public dynamic DialogSettings(IInstanceContext context, ContextBuilderBase contextBuilder, int appId) { IApp app = null; // if we have an appid (we don't have it in an install-new-apps-scenario) check permissions if (appId != 0 && appId != Eav.Constants.AppIdEmpty) { var appAndPerms = new MultiPermissionsApp().Init(context, GetApp(appId, null), Log); if (!appAndPerms.ZoneIsOfCurrentContextOrUserIsSuper(out var error)) { throw HttpException.PermissionDenied(error); } app = appAndPerms.App; } var cb = contextBuilder.InitApp(app?.ZoneId, app); return(new { // TODO: Deprecate PARAMS these properties as soon as old UI is gone //IsContent = app?.AppGuid == "Default", //Language = psCurrent.CultureCode, //LanguageDefault = psCurrent.DefaultLanguage, //AppPath = app?.Path, //GettingStartedUrl = cb.GettingStartedUrl(), // END TODO Context = cb.Get(Ctx.All), }); }
public IEnumerable <ViewDto> ViewUsage(IInstanceContext context, int appId, Guid guid, Func <List <IView>, List <BlockConfiguration>, IEnumerable <ViewDto> > finalBuilder) { var wrapLog = Log.Call <IEnumerable <ViewDto> >($"{appId}, {guid}"); // extra security to only allow zone change if host user var permCheck = new MultiPermissionsApp().Init(context, GetApp(appId, null), Log); if (!permCheck.EnsureAll(GrantSets.ReadSomething, out var error)) { throw HttpException.PermissionDenied(error); } var cms = new CmsRuntime(appId, Log, true); // treat view as a list - in case future code will want to analyze many views together var views = new List <IView> { cms.Views.Get(guid) }; var blocks = cms.Blocks.AllWithView(); Log.Add($"Found {blocks.Count} content blocks"); var result = finalBuilder(views, blocks); return(wrapLog("ok", result)); }
public dynamic Usage(int appId, Guid guid) { var wrapLog = Log.Call <dynamic>($"{appId}, {guid}"); // extra security to only allow zone change if host user var permCheck = new MultiPermissionsApp(BlockBuilder, appId, Log); if (!permCheck.EnsureAll(GrantSets.ReadSomething, out var exception)) { throw exception; } var cms = new CmsRuntime(appId, Log, true); // treat view as a list - in case future code will want to analyze many views together var views = new List <IView> { cms.Views.Get(guid) }; var blocks = cms.Blocks.AllWithView(); Log.Add($"Found {blocks.Count} content blocks"); // create array with all 2sxc modules in this portal var allMods = new Pages(Log).AllModulesWithContent(PortalSettings.PortalId); Log.Add($"Found {allMods.Count} modules"); var result = views.Select(vwb => new ViewDto(vwb, blocks, allMods)); return(wrapLog("ok", result)); }
public dynamic DialogSettings(int appId) { var appAndPerms = new MultiPermissionsApp(SxcInstance, appId, Log); if (!appAndPerms.ZoneIsOfCurrentContextOrUserIsSuper(out var exp)) { throw exp; } //var appIdentity = new AppPermissionBeforeUsing(SxcInstance, Log) // .GetAppIdentityOrThrowIfNotAllowed(appId); var app = appAndPerms.App; //App app = null; //try //{ // app = new App(new DnnTenant(PortalSettings.Current), appIdentity.ZoneId, appIdentity.AppId, false, Log); //} //catch (KeyNotFoundException) {} return(new { IsContent = app?.AppGuid == "Default", Language = PortalSettings.Current.CultureCode, LanguageDefault = PortalSettings.Current.DefaultLanguage, GettingStartedUrl = app == null ? "" : IntroductionToAppUrl(app) }); }
internal static IEnumerable <Feature> FeatureListWithPermissionCheck(MultiPermissionsApp permCheck) { // if the user has full edit permissions, he may also get the un-public features // otherwise just the public Ui features var includeNonPublic = permCheck.UserMayOnAll(GrantSets.WritePublished); return(Eav.Configuration.Features.Ui.Where(f => includeNonPublic || f.Public == true)); }
public Guid?SaveTemplateId(int templateId, bool forceCreateContentGroup) { var permCheck = new MultiPermissionsApp(BlockBuilder, App.AppId, Log); if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exp)) { throw exp; } return(BlockEditor.SaveTemplateId(templateId, forceCreateContentGroup)); }
