/// <summary> /// Filters the with public access. /// </summary> /// <param name="entityIds">The entity ids.</param> /// <param name="memberId">The member id.</param> /// <param name="publicAccessService">The public access service.</param> /// <returns></returns> public static IEnumerable <HiveId> FilterWithPublicAccess(this IEnumerable <HiveId> entityIds, HiveId memberId, IPublicAccessService publicAccessService) { return(memberId.IsNullValueOrEmpty() ? entityIds.Where(id => !publicAccessService.IsProtected(id)) : entityIds.Where(id => publicAccessService.GetPublicAccessStatus(memberId, id).CanAccess)); }
/// <summary> /// Filters the with public access. /// </summary> /// <param name="entityIds">The entity ids.</param> /// <param name="memberId">The member id.</param> /// <param name="publicAccessService">The public access service.</param> /// <returns></returns> public static IEnumerable<HiveId> FilterWithPublicAccess(this IEnumerable<HiveId> entityIds, HiveId memberId , IPublicAccessService publicAccessService) { return memberId.IsNullValueOrEmpty() ? entityIds.Where(id => !publicAccessService.IsProtected(id)) : entityIds.Where(id => publicAccessService.GetPublicAccessStatus(memberId, id).CanAccess); }
public bool ValidateProtectedContent(string path, string category) { if (category == IndexTypes.Content && !SupportProtectedContent //if the service is null we can't look this up so we'll return false && (_publicAccessService == null || _publicAccessService.IsProtected(path))) { return(false); } return(true); }
public bool ValidateProtectedContent(string path, string category) { if (category == IndexTypes.Content && !SupportProtectedContent) { //if the service is null we can't look this up so we'll return false if (_publicAccessService == null || _scopeProvider == null) { return(false); } // explicit scope since we may be in a background thread using (_scopeProvider.CreateScope(autoComplete: true)) { if (_publicAccessService.IsProtected(path)) { return(false); } } } return(true); }
/// <summary> /// Check if a document object is protected by the "Protect Pages" functionality in umbraco /// </summary> /// <param name="path">The full path of the document object to check</param> /// <returns>True if the document object is protected</returns> public virtual bool IsProtected(string path) { //this is a cached call return(_publicAccessService.IsProtected(path)); }
/// <inheritdoc /> /// <remarks> /// this is a cached call /// </remarks> public Task <bool> IsProtectedAsync(string path) => Task.FromResult(_publicAccessService.IsProtected(path).Success);
/// <inheritdoc /> public async Task <UmbracoRouteValues?> RewriteForPublishedContentAccessAsync( HttpContext httpContext, UmbracoRouteValues routeValues) { // because these might loop, we have to have some sort of infinite loop detection var i = 0; const int maxLoop = 8; PublicAccessStatus publicAccessStatus; do { _logger.LogDebug(nameof(RewriteForPublishedContentAccessAsync) + ": Loop {LoopCounter}", i); IPublishedContent?publishedContent = routeValues.PublishedRequest?.PublishedContent; if (publishedContent == null) { return(routeValues); } var path = publishedContent.Path; Attempt <PublicAccessEntry?> publicAccessAttempt = _publicAccessService.IsProtected(path); if (publicAccessAttempt.Success) { _logger.LogDebug("EnsurePublishedContentAccess: Page is protected, check for access"); // manually authenticate the request AuthenticateResult authResult = await httpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme); if (authResult.Succeeded) { // set the user to the auth result. we need to do this here because this occurs // before the authentication middleware. // NOTE: It would be possible to just pass the authResult to the HasMemberAccessToContentAsync method // instead of relying directly on the user assigned to the http context, and then the auth middleware // will run anyways and assign the user. Perhaps that is a little cleaner, but would require more code // changes right now, and really it's not any different in the end result. httpContext.SetPrincipalForRequest(authResult.Principal); } publicAccessStatus = await _publicAccessChecker.HasMemberAccessToContentAsync(publishedContent.Id); switch (publicAccessStatus) { case PublicAccessStatus.NotLoggedIn: // redirect if this is not the login page if (publicAccessAttempt.Result !.LoginNodeId != publishedContent.Id) { _logger.LogDebug("EnsurePublishedContentAccess: Not logged in, redirect to login page"); routeValues = await SetPublishedContentAsOtherPageAsync( httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.LoginNodeId); } break; case PublicAccessStatus.AccessDenied: // Redirect if this is not the access denied page if (publicAccessAttempt.Result !.NoAccessNodeId != publishedContent.Id) { _logger.LogDebug( "EnsurePublishedContentAccess: Current member has not access, redirect to error page"); routeValues = await SetPublishedContentAsOtherPageAsync( httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId); } break; case PublicAccessStatus.LockedOut: _logger.LogDebug("Current member is locked out, redirect to error page"); routeValues = await SetPublishedContentAsOtherPageAsync( httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId); break; case PublicAccessStatus.NotApproved: _logger.LogDebug("Current member is unapproved, redirect to error page"); routeValues = await SetPublishedContentAsOtherPageAsync( httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId); break; case PublicAccessStatus.AccessAccepted: _logger.LogDebug("Current member has access"); break; } } else { publicAccessStatus = PublicAccessStatus.AccessAccepted; _logger.LogDebug("EnsurePublishedContentAccess: Page is not protected"); } // loop until we have access or reached max loops } while (publicAccessStatus != PublicAccessStatus.AccessAccepted && i++ < maxLoop); if (i == maxLoop) { _logger.LogDebug(nameof(RewriteForPublishedContentAccessAsync) + ": Looks like we are running into an infinite loop, abort"); } return(routeValues); }
/// <inheritdoc /> protected override TreeNode?GetSingleTreeNode(IEntitySlim entity, string parentId, FormCollection?queryStrings) { var culture = queryStrings?["culture"].ToString(); IEnumerable <MenuItem> allowedUserOptions = GetAllowedUserMenuItemsForNode(entity); if (CanUserAccessNode(entity, allowedUserOptions, culture)) { //Special check to see if it is a container, if so then we'll hide children. var isContainer = entity.IsContainer; // && (queryStrings.Get("isDialog") != "true"); TreeNode node = CreateTreeNode( entity, Constants.ObjectTypes.Document, parentId, queryStrings, entity.HasChildren); // set container style if it is one if (isContainer) { node.AdditionalData.Add("isContainer", true); node.SetContainerStyle(); } var documentEntity = (IDocumentEntitySlim)entity; if (!documentEntity.Variations.VariesByCulture()) { if (!documentEntity.Published) { node.SetNotPublishedStyle(); } else if (documentEntity.Edited) { node.SetHasPendingVersionStyle(); } } else { if (!culture.IsNullOrWhiteSpace()) { if (!documentEntity.Published || !documentEntity.PublishedCultures.Contains(culture)) { node.SetNotPublishedStyle(); } else if (documentEntity.EditedCultures.Contains(culture)) { node.SetHasPendingVersionStyle(); } } } node.AdditionalData.Add("variesByCulture", documentEntity.Variations.VariesByCulture()); node.AdditionalData.Add("contentType", documentEntity.ContentTypeAlias); if (_publicAccessService.IsProtected(entity.Path).Success) { node.SetProtectedStyle(); } return(node); } return(null); }