internal GetSecurityAssociationsResponse RestoreRootMapInheritance(GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse response = new GetSecurityAssociationsResponse() { HasError = false }; try { GetSecurableContextIdResponse securableContextIdResponse = GetSecurableContextId(); if (!securableContextIdResponse.HasError) { int securableContextId = securableContextIdResponse.Result; SecurableObject obj = GetSecurableObject(securableContextId, securableObject.SecurableObjectUid); GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); if (obj == null) { obj = securableObjectContext.CreateSecurableObject(false); } if (obj.BreaksInheritance) { securableObjectContext.SetSecurableObjectInheritance(false); } RemoveRootMapGroupAssociations(securableObject); GlymaSecurableObject parentObject = new GlymaSecurableObject(); parentObject.SecurableParentUid = Guid.Empty; parentObject.SecurableObjectUid = securableObject.SecurableParentUid; GetAllSecurityGroupsResponse res = GetAllGlymaSecurityGroups(); if (!res.HasError) { IList<GlymaSecurityGroup> groups = ConversionUtility.ConvertDictToList(res.Result); response = GetSecurityAssociations(groups, parentObject); } else { response.HasError = true; response.ErrorMessage = "Failed returning the Glyma security groups. " + res.ErrorMessage; } } else { response.HasError = true; response.ErrorMessage = "Failed to restore root map inheritance. " + securableContextIdResponse.ErrorMessage; } } catch (Exception ex) { response.HasError = true; response.ErrorMessage = ex.Message; } return response; }
private void CopyGroupAssociationsToRootMap(GlymaSecurableObject rootMapSecurableObject) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { var groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == rootMapSecurableObject.SecurableParentUid select ga; if (groupAssociations.Any()) { foreach (GroupAssociation groupAssociation in groupAssociations) { GlymaSecurableObject securableObject = new GlymaSecurableObject(); securableObject.SecurableParentUid = groupAssociation.SecurableObjectUid; //the parent is now the project uid securableObject.SecurableObjectUid = rootMapSecurableObject.SecurableObjectUid; //the object is now the root map being copied to GlymaSecurityAssociationContext securityAssocationContext = new GlymaSecurityAssociationContext(this, rootMapSecurableObject); securityAssocationContext.CreateGroupAssociation(groupAssociation.GroupId); } } } } } }); }
private void RemoveRootMapGroupAssociations(GlymaSecurableObject rootMapSecurableObject) { SPSecurity.RunWithElevatedPrivileges(delegate() { using (IGlymaSession glymaSession = new WebAppSPGlymaSession(this.WebUrl)) { using (IDbConnectionAbstraction connectionAbstraction = glymaSession.ConnectionFactory.CreateSecurityDbConnection()) { using (SecurityServiceDataContext dataContext = new SecurityServiceDataContext(connectionAbstraction.Connection)) { var groupAssociations = from ga in dataContext.GroupAssociations where ga.SecurableObjectUid == rootMapSecurableObject.SecurableObjectUid && ga.SecurableParentUid == rootMapSecurableObject.SecurableParentUid select ga; if (groupAssociations.Any()) { foreach (GroupAssociation groupAssociation in groupAssociations) { dataContext.GroupAssociations.DeleteOnSubmit(groupAssociation); } dataContext.SubmitChanges(); } } } } }); }
/// <summary> /// Gets the current security associations for a list of groups against a particular securable object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="glGroups">A list of groups to get the security assocations for</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns> internal GetSecurityAssociationsResponse GetSecurityAssociations(IEnumerable<GlymaSecurityGroup> glGroups, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; if (this.CurrentUser.IsUserSecurityManager()) { SecurityAssociations securityAssociations = new SecurityAssociations(); Dictionary<GlymaSecurityGroup, bool> results = new Dictionary<GlymaSecurityGroup, bool>(); SecurableContext securableContext = GetSecurableContext(); int securableContextId = securableContext.SecurableContextId; GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); bool isInherited = securableObjectContext.GetIsInherited(); foreach (GlymaSecurityGroup glymaSecurityGroup in glGroups) { try { GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(this, glymaSecurityGroup, securableObject); bool response = securityAssociationContext.HasAssociation(); results.Add(glymaSecurityGroup, response); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } } if (!result.HasError) { securityAssociations.HasAssociations = results; securityAssociations.IsInherited = isInherited; result.Result = securityAssociations; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return result; }
internal ResponseObject BreakRootMapInheritance(GlymaSecurableObject securableObject) { ResponseObject response = new ResponseObject() { HasError = false }; try { GetSecurableContextIdResponse securableContextIdResponse = GetSecurableContextId(); if (!securableContextIdResponse.HasError) { int securableContextId = securableContextIdResponse.Result; SecurableObject obj = GetSecurableObject(securableContextId, securableObject.SecurableObjectUid); GlymaSecurableObjectContext securableObjectContext = new GlymaSecurableObjectContext(this, securableContextId, securableObject); if (obj == null) { obj = securableObjectContext.CreateSecurableObject(true); } if (!obj.BreaksInheritance) { securableObjectContext.SetSecurableObjectInheritance(true); } CopyGroupAssociationsToRootMap(securableObject); } } catch (Exception ex) { response.HasError = true; response.ErrorMessage = ex.Message; } return response; }
