/// <summary>
/// Filters the with public access.
/// </summary>
/// <param name="entityIds">The entity ids.</param>
/// <param name="memberId">The member id.</param>
/// <param name="publicAccessService">The public access service.</param>
/// <returns></returns>
public static IEnumerable <HiveId> FilterWithPublicAccess(this IEnumerable <HiveId> entityIds,
HiveId memberId,
IPublicAccessService publicAccessService)
{
return(memberId.IsNullValueOrEmpty()
? entityIds.Where(id => !publicAccessService.IsProtected(id))
: entityIds.Where(id => publicAccessService.GetPublicAccessStatus(memberId, id).CanAccess));
}
/// <summary>
/// Filters the with public access.
/// </summary>
/// <param name="entityIds">The entity ids.</param>
/// <param name="memberId">The member id.</param>
/// <param name="publicAccessService">The public access service.</param>
/// <returns></returns>
public static IEnumerable<HiveId> FilterWithPublicAccess(this IEnumerable<HiveId> entityIds,
HiveId memberId ,
IPublicAccessService publicAccessService)
{
return memberId.IsNullValueOrEmpty()
? entityIds.Where(id => !publicAccessService.IsProtected(id))
: entityIds.Where(id => publicAccessService.GetPublicAccessStatus(memberId, id).CanAccess);
}
public bool ValidateProtectedContent(string path, string category)
{
if (category == IndexTypes.Content &&
!SupportProtectedContent
//if the service is null we can't look this up so we'll return false
&& (_publicAccessService == null || _publicAccessService.IsProtected(path)))
{
return(false);
}
return(true);
}
public bool ValidateProtectedContent(string path, string category)
{
if (category == IndexTypes.Content && !SupportProtectedContent)
{
//if the service is null we can't look this up so we'll return false
if (_publicAccessService == null || _scopeProvider == null)
{
return(false);
}
// explicit scope since we may be in a background thread
using (_scopeProvider.CreateScope(autoComplete: true))
{
if (_publicAccessService.IsProtected(path))
{
return(false);
}
}
}
return(true);
}
/// <summary>
/// Check if a document object is protected by the "Protect Pages" functionality in umbraco
/// </summary>
/// <param name="path">The full path of the document object to check</param>
/// <returns>True if the document object is protected</returns>
public virtual bool IsProtected(string path)
{
//this is a cached call
return(_publicAccessService.IsProtected(path));
}
/// <inheritdoc /> /// <remarks> /// this is a cached call /// </remarks> public Task <bool> IsProtectedAsync(string path) => Task.FromResult(_publicAccessService.IsProtected(path).Success);
/// <inheritdoc />
public async Task <UmbracoRouteValues?> RewriteForPublishedContentAccessAsync(
HttpContext httpContext,
UmbracoRouteValues routeValues)
{
// because these might loop, we have to have some sort of infinite loop detection
var i = 0;
const int maxLoop = 8;
PublicAccessStatus publicAccessStatus;
do
{
_logger.LogDebug(nameof(RewriteForPublishedContentAccessAsync) + ": Loop {LoopCounter}", i);
IPublishedContent?publishedContent = routeValues.PublishedRequest?.PublishedContent;
if (publishedContent == null)
{
return(routeValues);
}
var path = publishedContent.Path;
Attempt <PublicAccessEntry?> publicAccessAttempt = _publicAccessService.IsProtected(path);
if (publicAccessAttempt.Success)
{
_logger.LogDebug("EnsurePublishedContentAccess: Page is protected, check for access");
// manually authenticate the request
AuthenticateResult authResult =
await httpContext.AuthenticateAsync(IdentityConstants.ApplicationScheme);
if (authResult.Succeeded)
{
// set the user to the auth result. we need to do this here because this occurs
// before the authentication middleware.
