntityMetadata>();
var childInfos = children.Select(e =>
{
var info = new ExtendedSiteMapChildInfo
{
Title = GetChildTitle(e),
EntityUri = VirtualPathUtility.ToAbsolute(CmsEntityRouteHandler.GetAppRelativePath(portalScopeId, e.ToEntityReference())),
HasPermission = security.TryAssert(serviceContext, e, CrmEntityRight.Change),
Id = e.Id,
LogicalName = e.LogicalName,
HiddenFromSiteMap = e.Attributes.Contains("adx_hiddenfromsitemap") && e.GetAttributeValue <bool?>("adx_hiddenfromsitemap").GetValueOrDefault(),
Url = e.Contains("adx_partialurl") ? e.GetAttributeValue <string>("adx_partialurl") : null
};
CmsEntityMetadata childEntityMetadata;
if (TryGetEntityMetadata(serviceContext, e.LogicalName, entityMetadataCache, out childEntityMetadata))
{
if (childEntityMetadata.HasAttribute("adx_displayorder"))
{
info.DisplayOrder = e.Attributes.Contains("adx_displayorder") ? e.GetAttributeValue <int?>("adx_displayorder") : null;
info.DisplayOrderPropertyName = "adx_displayorder";
}
}
return(info);
}).ToArray();
var childJson = SerializeChildInfos(childInfos);
WriteResponse(context.Response, new JObject
{
{ "d", new JRaw(childJson) }
});
}
protected virtual void AssertRequestEntitySecurity(IPortalContext portal, OrganizationServiceContext serviceContext, Entity entity, ICrmEntitySecurityProvider security)
{
if (!security.TryAssert(serviceContext, entity, CrmEntityRight.Change))
{
throw new CmsEntityServiceException(HttpStatusCode.Forbidden, "Entity access denied.");
}
}
protected virtual bool TryAssertReadPermission(OrganizationServiceContext serviceContext, ICrmEntitySecurityProvider securityProvider, Entity forumThread, IDictionary <Guid, bool> forumPermissionCache)
{
if (forumThread == null)
{
throw new ArgumentNullException("forumThread");
}
if (forumThread.LogicalName != "adx_communityforumthread")
{
throw new ArgumentException(string.Format("Value must have logical name {0}.", forumThread.LogicalName), "forumThread");
}
var forumReference = forumThread.GetAttributeValue <EntityReference>("adx_forumid");
if (forumReference == null)
{
throw new ArgumentException(string.Format("Value must have entity reference attribute {0}.", "adx_forumid"), "forumThread");
}
bool cachedResult;
if (forumPermissionCache.TryGetValue(forumReference.Id, out cachedResult))
{
return(cachedResult);
}
var blog = forumThread.GetRelatedEntity(serviceContext, "adx_communityforum_communityforumthread");
var result = securityProvider.TryAssert(serviceContext, blog, CrmEntityRight.Read);
forumPermissionCache[blog.Id] = result;
return(result);
}
public ActionResult GetIndexView(string number, OrganizationServiceContext serviceContext, ICrmEntitySecurityProvider securityProvider, IEntityUrlProvider urlProvider)
{
var category = serviceContext.RetrieveSingle("category",
FetchAttribute.All,
new Condition("categorynumber", ConditionOperator.Equal, number));
if (category == null)
{
return(RedirectToPageNotFound());
}
if (!securityProvider.TryAssert(serviceContext, category, CrmEntityRight.Read))
{
return(RedirectToAccessDeniedPage());
}
var categoryDataAdapter = new CategoryDataAdapter(category);
// Retrieve related articles from knowledgearticlescategories
var relatedArticles = categoryDataAdapter.SelectRelatedArticles();
// Retrieve Child Categories
var childCategories = categoryDataAdapter.SelectChildCategories();
var categoryViewModel = new CategoryViewModel
{
RelatedArticles = relatedArticles,
ChildCategories = childCategories,
Number = category.GetAttributeValue <string>("categorynumber"),
Title = category.GetAttributeValue <string>("title")
};
return(View(categoryViewModel));
}
protected virtual bool TryAssertBlogPostRight(OrganizationServiceContext serviceContext, ICrmEntitySecurityProvider securityProvider, Entity blogPost, CrmEntityRight right, IDictionary <Guid, bool> blogPermissionCache)
{
if (blogPost == null)
{
throw new ArgumentNullException("blogPost");
}
if (blogPost.LogicalName != "adx_blogpost")
{
throw new ArgumentException(string.Format("Value must have logical name {0}.", blogPost.LogicalName), "blogPost");
}
var blogReference = blogPost.GetAttributeValue <EntityReference>("adx_blogid");
if (blogReference == null)
{
throw new ArgumentException(string.Format("Value must have entity reference attribute {0}.", "adx_blogid"), "blogPost");
}
bool cachedResult;
if (blogPermissionCache.TryGetValue(blogReference.Id, out cachedResult))
{
return(cachedResult);
}
var fetch = new Fetch
{
Entity = new FetchEntity("adx_blog")
{
Filters = new[]
{
new Filter
{
Conditions = new[]
{
new Condition("adx_blogid", ConditionOperator.Equal, blogReference.Id),
new Condition("statecode", ConditionOperator.Equal, 0)
}
}
}
}
};
