/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity"></param>
/// <param name="action"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, System.Web.Security.MembershipUser user )
{
// If there's no Authorizations object, create it
if ( Authorizations == null )
Load();
// If there's no entry in the Authorizations object for this entity type, return the default authorization
if ( !Authorizations.Keys.Contains( entity.AuthEntity ) )
return entity.DefaultAuthorization( action );
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if ( Authorizations[entity.AuthEntity].Keys.Contains( entity.Id ) &&
Authorizations[entity.AuthEntity][entity.Id].Keys.Contains( action ) )
foreach ( AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action] )
{
if ( authRule.UserOrRoleName == "*" )
return authRule.AllowOrDeny == "A";
if ( user != null )
if ( ( authRule.UserOrRole == "U" && user.UserName == authRule.UserOrRoleName ) ||
( authRule.UserOrRole == "R" && System.Web.Security.Roles.IsUserInRole( user.UserName, authRule.UserOrRoleName ) ) )
return authRule.AllowOrDeny == "A";
}
// If not match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if ( entity.ParentAuthority != null )
return Authorized( entity.ParentAuthority, action, user );
else
return entity.DefaultAuthorization( action );
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity"></param>
/// <param name="action"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, Rock.CMS.User user)
{
// return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
//}
///// <summary>
///// Evaluates whether a selected user is allowed to perform the selected action on the selected
///// entity.
///// </summary>
///// <param name="entity">The entity.</param>
///// <param name="action">The action.</param>
///// <param name="userName">Name of the user.</param>
///// <returns></returns>
//private static bool Authorized( ISecured entity, string action, string userName )
//{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entity.AuthEntity) &&
Authorizations[entity.AuthEntity].Keys.Contains(entity.Id) &&
Authorizations[entity.AuthEntity][entity.Id].Keys.Contains(action))
{
string userName = user != null?user.Person.Guid.ToString() : string.Empty;
foreach (AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action])
{
// All Users
if (authRule.SpecialRole == SpecialRole.AllUsers)
{
return(authRule.AllowOrDeny == "A");
}
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
// All Unauthenticated Users
if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
if (authRule.SpecialRole == SpecialRole.None && userName != string.Empty)
{
// See if person has been authorized to entity
if (authRule.PersonId.HasValue &&
user.PersonId.HasValue &&
authRule.PersonId.Value == user.PersonId.Value)
{
return(authRule.AllowOrDeny == "A");
}
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read(authRule.GroupId.Value);
if (role != null && role.UserInRole(userName))
{
return(authRule.AllowOrDeny == "A");
}
}
}
}
}
// If not match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if (entity.ParentAuthority != null)
{
return(Authorized(entity.ParentAuthority, action, user));
}
else
{
return(entity.DefaultAuthorization(action));
}
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity"></param>
/// <param name="action"></param>
/// <param name="user"></param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, Rock.CMS.User user )
{
// return Authorized( entity, action, user != null ? user.Person.Guid.ToString() : string.Empty );
//}
///// <summary>
///// Evaluates whether a selected user is allowed to perform the selected action on the selected
///// entity.
///// </summary>
///// <param name="entity">The entity.</param>
///// <param name="action">The action.</param>
///// <param name="userName">Name of the user.</param>
///// <returns></returns>
//private static bool Authorized( ISecured entity, string action, string userName )
//{
// If there's no Authorizations object, create it
if ( Authorizations == null )
Load();
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if ( Authorizations.Keys.Contains( entity.AuthEntity ) &&
Authorizations[entity.AuthEntity].Keys.Contains( entity.Id ) &&
Authorizations[entity.AuthEntity][entity.Id].Keys.Contains( action ) )
{
string userName = user != null ? user.Person.Guid.ToString() : string.Empty;
foreach ( AuthRule authRule in Authorizations[entity.AuthEntity][entity.Id][action] )
{
// All Users
if ( authRule.SpecialRole == SpecialRole.AllUsers )
return authRule.AllowOrDeny == "A";
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
return authRule.AllowOrDeny == "A";
// All Unauthenticated Users
if ( authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty )
return authRule.AllowOrDeny == "A";
if ( authRule.SpecialRole == SpecialRole.None && userName != string.Empty )
{
// See if person has been authorized to entity
if ( authRule.PersonId.HasValue &&
user.PersonId.HasValue &&
authRule.PersonId.Value == user.PersonId.Value )
return authRule.AllowOrDeny == "A";
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read( authRule.GroupId.Value );
if ( role != null && role.UserInRole( userName ) )
return authRule.AllowOrDeny == "A";
}
}
}
}
// If not match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if ( entity.ParentAuthority != null )
return Authorized( entity.ParentAuthority, action, user );
else
return entity.DefaultAuthorization( action );
}