public ResponseObject BreakRootMapInheritance(string webUrl, GlymaSecurableObject securableObject) { ResponseObject result = new ResponseObject() { HasError = false }; try { SecurityContextManager context = new SecurityContextManager(webUrl); result = context.BreakRootMapInheritance(securableObject); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } return result; }
public GetSecurityAssociationsResponse RestoreRootMapInheritance(string webUrl, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; try { SecurityContextManager context = new SecurityContextManager(webUrl); result = context.RestoreRootMapInheritance(securableObject); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } return result; }
/// <summary> /// Gets the highest permission (role) name that the current user has if they have access to the object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>The Glyma permission level name if the user has access or null if the user doens't have access</returns> public GetPermissionLevelResponse GetPermissionLevelForObject(string webUrl, GlymaSecurableObject securableObject) { GetPermissionLevelResponse result = new GetPermissionLevelResponse() { HasError = false }; SecurityContextManager securityContext = new SecurityContextManager(webUrl); if (securityContext.CurrentUser.IsUserMapReader()) { GlymaPermissionLevel highestPermissionLevel = GlymaPermissionLevel.None; try { GetCurrentUserAccessToObjectResponse response = securityContext.CurrentUser.GetCurrentUserAccessToObject(securableObject, false); if (!response.HasError) { if (response.HasAccess) { //if the user has access to the object (project or root map) get there highest permission level highestPermissionLevel = response.HighestPermissionLevel; } else { //The user has no access result.Result = GlymaPermissionLevel.None; } } else { result.HasError = true; result.ErrorMessage = response.ErrorMessage; } } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } if (!result.HasError) { result.Result = highestPermissionLevel; } } else { result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } return result; }
/// <summary> /// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to /// with the newly created project. /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">Describes the project that was just added</param> /// <returns>A response object indicating if the operation completed without error.</returns> public ResponseObject SetProjectManagerGroupAssociations(string webUrl, GlymaSecurableObject securableObject) { ResponseObject result = new ResponseObject() { HasError = false }; try { SecurityContextManager context = new SecurityContextManager(webUrl); result = context.CurrentUser.SetProjectManagerGroupAssociations(securableObject); } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } return result; }
/// <summary> /// Gets the current security associations for a list of groups against a particular securable object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="groups">A list of groups to get the security assocations for</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>A dictionary of security association, Key: the group, Value: True if the group has an assocation. (wrapped in a Response Object to indicate if any errors occured)</returns> public GetSecurityAssociationsResponse GetSecurityAssociations(string webUrl, IEnumerable<GlymaSecurityGroup> groups, GlymaSecurableObject securableObject) { GetSecurityAssociationsResponse result = new GetSecurityAssociationsResponse() { HasError = false }; SecurityContextManager securityContext = new SecurityContextManager(webUrl); result = securityContext.GetSecurityAssociations(groups, securableObject); return result; }
/// <summary> /// Gets the highest permission (role) name that the current user has if they have access to the object /// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <returns>The Glyma permission level name if the user has access or null if the user doens't have access</returns> public GetPermissionNameResponse GetPermissionNameForObject(string webUrl, GlymaSecurableObject securableObject) { GetPermissionNameResponse result = new GetPermissionNameResponse() { HasError = false }; GetPermissionLevelResponse response = GetPermissionLevelForObject(webUrl, securableObject); if (!response.HasError) { result.Result = GlymaPermissionLevelHelper.GetPermissionLevelName(response.Result); } else { result.HasError = true; result.ErrorMessage = response.ErrorMessage; } return result; }
internal GlymaSecurableObjectContext(SecurityContextManager context, int securableContextId, GlymaSecurableObject securableObject) { SecurableContextId = securableContextId; SecurableObject = securableObject; Context = context; }
