/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="specialRole">The special role.</param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, SpecialRole specialRole)
{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
var entityTypeId = entity.TypeId;
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entityTypeId) &&
Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
{
foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
{
if (authRule.SpecialRole == specialRole)
{
return(authRule.AllowOrDeny == "A");
}
}
}
// If no match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if (entity.ParentAuthority != null)
{
return(Authorized(entity.ParentAuthority, action, specialRole));
}
else
{
return(entity.IsAllowedByDefault(action));
}
}
/// <summary>
/// Evaluates whether a selected person is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, Rock.Model.Person person)
{
return(ItemAuthorized(entity, action, person) ?? entity.IsAllowedByDefault(action));
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="specialRole">The special role.</param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, SpecialRole specialRole)
{
return(ItemAuthorized(entity, action, specialRole) ?? entity.IsAllowedByDefault(action));
}
/// <summary>
/// Evaluates whether a selected person is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <returns></returns>
public static bool Authorized(ISecured entity, string action, Rock.Model.Person person)
{
// If there's no Authorizations object, create it
if (Authorizations == null)
{
Load();
}
var entityTypeId = entity.TypeId;
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if (Authorizations.Keys.Contains(entityTypeId) &&
Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
{
string userName = person != null?person.Guid.ToString() : string.Empty;
foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
{
// All Users
if (authRule.SpecialRole == SpecialRole.AllUsers)
{
return(authRule.AllowOrDeny == "A");
}
// All Authenticated Users
if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
// All Unauthenticated Users
if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
{
return(authRule.AllowOrDeny == "A");
}
if (authRule.SpecialRole == SpecialRole.None && person != null)
{
// See if person has been authorized to entity
if (authRule.PersonId.HasValue &&
authRule.PersonId.Value == person.Id)
{
return(authRule.AllowOrDeny == "A");
}
// See if person is in role authorized
if (authRule.GroupId.HasValue)
{
Role role = Role.Read(authRule.GroupId.Value);
if (role != null && role.IsUserInRole(userName))
{
return(authRule.AllowOrDeny == "A");
}
}
}
}
}
// If no match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if (entity.ParentAuthority != null)
{
return(Authorized(entity.ParentAuthority, action, person));
}
else
{
return(entity.IsAllowedByDefault(action));
}
}
/// <summary>
/// Evaluates whether a selected person is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <param name="rockContext">The rock context.</param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, Rock.Model.Person person, RockContext rockContext = null )
{
// If there's no Authorizations object, create it
if ( Authorizations == null )
{
rockContext = rockContext ?? new RockContext();
Load( rockContext );
}
var entityTypeId = entity.TypeId;
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if ( Authorizations.Keys.Contains( entityTypeId ) &&
Authorizations[entityTypeId].Keys.Contains( entity.Id ) &&
Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) )
{
string userName = person != null ? person.Guid.ToString() : string.Empty;
foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] )
{
// All Users
if ( authRule.SpecialRole == SpecialRole.AllUsers )
{
return authRule.AllowOrDeny == "A";
}
// All Authenticated Users
if ( authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty )
{
return authRule.AllowOrDeny == "A";
}
// All Unauthenticated Users
if ( authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty )
{
return authRule.AllowOrDeny == "A";
}
if ( authRule.SpecialRole == SpecialRole.None && person != null )
{
// See if person has been authorized to entity
if ( authRule.PersonId.HasValue &&
authRule.PersonId.Value == person.Id )
{
return authRule.AllowOrDeny == "A";
}
// See if person is in role authorized
if ( authRule.GroupId.HasValue )
{
Role role = Role.Read( authRule.GroupId.Value );
if ( role != null && role.IsUserInRole( userName ) )
{
return authRule.AllowOrDeny == "A";
}
}
}
}
}
// If no match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if ( entity.ParentAuthority != null )
{
return Authorized( entity.ParentAuthority, action, person );
}
else
{
return entity.IsAllowedByDefault( action );
}
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="specialRole">The special role.</param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, SpecialRole specialRole )
{
// If there's no Authorizations object, create it
if ( Authorizations == null )
{
Load( new RockContext() );
}
var entityTypeId = entity.TypeId;
// If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
// one to find the first one specific to the selected user or a role that the selected user belongs
// to. If a match is found return whether the user is allowed (true) or denied (false) access
if ( Authorizations.Keys.Contains( entityTypeId ) &&
Authorizations[entityTypeId].Keys.Contains( entity.Id ) &&
Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) )
{
foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] )
{
if ( authRule.SpecialRole == specialRole )
{
return authRule.AllowOrDeny == "A";
}
}
}
// If no match was found for the selected user on the current entity instance, check to see if the instance
// has a parent authority defined and if so evaluate that entities authorization rules. If there is no
// parent authority return the defualt authorization
if ( entity.ParentAuthority != null )
{
return Authorized( entity.ParentAuthority, action, specialRole );
}
else
{
return entity.IsAllowedByDefault( action );
}
}
/// <summary>
/// Evaluates whether a selected person is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="person">The person.</param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, Rock.Model.Person person )
{
return ItemAuthorized( entity, action, person, true, true ) ?? entity.IsAllowedByDefault( action );
}
/// <summary>
/// Evaluates whether a selected user is allowed to perform the selected action on the selected
/// entity.
/// </summary>
/// <param name="entity">The entity.</param>
/// <param name="action">The action.</param>
/// <param name="specialRole">The special role.</param>
/// <returns></returns>
public static bool Authorized( ISecured entity, string action, SpecialRole specialRole )
{
return ItemAuthorized( entity, action, specialRole, true, true ) ?? entity.IsAllowedByDefault( action );
}