var blog = serviceContext.RetrieveSingle(fetch);
var result = securityProvider.TryAssert(serviceContext, blog, right);
blogPermissionCache[blogReference.Id] = result;
return(result);
}
public bool Validate(OrganizationServiceContext context, CrmSiteMapNode node)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (node == null || node.Entity == null)
{
return(false);
}
var entity = context.MergeClone(node.Entity);
return(_securityProvider.TryAssert(context, entity, CrmEntityRight.Read));
}
protected override void ProcessRequest(HttpContext context, ICmsEntityServiceProvider serviceProvider, Guid portalScopeId, IPortalContext portal, OrganizationServiceContext serviceContext, Entity entity, CmsEntityMetadata entityMetadata, ICrmEntitySecurityProvider security)
{
var relationshipSchemaName = string.IsNullOrWhiteSpace(RelationshipSchemaName) ? context.Request.Params["relationshipSchemaName"] : RelationshipSchemaName;
if (string.IsNullOrWhiteSpace(relationshipSchemaName))
{
throw new CmsEntityServiceException(HttpStatusCode.BadRequest, "Unable to determine entity relationship schema name from request.");
}
var match = _relationshipSchemaNameRegex.Match(relationshipSchemaName);
if (!match.Success)
{
throw new CmsEntityServiceException(HttpStatusCode.BadRequest, "Unable to determine entity relationship schema name from request.");
}
var schemaName = match.Groups["schemaName"].Value;
if (string.IsNullOrWhiteSpace(schemaName))
{
throw new CmsEntityServiceException(HttpStatusCode.BadRequest, "Unable to determine entity relationship schema name from request.");
}
var entityRole = match.Groups["entityRole"].Value;
EntityRole parsedRole;
var relationship = new Relationship(schemaName)
{
PrimaryEntityRole = Enum.TryParse(entityRole, true, out parsedRole) ? new EntityRole?(parsedRole) : null
};
CmsEntityRelationshipInfo relationshipInfo;
if (!entityMetadata.TryGetRelationshipInfo(relationship, out relationshipInfo))
{
throw new CmsEntityServiceException(HttpStatusCode.NotFound, "Entity relationship not found.");
}
// If the current request entity is the current website, do security handling here, since we skipped it earlier.
if (entity.ToEntityReference().Equals(portal.Website.ToEntityReference()))
{
AssertRequestEntitySecurity(portal, serviceContext, entity, security, CreateWebsiteAccessPermissionProvider(portal), relationshipInfo);
}
if (IsRequestMethod(context.Request, "GET"))
{
if (relationshipInfo.IsCollection)
{
var readableRelatedEntities = entity.GetRelatedEntities(serviceContext, relationship)
.Where(e => security.TryAssert(serviceContext, e, CrmEntityRight.Read));
var entityMetadataLookup = new Dictionary <string, CmsEntityMetadata>();
var entityJsonObjects = readableRelatedEntities.Select(e =>
{
CmsEntityMetadata relatedEntityMetadata;
if (!entityMetadataLookup.TryGetValue(e.LogicalName, out relatedEntityMetadata))
{
relatedEntityMetadata = new CmsEntityMetadata(serviceContext, e.LogicalName);
entityMetadataLookup[e.LogicalName] = relatedEntityMetadata;
}
return(GetEntityJson(context, serviceProvider, portalScopeId, portal, serviceContext, e, relatedEntityMetadata));
});
WriteResponse(context.Response, new JObject
{
{ "d", new JArray(entityJsonObjects) }
});
}
else
{
var relatedEntity = entity.GetRelatedEntity(serviceContext, relationship);
if (relatedEntity == null)
{
throw new CmsEntityServiceException(HttpStatusCode.NotFound, "Related entity not found.");
}
if (!security.TryAssert(serviceContext, relatedEntity, CrmEntityRight.Read))
{
throw new CmsEntityServiceException(HttpStatusCode.Forbidden, "Related entity access denied.");
}
WriteResponse(context.Response, new JObject
{
{ "d", GetEntityJson(context, serviceProvider, portalScopeId, portal, serviceContext, relatedEntity, new CmsEntityMetadata(serviceContext, relatedEntity.LogicalName)) }
});
}
return;
}
if (IsRequestMethod(context.Request, "POST"))
{
if (relationshipInfo.IsCollection)
{
OneToManyRelationshipMetadata relationshipMetadata;
if (!entityMetadata.TryGetOneToManyRelationshipMetadata(relationship, out relationshipMetadata))
{
throw new CmsEntityServiceException(HttpStatusCode.BadRequest, "Unable to retrieve the one-to-many relationship metadata for relationship {0} on entity type".FormatWith(relationship.ToSchemaName("."), entity.LogicalName));
}
var relatedEntity = CreateEntityOfType(serviceContext, relationshipMetadata.ReferencingEntity);
var relatedEntityMetadata = new CmsEntityMetadata(serviceContext, relatedEntity.LogicalName);
var extensions = UpdateEntityFromJsonRequestBody(context.Request, serviceContext, relatedEntity, relatedEntityMetadata);
var preImage = relatedEntity.Clone(false);
// Ensure the reference to the target entity is set.
