private static Dictionary <int, bool> CheckSecurity(SqlConnection sqlConnection, int parentId, IEnumerable <int> testIds, int userId, int startLevel, string entityName, string parentEntityName, string columnName) { var granted = new Dictionary <int, bool>(); var securitySql = Common.GetPermittedItemsAsQuery(sqlConnection, userId, 0, startLevel, PermissionLevel.FullAccess, entityName, parentEntityName, parentId); var sql = string.Format( @" select i.id, cast((case when pi.{1} is null then 0 else 1 end) as bit) as granted from @ids i left join ({0}) as pi on pi.{1} = i.id " , securitySql, columnName); using (var cmd = SqlCommandFactory.Create(sql, sqlConnection)) { cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured) { TypeName = "Ids", Value = Common.IdsToDataTable(testIds) }); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { granted[(int)(decimal)reader["id"]] = (bool)reader["granted"]; } } } return(granted); }
public static Dictionary <int, bool> CheckLockedBy(SqlConnection dbConnection, int[] ids, int currentUserId, bool forceUnlock) { const string sql = @"select locked_by, content_item_id from content_item ci with(nolock) inner join @ids i on i.id = ci.content_item_id where locked_by is not null and locked_by <> @userId " ; var result = ids.ToDictionary(kvp => kvp, kvp => true); if (!forceUnlock) { using (var cmd = SqlCommandFactory.Create(sql, dbConnection)) { cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured) { TypeName = "Ids", Value = Common.IdsToDataTable(ids) }); cmd.Parameters.AddWithValue("@userId", currentUserId); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { var id = (int)(decimal)reader["content_item_id"]; result[id] = false; } } } } return(result); }
public static DataRow[] GetRelationSecurityFields(SqlConnection sqlConnection) { const string sqlText = @" select coalesce(ca3.content_id, ca1.content_id) as path_content_id, coalesce(ca4.CONTENT_ID, cl.linked_content_id) as rel_content_id, ca1.content_id, cast(case when ca1.link_id is not null then 1 else 0 end as bit) as is_m2m, cast(case when ca2.attribute_id is not null then 1 else 0 end as bit) as is_ext, ca1.is_classifier, ca1.attribute_id, ca1.attribute_name, ca1.link_id, ca2.ATTRIBUTE_NAME as agg_attribute_name from CONTENT_ATTRIBUTE ca1 left join content_link cl on ca1.content_id = cl.content_id and ca1.link_id = cl.link_id left join CONTENT_ATTRIBUTE ca4 on ca1.RELATED_ATTRIBUTE_ID = ca4.ATTRIBUTE_ID left join content_attribute ca2 on ca1.content_id = ca2.content_id and ca2.AGGREGATED = 1 left join content_attribute ca3 on ca2.RELATED_ATTRIBUTE_ID = ca3.attribute_Id where ca1.USE_RELATION_SECURITY = 1 " ; using (var cmd = SqlCommandFactory.Create(sqlText, sqlConnection)) { cmd.CommandType = CommandType.Text; var dt = new DataTable(); new SqlDataAdapter(cmd).Fill(dt); return(dt.AsEnumerable().ToArray()); } }
public static RelationSecurityInfo GetRelationSecurityInfo(SqlConnection dbConnection, int contentId, int[] ids) { var result = new RelationSecurityInfo(); var pathRows = GetRelationSecurityFields(dbConnection); var securityPathes = new List <List <RelationSecurityPathItem> >(); var finder = new RelationSecurityPathFinder(pathRows.ToList(), contentId); finder.Compute(); securityPathes.Add(finder.CurrentPath); foreach (var extra in finder.ExtraFinders) { extra.Compute(); securityPathes.Add(extra.CurrentPath); } foreach (var securityPath in securityPathes) { if (securityPath.Count <= 0) { var isEndNode = finder.PathRows.Any(n => (int)(n.Field <decimal?>("rel_content_id") ?? 0) == contentId); if (!isEndNode) { result.MakeEmpty(); } else { result.AddContentInItemMapping(contentId, ids.ToDictionary(n => n, m => Enumerable.Repeat(m, 1).ToArray())); } return(result); } var lastItem = securityPath.Last(); var lastItemWithSecondary = Enumerable.Repeat(lastItem, 1).Concat(lastItem.Secondary).ToList(); var contentIds = lastItemWithSecondary.Where(n => !n.IsClassifier).Select(n => n.RelContentId).ToArray(); var attNames = lastItemWithSecondary.Where(n => n.IsClassifier).Select(n => n.AttributeName).ToArray(); foreach (var item in contentIds) { result.AddContentInItemMapping(item, new Dictionary <int, int[]>()); } var sql = GetSecurityPathSql(securityPath, contentId); using (var cmd = SqlCommandFactory.Create(sql, dbConnection)) { cmd.Parameters.Add(new SqlParameter("@ids", SqlDbType.Structured) { TypeName = "Ids", Value = Common.IdsToDataTable(ids) }); using (var reader = cmd.ExecuteReader()) { while (reader.Read()) { ProcessSecurityPathSqlReader(reader, contentIds, attNames, result); } } } AppendNotFound(ids, contentIds, result); } return(result); }