/// <summary> /// Handles the Delete event of the rGrid control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs"/> instance containing the event data.</param> protected void rGrid_Delete(object sender, RowEventArgs e) { var rockContext = new RockContext(); var authService = new Rock.Model.AuthService(rockContext); Rock.Model.Auth auth = authService.Get(e.RowKeyId); if (auth != null) { authService.Delete(auth); rockContext.SaveChanges(); Authorization.ReloadAction(iSecured.TypeId, iSecured.Id, CurrentAction); } BindGrid(); }
/// <summary> /// Handles the Delete event of the gGroups control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param> protected void gGroups_Delete( object sender, RowEventArgs e ) { RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( (int)e.RowKeyValue ); if ( group != null ) { string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdGridWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole; if ( isSecurityRoleGroup ) { foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); Rock.Security.Role.Flush( group.Id ); } } } ); BindGrid(); }
/// <summary> /// Handles the Delete event of the gGroups control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param> protected void gGroups_Delete( object sender, RowEventArgs e ) { var rockContext = new RockContext(); GroupService groupService = new GroupService( rockContext ); AuthService authService = new AuthService( rockContext ); Group group = groupService.Get( e.RowKeyId ); if ( group != null ) { if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) ) { mdGridWarning.Show( "You are not authorized to delete this group", ModalAlertType.Information ); return; } string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdGridWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if ( isSecurityRoleGroup ) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() ) { authService.Delete( auth ); } } groupService.Delete( group ); rockContext.SaveChanges(); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } BindGrid(); }
/// <summary> /// Handles the Click event of the btnDelete control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param> protected void btnDelete_Click( object sender, EventArgs e ) { int? parentGroupId = null; RockContext rockContext = new RockContext(); GroupService groupService = new GroupService( rockContext ); AuthService authService = new AuthService( rockContext ); Group group = groupService.Get( int.Parse( hfGroupId.Value ) ); if ( group != null ) { if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) ) { mdDeleteWarning.Show( "You are not authorized to delete this group.", ModalAlertType.Information ); return; } parentGroupId = group.ParentGroupId; string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdDeleteWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if ( isSecurityRoleGroup ) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() ) { authService.Delete( auth ); } } groupService.Delete( group ); rockContext.SaveChanges(); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } // reload page, selecting the deleted group's parent var qryParams = new Dictionary<string, string>(); if ( parentGroupId != null ) { qryParams["GroupId"] = parentGroupId.ToString(); } NavigateToPage( RockPage.Guid, qryParams ); }
/// <summary> /// Handles the Delete event of the rGrid control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs"/> instance containing the event data.</param> protected void rGrid_Delete( object sender, RowEventArgs e ) { var rockContext = new RockContext(); var authService = new Rock.Model.AuthService( rockContext ); Rock.Model.Auth auth = authService.Get( e.RowKeyId ); if ( auth != null ) { authService.Delete( auth ); rockContext.SaveChanges(); Authorization.ReloadAction( iSecured.TypeId, iSecured.Id, CurrentAction ); } BindGrid(); }
/// <summary> /// Handles the Click event of the btnDelete control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param> protected void btnDelete_Click( object sender, EventArgs e ) { int? parentGroupId = null; // NOTE: Very similar code in GroupList.gGroups_Delete RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( int.Parse( hfGroupId.Value ) ); if ( group != null ) { parentGroupId = group.ParentGroupId; string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdDeleteWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if ( isSecurityRoleGroup ) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId.Equals( group.Id ) ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } } ); // reload page, selecting the deleted group's parent var qryParams = new Dictionary<string, string>(); if ( parentGroupId != null ) { qryParams["groupId"] = parentGroupId.ToString(); } NavigateToPage( RockPage.Guid, qryParams ); }