relatedEntity.SetAttributeValue(relationshipMetadata.ReferencingAttribute, new EntityReference(entity.LogicalName, entity.GetAttributeValue <Guid>(relationshipMetadata.ReferencedAttribute)));
serviceProvider.InterceptChange(context, portal, serviceContext, relatedEntity, relatedEntityMetadata, CmsEntityOperation.Create, preImage);
serviceContext.AddObject(relatedEntity);
serviceProvider.InterceptExtensionChange(context, portal, serviceContext, relatedEntity, relatedEntityMetadata, extensions, CmsEntityOperation.Create);
serviceContext.SaveChanges();
var refetchedEntity = serviceContext.CreateQuery(relatedEntity.LogicalName)
.FirstOrDefault(e => e.GetAttributeValue <Guid>(relatedEntityMetadata.PrimaryIdAttribute) == relatedEntity.Id);
if (refetchedEntity == null)
{
throw new CmsEntityServiceException(HttpStatusCode.InternalServerError, "Unable to retrieve the created entity.");
}
WriteResponse(context.Response, new JObject
{
{ "d", GetEntityJson(context, serviceProvider, portalScopeId, portal, serviceContext, refetchedEntity, relatedEntityMetadata) }
}, HttpStatusCode.Created);
}
else
{
OneToManyRelationshipMetadata relationshipMetadata;
if (!entityMetadata.TryGetManyToOneRelationshipMetadata(relationship, out relationshipMetadata))
{
throw new CmsEntityServiceException(HttpStatusCode.BadRequest, "Unable to retrieve the many-to-one relationship metadata for relationship {0} on entity type".FormatWith(relationship.ToSchemaName("."), entity.LogicalName));
}
var relatedEntity = CreateEntityOfType(serviceContext, relationshipMetadata.ReferencedEntity);
var relatedEntityMetadata = new CmsEntityMetadata(serviceContext, relatedEntity.LogicalName);
var extensions = UpdateEntityFromJsonRequestBody(context.Request, serviceContext, relatedEntity, relatedEntityMetadata);
serviceProvider.InterceptChange(context, portal, serviceContext, relatedEntity, relatedEntityMetadata, CmsEntityOperation.Create);
serviceContext.AddObject(relatedEntity);
serviceContext.AddLink(relatedEntity, relationship, entity);
serviceProvider.InterceptExtensionChange(context, portal, serviceContext, relatedEntity, relatedEntityMetadata, extensions, CmsEntityOperation.Create);
serviceContext.SaveChanges();
var refetchedEntity = serviceContext.CreateQuery(relatedEntity.LogicalName)
.FirstOrDefault(e => e.GetAttributeValue <Guid>(relatedEntityMetadata.PrimaryIdAttribute) == relatedEntity.Id);
if (refetchedEntity == null)
{
throw new CmsEntityServiceException(HttpStatusCode.InternalServerError, "Unable to retrieve the created entity.");
}
WriteResponse(context.Response, new JObject
{
{ "d", GetEntityJson(context, serviceProvider, portalScopeId, portal, serviceContext, refetchedEntity, relatedEntityMetadata) }
}, HttpStatusCode.Created);
}
return;
}
throw new CmsEntityServiceException(HttpStatusCode.MethodNotAllowed, "Request method {0} not allowed for this resource.".FormatWith(context.Request.HttpMethod));
}
private bool HasRight <TEntity>(OrganizationServiceContext context, TEntity entity, CrmEntityRight right) where TEntity : Entity
{
return(_securityProvider.TryAssert(context, entity, right));
}
private static bool TryAssertEditable(OrganizationServiceContext serviceContext, Entity entity, ICrmEntitySecurityProvider securityProvider)
{
return(securityProvider.TryAssert(serviceContext, entity, CrmEntityRight.Change));
}