// NOTE: It would be possible to just pass the authResult to the HasMemberAccessToContentAsync method
// instead of relying directly on the user assigned to the http context, and then the auth middleware
// will run anyways and assign the user. Perhaps that is a little cleaner, but would require more code
// changes right now, and really it's not any different in the end result.
httpContext.SetPrincipalForRequest(authResult.Principal);
}
publicAccessStatus = await _publicAccessChecker.HasMemberAccessToContentAsync(publishedContent.Id);
switch (publicAccessStatus)
{
case PublicAccessStatus.NotLoggedIn:
// redirect if this is not the login page
if (publicAccessAttempt.Result !.LoginNodeId != publishedContent.Id)
{
_logger.LogDebug("EnsurePublishedContentAccess: Not logged in, redirect to login page");
routeValues = await SetPublishedContentAsOtherPageAsync(
httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.LoginNodeId);
}
break;
case PublicAccessStatus.AccessDenied:
// Redirect if this is not the access denied page
if (publicAccessAttempt.Result !.NoAccessNodeId != publishedContent.Id)
{
_logger.LogDebug(
"EnsurePublishedContentAccess: Current member has not access, redirect to error page");
routeValues = await SetPublishedContentAsOtherPageAsync(
httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId);
}
break;
case PublicAccessStatus.LockedOut:
_logger.LogDebug("Current member is locked out, redirect to error page");
routeValues = await SetPublishedContentAsOtherPageAsync(
httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId);
break;
case PublicAccessStatus.NotApproved:
_logger.LogDebug("Current member is unapproved, redirect to error page");
routeValues = await SetPublishedContentAsOtherPageAsync(
httpContext, routeValues.PublishedRequest, publicAccessAttempt.Result !.NoAccessNodeId);
break;
case PublicAccessStatus.AccessAccepted:
_logger.LogDebug("Current member has access");
break;
}
}
else
{
publicAccessStatus = PublicAccessStatus.AccessAccepted;
_logger.LogDebug("EnsurePublishedContentAccess: Page is not protected");
}
// loop until we have access or reached max loops
} while (publicAccessStatus != PublicAccessStatus.AccessAccepted && i++ < maxLoop);
if (i == maxLoop)
{
_logger.LogDebug(nameof(RewriteForPublishedContentAccessAsync) +
": Looks like we are running into an infinite loop, abort");
}
return(routeValues);
}
/// <inheritdoc />
protected override TreeNode?GetSingleTreeNode(IEntitySlim entity, string parentId, FormCollection?queryStrings)
{
var culture = queryStrings?["culture"].ToString();
IEnumerable <MenuItem> allowedUserOptions = GetAllowedUserMenuItemsForNode(entity);
if (CanUserAccessNode(entity, allowedUserOptions, culture))
{
//Special check to see if it is a container, if so then we'll hide children.
var isContainer = entity.IsContainer; // && (queryStrings.Get("isDialog") != "true");
TreeNode node = CreateTreeNode(
entity,
Constants.ObjectTypes.Document,
parentId,
queryStrings,
entity.HasChildren);
// set container style if it is one
if (isContainer)
{
node.AdditionalData.Add("isContainer", true);
node.SetContainerStyle();
}
var documentEntity = (IDocumentEntitySlim)entity;
if (!documentEntity.Variations.VariesByCulture())
{
if (!documentEntity.Published)
{
node.SetNotPublishedStyle();
}
else if (documentEntity.Edited)
{
node.SetHasPendingVersionStyle();
}
}
else
{
if (!culture.IsNullOrWhiteSpace())
{
if (!documentEntity.Published || !documentEntity.PublishedCultures.Contains(culture))
{
node.SetNotPublishedStyle();
}
else if (documentEntity.EditedCultures.Contains(culture))
{
node.SetHasPendingVersionStyle();
}
}
}
node.AdditionalData.Add("variesByCulture", documentEntity.Variations.VariesByCulture());
node.AdditionalData.Add("contentType", documentEntity.ContentTypeAlias);
if (_publicAccessService.IsProtected(entity.Path).Success)
{
node.SetProtectedStyle();
}
return(node);
}
return(null);
}
