/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity"></param> /// <param name="action"></param> /// <param name="user"></param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, System.Web.Security.MembershipUser user ) { // If there's no Authorizations object, create it if ( Authorizations == null ) Load(); // If there's no entry in the Authorizations object for this entity type, return the default authorization if ( !Authorizations.Keys.Contains( entity.AuthEntity ) ) return entity.DefaultAuthorization( action ); // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if ( Authorizations[entity.AuthEntity].Keys.Contains( entity.Id ) && Authorizations[entity.AuthEntity][entity.Id].Keys.Contains( action ) ) foreach ( AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action] ) { if ( authRule.UserOrRoleName == "*" ) return authRule.AllowOrDeny == "A"; if ( user != null ) if ( ( authRule.UserOrRole == "U" && user.UserName == authRule.UserOrRoleName ) || ( authRule.UserOrRole == "R" && System.Web.Security.Roles.IsUserInRole( user.UserName, authRule.UserOrRoleName ) ) ) return authRule.AllowOrDeny == "A"; } // If not match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if ( entity.ParentAuthority != null ) return Authorized( entity.ParentAuthority, action, user ); else return entity.DefaultAuthorization( action ); }
/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity"></param> /// <param name="action"></param> /// <param name="user"></param> /// <returns></returns> public static bool Authorized(ISecured entity, string action, Rock.CMS.User user) { // return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty ); //} ///// <summary> ///// Evaluates whether a selected user is allowed to perform the selected action on the selected ///// entity. ///// </summary> ///// <param name="entity">The entity.</param> ///// <param name="action">The action.</param> ///// <param name="userName">Name of the user.</param> ///// <returns></returns> //private static bool Authorized( ISecured entity, string action, string userName ) //{ // If there's no Authorizations object, create it if (Authorizations == null) { Load(); } // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if (Authorizations.Keys.Contains(entity.AuthEntity) && Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) && Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action)) { string userName = user != null?user.Person.Guid.ToString() : string.Empty; foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action]) { // All Users if (authRule.SpecialRole == SpecialRole.AllUsers) { return(authRule.AllowOrDeny == "A"); } // All Authenticated Users if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty) { return(authRule.AllowOrDeny == "A"); } // All Unauthenticated Users if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty) { return(authRule.AllowOrDeny == "A"); } if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty) { // See if person has been authorized to entity if (authRule.PersonId.HasValue && user.PersonId.HasValue && authRule.PersonId.Value == user.PersonId.Value) { return(authRule.AllowOrDeny == "A"); } // See if person is in role authorized if (authRule.GroupId.HasValue) { Role role = Role.Read(authRule.GroupId.Value); if (role != null && role.UserInRole(userName)) { return(authRule.AllowOrDeny == "A"); } } } } } // If not match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if (entity.ParentAuthority != null) { return(Authorized(entity.ParentAuthority, action, user)); } else { return(entity.DefaultAuthorization(action)); } }
/// <summary> /// Evaluates whether a selected user is allowed to perform the selected action on the selected /// entity. /// </summary> /// <param name="entity"></param> /// <param name="action"></param> /// <param name="user"></param> /// <returns></returns> public static bool Authorized( ISecured entity, string action, Rock.CMS.User user ) { // return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty ); //} ///// <summary> ///// Evaluates whether a selected user is allowed to perform the selected action on the selected ///// entity. ///// </summary> ///// <param name="entity">The entity.</param> ///// <param name="action">The action.</param> ///// <param name="userName">Name of the user.</param> ///// <returns></returns> //private static bool Authorized( ISecured entity, string action, string userName ) //{ // If there's no Authorizations object, create it if ( Authorizations == null ) Load(); // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each // one to find the first one specific to the selected user or a role that the selected user belongs // to. If a match is found return whether the user is allowed (true) or denied (false) access if ( Authorizations.Keys.Contains( entity.AuthEntity ) && Authorizations[entity.AuthEntity].Keys.Contains( entity.Id ) && Authorizations[entity.AuthEntity][entity.Id].Keys.Contains( action ) ) { string userName = user != null ? user.Person.Guid.ToString() : string.Empty; foreach ( AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action] ) { // All Users if ( authRule.SpecialRole == SpecialRole.AllUsers ) return authRule.AllowOrDeny == "A"; // All Authenticated Users if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty) return authRule.AllowOrDeny == "A"; // All Unauthenticated Users if ( authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty ) return authRule.AllowOrDeny == "A"; if ( authRule.SpecialRole == SpecialRole.None && userName != string.Empty ) { // See if person has been authorized to entity if ( authRule.PersonId.HasValue && user.PersonId.HasValue && authRule.PersonId.Value == user.PersonId.Value ) return authRule.AllowOrDeny == "A"; // See if person is in role authorized if (authRule.GroupId.HasValue) { Role role = Role.Read( authRule.GroupId.Value ); if ( role != null && role.UserInRole( userName ) ) return authRule.AllowOrDeny == "A"; } } } } // If not match was found for the selected user on the current entity instance, check to see if the instance // has a parent authority defined and if so evaluate that entities authorization rules. If there is no // parent authority return the defualt authorization if ( entity.ParentAuthority != null ) return Authorized( entity.ParentAuthority, action, user ); else return entity.DefaultAuthorization( action ); }