/// <summary> /// Removes that two authorization rules that made the entity private. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> public static void MakeUnPrivate( ISecured entity, string action, Person person, RockContext rockContext = null ) { if ( IsPrivate( entity, action, person ) ) { rockContext = rockContext ?? new RockContext(); var authService = new AuthService( rockContext ); // if is private, then there are only two rules for this action that should be deleted foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] ) { var oldAuth = authService.Get( authRule.Id ); authService.Delete( oldAuth ); } rockContext.SaveChanges(); Authorizations[entity.TypeId][entity.Id][action] = new List<AuthRule>(); } }
/// <summary> /// Handles the Click event of the btnDelete control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="EventArgs" /> instance containing the event data.</param> protected void btnDelete_Click( object sender, EventArgs e ) { int? parentGroupId = null; RockContext rockContext = new RockContext(); GroupService groupService = new GroupService( rockContext ); AuthService authService = new AuthService( rockContext ); Group group = groupService.Get( hfGroupId.Value.AsInteger() ); if ( group != null ) { if ( !group.IsAuthorized( Authorization.EDIT, this.CurrentPerson ) ) { mdDeleteWarning.Show( "You are not authorized to delete this group.", ModalAlertType.Information ); return; } parentGroupId = group.ParentGroupId; string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdDeleteWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsActive && ( group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ) ); if ( isSecurityRoleGroup ) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() ) { authService.Delete( auth ); } } // If group has a non-named schedule, delete the schedule record. if ( group.ScheduleId.HasValue ) { var scheduleService = new ScheduleService( rockContext ); var schedule = scheduleService.Get( group.ScheduleId.Value ); if ( schedule != null && schedule.ScheduleType != ScheduleType.Named ) { // Make sure this is the only group trying to use this schedule. if ( !groupService.Queryable().Where( g => g.ScheduleId == schedule.Id && g.Id != group.Id ).Any() ) { scheduleService.Delete( schedule ); } } } groupService.Delete( group ); rockContext.SaveChanges(); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } // reload page, selecting the deleted group's parent var qryParams = new Dictionary<string, string>(); if ( parentGroupId != null ) { qryParams["GroupId"] = parentGroupId.ToString(); } qryParams["ExpandedIds"] = PageParameter( "ExpandedIds" ); NavigateToPage( RockPage.Guid, qryParams ); }
/// <summary> /// Copies the authorizations from one <see cref="ISecured" /> object to another /// </summary> /// <param name="sourceEntity">The source entity.</param> /// <param name="targetEntity">The target entity.</param> /// <param name="rockContext">The rock context.</param> /// <remarks> /// If a rockContext value is included, this method will save any previous changes made to the context /// </remarks> public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext = null ) { rockContext = rockContext ?? new RockContext(); // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( rockContext ); } var sourceEntityTypeId = sourceEntity.TypeId; var targetEntityTypeId = targetEntity.TypeId; AuthService authService = new AuthService( rockContext ); // Delete the current authorizations for the target entity foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ) ) { authService.Delete( auth ); } Dictionary<string, List<AuthRule>> newActions = new Dictionary<string, List<AuthRule>>(); int order = 0; if ( Authorizations.ContainsKey( sourceEntityTypeId ) && Authorizations[sourceEntityTypeId].ContainsKey( sourceEntity.Id ) ) { foreach ( KeyValuePair<string, List<AuthRule>> action in Authorizations[sourceEntityTypeId][sourceEntity.Id] ) { if ( targetEntity.SupportedActions.ContainsKey( action.Key ) ) { newActions.Add( action.Key, new List<AuthRule>() ); foreach ( AuthRule rule in action.Value ) { Auth auth = new Auth(); auth.EntityTypeId = targetEntityTypeId; auth.EntityId = targetEntity.Id; auth.Order = order; auth.Action = action.Key; auth.AllowOrDeny = rule.AllowOrDeny; auth.SpecialRole = rule.SpecialRole; auth.PersonId = rule.PersonId; auth.GroupId = rule.GroupId; authService.Add( auth ); newActions[action.Key].Add( new AuthRule( rule.Id, rule.EntityId, rule.AllowOrDeny, rule.SpecialRole, rule.PersonId, rule.GroupId, rule.Order ) ); order++; } } } } rockContext.SaveChanges(); if ( !Authorizations.ContainsKey( targetEntityTypeId ) ) { Authorizations.Add( targetEntityTypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } Dictionary<int, Dictionary<string, List<AuthRule>>> entityType = Authorizations[targetEntityTypeId]; if ( !entityType.ContainsKey( targetEntity.Id ) ) { entityType.Add( targetEntity.Id, new Dictionary<string, List<AuthRule>>() ); } entityType[targetEntity.Id] = newActions; }
/// <summary> /// Makes the entity private by setting up two authorization rules, one granting the selected person, and /// then another that denies all other users. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> public static void MakePrivate( ISecured entity, string action, Person person, RockContext rockContext = null ) { if ( !IsPrivate( entity, action, person ) ) { if ( person != null ) { rockContext = rockContext ?? new RockContext(); // If there's no Authorizations object, create it if ( Authorizations == null ) { Load( rockContext ); } var authService = new AuthService( rockContext ); // If there are not entries in the Authorizations object for this entity type and entity instance, create // the dictionary entries if ( !Authorizations.Keys.Contains( entity.TypeId ) ) { Authorizations.Add( entity.TypeId, new Dictionary<int, Dictionary<string, List<AuthRule>>>() ); } if ( !Authorizations[entity.TypeId].Keys.Contains( entity.Id ) ) { Authorizations[entity.TypeId].Add( entity.Id, new Dictionary<string, List<AuthRule>>() ); } if ( !Authorizations[entity.TypeId][entity.Id].Keys.Contains( action ) ) { Authorizations[entity.TypeId][entity.Id].Add( action, new List<AuthRule>() ); } else { // If existing rules exist, delete them. foreach ( AuthRule authRule in Authorizations[entity.TypeId][entity.Id][action] ) { var oldAuth = authService.Get( authRule.Id ); authService.Delete( oldAuth ); } } var rules = new List<AuthRule>(); Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.None; auth1.PersonId = person.Id; authService.Add( auth1 ); Auth auth2 = new Auth(); auth2.EntityTypeId = entity.TypeId; auth2.EntityId = entity.Id; auth2.Order = 1; auth2.Action = action; auth2.AllowOrDeny = "D"; auth2.SpecialRole = SpecialRole.AllUsers; authService.Add( auth2 ); rockContext.SaveChanges(); rules.Add( new AuthRule( auth1 ) ); rules.Add( new AuthRule( auth2 ) ); Authorizations[entity.TypeId][entity.Id][action] = rules; } } }
/// <summary> /// Copies the authorizations from one <see cref="ISecured" /> object to another /// </summary> /// <param name="sourceEntity">The source entity.</param> /// <param name="targetEntity">The target entity.</param> /// <param name="rockContext">The rock context.</param> /// <param name="action">Optional action (if ommitted or left blank, all actions will be copied).</param> /// <remarks> /// This method will save any previous changes made to the context /// </remarks> public static void CopyAuthorization( ISecured sourceEntity, ISecured targetEntity, RockContext rockContext, string action = "" ) { Load(); var sourceEntityTypeId = sourceEntity.TypeId; var targetEntityTypeId = targetEntity.TypeId; AuthService authService = new AuthService( rockContext ); // Delete the current authorizations for the target entity foreach ( Auth auth in authService.Get( targetEntityTypeId, targetEntity.Id ).ToList() ) { if ( string.IsNullOrWhiteSpace( action ) || auth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) ) { authService.Delete( auth ); } } rockContext.SaveChanges(); // Copy target auths to source auths int order = 0; foreach ( Auth sourceAuth in authService.Get( sourceEntityTypeId, sourceEntity.Id ).ToList() ) { if ( ( string.IsNullOrWhiteSpace( action ) || sourceAuth.Action.Equals( action, StringComparison.OrdinalIgnoreCase ) ) && targetEntity.SupportedActions.ContainsKey( sourceAuth.Action ) ) { Auth auth = new Auth(); auth.EntityTypeId = targetEntityTypeId; auth.EntityId = targetEntity.Id; auth.Action = sourceAuth.Action; auth.AllowOrDeny = sourceAuth.AllowOrDeny; auth.GroupId = sourceAuth.GroupId; auth.PersonAliasId = sourceAuth.PersonAliasId; auth.SpecialRole = sourceAuth.SpecialRole; auth.Order = order++; authService.Add( auth ); rockContext.SaveChanges(); } } ReloadEntity( targetEntityTypeId, targetEntity.Id, rockContext ); }