public Guid?SaveTemplateId(int templateId, bool forceCreateContentGroup) { var permCheck = new MultiPermissionsApp().Init(_context, _block.App, Log); if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var error)) { throw HttpException.PermissionDenied(error); } return(BlockEditorBase.GetEditor(_block).SaveTemplateId(templateId, forceCreateContentGroup)); }
public Guid?SaveTemplateId(int templateId, bool forceCreateContentGroup) { var permCheck = new MultiPermissionsApp(SxcInstance, App.AppId, Log); if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exp)) { throw exp; } return(ContentGroupReferenceManager.SaveTemplateId(templateId, forceCreateContentGroup)); }
public string ResolveHyperlink(string hyperlink, int appId, string contentType, Guid guid, string field) { try { // different security checks depending on the link-type var lookupPage = hyperlink.Trim().StartsWith("page", StringComparison.OrdinalIgnoreCase); // look it up first, because we need to know if the result is in ADAM or not (different security scenario) var conv = new DnnValueConverter(); var resolved = conv.Convert(ConversionScenario.GetFriendlyValue, "Hyperlink", hyperlink); if (lookupPage) { // page link - only resolve if the user has edit-permissions // only people who have some full edit permissions may actually look up pages var permCheckPage = new MultiPermissionsApp(SxcInstance, appId, Log); return(permCheckPage.UserMayOnAll(GrantSets.WritePublished) ? resolved : hyperlink); } // for file, we need guid & field - otherwise return the original unmodified if (guid == default(Guid) || string.IsNullOrEmpty(field) || string.IsNullOrEmpty(contentType)) { return(hyperlink); } var isOutsideOfAdam = !(resolved.IndexOf("/adam/", StringComparison.Ordinal) > 0); // file-check, more abilities to allow // this will already do a ensure-or-throw inside it if outside of adam var adamCheck = new AdamSecureState(SxcInstance, appId, contentType, field, guid, isOutsideOfAdam, Log); if (!adamCheck.SuperUserOrAccessingItemFolder(resolved, out var exp)) { throw exp; } if (!adamCheck.UserIsPermittedOnField(GrantSets.ReadSomething, out exp)) { throw exp; } // if everythig worked till now, it's ok to return the result return(resolved); } catch { return(hyperlink); } }
public dynamic Usage(IInstanceContext context, IApp app, Guid guid) { var permCheck = new MultiPermissionsApp().Init(context, app, Log); if (!permCheck.EnsureAll(GrantSets.ReadSomething, out var error)) { throw HttpException.PermissionDenied(error); } var appData = permCheck.App.Data; var item = appData.List.One(guid); var relationships = item.Relationships.AllRelationships; // var result = relationships.Select(r => new EntityInRelationDto(r.)) // todo: don't forget Metadata relationships return(null); }
public dynamic Usage(int appId, Guid guid) { var permCheck = new MultiPermissionsApp(BlockBuilder, appId, Log); if (!permCheck.EnsureAll(GrantSets.ReadSomething, out var exception)) { throw exception; } var appData = permCheck.App.Data; var item = appData.List.One(guid); var relationships = item.Relationships.AllRelationships; // var result = relationships.Select(r => new EntityInRelationDto(r.)) // todo: don't forget Metadata relationships return(null); }
public dynamic DialogSettings(int appId) { var appAndPerms = new MultiPermissionsApp(BlockBuilder, appId, Log); if (!appAndPerms.ZoneIsOfCurrentContextOrUserIsSuper(out var exp)) { throw exp; } var app = appAndPerms.App; return(new { IsContent = app?.AppGuid == "Default", Language = PortalSettings.Current.CultureCode, LanguageDefault = PortalSettings.Current.DefaultLanguage, GettingStartedUrl = app == null ? "" : IntroductionToAppUrl(app), AppPath = app?.Path }); }
internal static IEnumerable <Feature> FeatureListWithPermissionCheck(int appId, MultiPermissionsApp permCheck) { // if the user has full edit permissions, he may also get the unpublic features // otherwise just the public Ui features //var permCheck = new AppAndPermissions(sxcInstance, appId, log); //if (permCheck.Permissions == null) // permCheck.GetTypePermissionChecker(null); var includeNonPublic = permCheck.UserMayOnAll(GrantSets.WritePublished); return(Eav.Configuration.Features.Ui .Where(f => includeNonPublic || f.Public == true)); }