/// <summary> /// This method is called by a Glyma Project Manager when they create a new project, it will associate any Glyma Project Manager group the user belongs to /// with the newly created project. /// </summary> /// <param name="securableObject">Describes the project that was just added</param> /// <returns>A response object indicating if the operation completed without error.</returns> internal ResponseObject SetProjectManagerGroupAssociations(GlymaSecurableObject securableObject) { ResponseObject result = new ResponseObject() { HasError = false }; try { if (this.IsUserProjectManager()) //ensure they are a project manager { using (SPSite site = new SPSite(Context.WebUrl)) { using (SPWeb currentWeb = site.OpenWeb()) { GetSecurityGroupsResponse response = Context.GetSecurityGroups(GlymaPermissionLevel.GlymaProjectManager); if (!response.HasError) { IList<GlymaSecurityGroup> pmGroupsToAssociate = new List<GlymaSecurityGroup>(); IList<GlymaSecurityGroup> pmGroups = response.Result; //for any group that is a Glyma Project Manager group foreach (SPGroup group in CurrentSPUser.Groups) { foreach (GlymaSecurityGroup projectManagerGroup in pmGroups) { Group glGroup = Context.GetGroup(projectManagerGroup); if (group.ID == glGroup.GroupSPID) { pmGroupsToAssociate.Add(projectManagerGroup); } } } //Add the security association for every Glyma Project Manager group the current user belongs to. foreach (GlymaSecurityGroup glGroup in pmGroupsToAssociate) { GlymaSecurityAssociationContext securityAssociationContext = new GlymaSecurityAssociationContext(Context, glGroup, securableObject); ResponseObject addResponse = securityAssociationContext.SetSecurityAssociation(false); if (addResponse.HasError) { //if an error occurs adding the security association for any of the groups stop and return the error result.HasError = true; result.ErrorMessage = addResponse.ErrorMessage; break; } } } else { //there was an error get the groups that have been assigned the permission level of Glyma Project Manager result.HasError = true; result.ErrorMessage = response.ErrorMessage; } } } } else { //Only a Glyma Project Manager can call this method result.HasError = true; result.ErrorMessage = "Access Denied. User does not have permissions to access this web service method."; } } catch (Exception ex) { result.HasError = true; result.ErrorMessage = ex.Message; } return result; }
/// </summary> /// <param name="webUrl">The URL for the SP site</param> /// <param name="securableObject">An object that contains the Parent and Object ID's /// SecurableParentUid: The ID of the securable parent (Guid.Empty for projects), /// SecurableObjectUid: The ID of the securable object (root map UID or project UID if securing a project)</param> /// <param name="checkProjectsChildren">If this is true when checking the access to a Project if there are any root maps under that project the user /// has access to it returns true for the project as well (only true for when working out the filtered lists)</param> /// <returns>True if the user belongs to a group that has access to the securable object</returns> internal GetCurrentUserAccessToObjectResponse GetCurrentUserAccessToObject(GlymaSecurableObject securableObject, bool checkProjectsChildren = false) { GetCurrentUserAccessToObjectResponse result = new GetCurrentUserAccessToObjectResponse() { HasError = false, HasAccess = false, HighestPermissionLevel = GlymaPermissionLevel.None }; try { using (SPSite site = new SPSite(Context.WebUrl)) { using (SPWeb currentWeb = site.OpenWeb()) { IGlymaPermission highestPermissionLevel = this.GetHighestPermissionLevel(); if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.None) { result.HasAccess = false; result.HighestPermissionLevel = GlymaPermissionLevel.None; return result; //an error occured so assume there is no access to the object } else { if (highestPermissionLevel.PermissionLevel == GlymaPermissionLevel.GlymaSecurityManager) { //The Glyma Security Manager permission exists for this user, they can access anything result.HasAccess = true; result.HighestPermissionLevel = GlymaPermissionLevel.GlymaSecurityManager; return result; } } GetAllSecurityGroupsResponse allSPSecurityGroups = Context.GetAllGlymaSecurityGroups(); if (!allSPSecurityGroups.HasError) { //GlymaGroupCollection groups = new GlymaGroupCollection(allSPSecurityGroups.Result); GlymaSecurityGroupCollection groups = new GlymaSecurityGroupCollection(Context, allSPSecurityGroups.Result); //gets a sorted list of groups highest to lowest permission level IList<GlymaSecurityGroup> usersGlymaGroups = groups.GetUsersGroups(currentWeb, CurrentSPUser); SecurableContext securableContext = Context.GetSecurableContext(); //check each glyma group the person has associated with them for access to the maps foreach (GlymaSecurityGroup glymaGroup in usersGlymaGroups) { GlymaSecurityAssociationContext securityAssociation = new GlymaSecurityAssociationContext(Context, glymaGroup, securableObject); bool response = securityAssociation.HasAssociation(checkProjectsChildren); if (response) { result.HasAccess = response; result.HighestPermissionLevel = groups.GetGroupsPermissionLevel(glymaGroup); return result; } } } } } } catch (Exception e) { result.HasError = true; result.ErrorMessage = "Failed to read the users current access to the object. " + e.Message; } return result; //if it gets all the way to here it's the default no access response }
internal GlymaSecurityAssociationContext(SecurityContextManager context, GlymaSecurableObject securableObject) { Context = context; SecurableObject = securableObject; }
internal GlymaSecurityAssociationContext(SecurityContextManager context, GlymaSecurityGroup group, GlymaSecurableObject securableObject) { Group = group; SecurableObject = securableObject; Context = context; }