/// <summary> /// If the entity is currently private for selected person, removes all the rules /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> private static void MyMakeUnPrivate( ISecured entity, string action, Person person, RockContext rockContext ) { if ( IsPrivate( entity, action, person ) ) { var authService = new AuthService( rockContext ); // Delete any existing rules in database foreach ( Auth auth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { authService.Delete( auth ); } // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); } }
/// <summary> /// Makes the entity private for the selected action and person /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="person">The person.</param> /// <param name="rockContext">The rock context.</param> private static void MyMakePrivate( ISecured entity, string action, Person person, RockContext rockContext ) { if ( !IsPrivate( entity, action, person ) ) { if ( person != null ) { var personAlias = new PersonAliasService( rockContext ).GetPrimaryAlias( person.Id ); if ( personAlias != null ) { var authService = new AuthService( rockContext ); // Delete any existing rules in database foreach ( Auth auth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { authService.Delete( auth ); } rockContext.SaveChanges(); // Create the rules in the database Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.None; auth1.PersonAlias = personAlias; auth1.PersonAliasId = personAlias.Id; authService.Add( auth1 ); Auth auth2 = new Auth(); auth2.EntityTypeId = entity.TypeId; auth2.EntityId = entity.Id; auth2.Order = 1; auth2.Action = action; auth2.AllowOrDeny = "D"; auth2.SpecialRole = SpecialRole.AllUsers; authService.Add( auth2 ); rockContext.SaveChanges(); // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); } } } }
/// <summary> /// Mies the allow all users. /// </summary> /// <param name="entity">The entity.</param> /// <param name="action">The action.</param> /// <param name="rockContext">The rock context.</param> private static void MyAllowAllUsers( ISecured entity, string action, RockContext rockContext ) { var authService = new AuthService( rockContext ); // Delete any existing rules in database foreach ( Auth auth in authService .GetAuths( entity.TypeId, entity.Id, action ) ) { authService.Delete( auth ); } rockContext.SaveChanges(); // Create the rule in the database Auth auth1 = new Auth(); auth1.EntityTypeId = entity.TypeId; auth1.EntityId = entity.Id; auth1.Order = 0; auth1.Action = action; auth1.AllowOrDeny = "A"; auth1.SpecialRole = SpecialRole.AllUsers; authService.Add( auth1 ); rockContext.SaveChanges(); // Reload the static dictionary for this action ReloadAction( entity.TypeId, entity.Id, action, rockContext ); }
/// <summary> /// Handles the Delete event of the gGroups control. /// </summary> /// <param name="sender">The source of the event.</param> /// <param name="e">The <see cref="RowEventArgs" /> instance containing the event data.</param> protected void gGroups_Delete( object sender, RowEventArgs e ) { // NOTE: Very similar code in GroupDetail.btnDelete_Click RockTransactionScope.WrapTransaction( () => { GroupService groupService = new GroupService(); AuthService authService = new AuthService(); Group group = groupService.Get( (int)e.RowKeyValue ); if ( group != null ) { string errorMessage; if ( !groupService.CanDelete( group, out errorMessage ) ) { mdGridWarning.Show( errorMessage, ModalAlertType.Information ); return; } bool isSecurityRoleGroup = group.IsSecurityRole || group.GroupType.Guid.Equals( Rock.SystemGuid.GroupType.GROUPTYPE_SECURITY_ROLE.AsGuid() ); if (isSecurityRoleGroup) { Rock.Security.Role.Flush( group.Id ); foreach ( var auth in authService.Queryable().Where( a => a.GroupId == group.Id ).ToList() ) { authService.Delete( auth, CurrentPersonId ); authService.Save( auth, CurrentPersonId ); } } groupService.Delete( group, CurrentPersonId ); groupService.Save( group, CurrentPersonId ); if ( isSecurityRoleGroup ) { Rock.Security.Authorization.Flush(); } } } ); BindGrid(); }