protected void btnPrivate_Click(object sender, EventArgs e) { string currentWiki = DetectWiki(); NamespaceInfo nspace = Pages.FindNamespace(currentWiki, txtCurrentNamespace.Value); RemoveAllPermissions(nspace); AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); // Set permissions authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.FullControl, Users.FindUserGroup(currentWiki, Settings.GetAdministratorsGroup(currentWiki))); authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.CreatePages, Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki))); authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.ManageCategories, Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki))); authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.PostDiscussion, Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki))); authWriter.SetPermissionForNamespace(AuthStatus.Grant, nspace, Actions.ForNamespaces.DownloadAttachments, Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki))); RefreshPermissionsManager(); }
/// <summary> /// Removes all the permissions for a page. /// </summary> /// <param name="pageFullName">The page full name.</param> private void RemoveAllPermissions(string pageFullName) { AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); authWriter.RemoveEntriesForPage(Users.FindUserGroup(currentWiki, Settings.GetAnonymousGroup(currentWiki)), pageFullName); authWriter.RemoveEntriesForPage(Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)), pageFullName); authWriter.RemoveEntriesForPage(Users.FindUserGroup(currentWiki, Settings.GetAdministratorsGroup(currentWiki)), pageFullName); }
/// <summary> /// Removes all the permissions for a namespace. /// </summary> /// <param name="nspace">The namespace (<c>null</c> for the root).</param> private void RemoveAllPermissions(NamespaceInfo nspace) { string currentWiki = DetectWiki(); AuthWriter authWriter = new AuthWriter(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); authWriter.RemoveEntriesForNamespace(Users.FindUserGroup(currentWiki, Settings.GetAnonymousGroup(currentWiki)), nspace); authWriter.RemoveEntriesForNamespace(Users.FindUserGroup(currentWiki, Settings.GetUsersGroup(currentWiki)), nspace); authWriter.RemoveEntriesForNamespace(Users.FindUserGroup(currentWiki, Settings.GetAdministratorsGroup(currentWiki)), nspace); }
/// <summary> /// Loads the security configuration. /// </summary> /// <param name="wiki">The wiki.</param> private void LoadSecurityConfig(string currentWiki) { chkAllowUsersToRegister.Checked = Settings.UsersCanRegister(currentWiki); PopulateAccountActivationMode(Settings.GetAccountActivationMode(currentWiki)); PopulateDefaultGroups(Settings.GetUsersGroup(currentWiki), Settings.GetAdministratorsGroup(currentWiki), Settings.GetAnonymousGroup(currentWiki)); chkEnableCaptchaControl.Checked = !Settings.GetDisableCaptchaControl(currentWiki); chkPreventConcurrentEditing.Checked = Settings.GetDisableConcurrentEditing(currentWiki); switch (Settings.GetModerationMode(currentWiki)) { case ChangeModerationMode.None: rdoNoModeration.Checked = true; break; case ChangeModerationMode.RequirePageViewingPermissions: rdoRequirePageViewingPermissions.Checked = true; break; case ChangeModerationMode.RequirePageEditingPermissions: rdoRequirePageEditingPermissions.Checked = true; break; } txtExtensionsAllowed.Text = string.Join(", ", Settings.GetAllowedFileTypes(currentWiki)); lstFileDownloadCountFilterMode.SelectedIndex = -1; switch (Settings.GetFileDownloadCountFilterMode(currentWiki)) { case FileDownloadCountFilterMode.CountAll: lstFileDownloadCountFilterMode.SelectedIndex = 0; txtFileDownloadCountFilter.Enabled = false; break; case FileDownloadCountFilterMode.CountSpecifiedExtensions: lstFileDownloadCountFilterMode.SelectedIndex = 1; txtFileDownloadCountFilter.Enabled = true; txtFileDownloadCountFilter.Text = string.Join(", ", Settings.GetFileDownloadCountFilter(currentWiki)); break; case FileDownloadCountFilterMode.ExcludeSpecifiedExtensions: txtFileDownloadCountFilter.Text = string.Join(", ", Settings.GetFileDownloadCountFilter(currentWiki)); txtFileDownloadCountFilter.Enabled = true; lstFileDownloadCountFilterMode.SelectedIndex = 2; break; default: throw new NotSupportedException(); } chkAllowScriptTags.Checked = Settings.GetScriptTagsAllowed(currentWiki); txtIpHostFilter.Text = Settings.GetIpHostFilter(currentWiki); }
/// <summary> /// Verifies the existence of the default user groups and creates them if necessary, for the given wiki. /// </summary> /// <param name="wiki">The wiki.</param> /// <returns><c>true</c> if the groups were created, <c>false</c> otherwise.</returns> private static bool VerifyAndCreateDefaultGroups(string wiki) { UserGroup administratorsGroup = Users.FindUserGroup(wiki, Settings.GetAdministratorsGroup(wiki)); UserGroup anonymousGroup = Users.FindUserGroup(wiki, Settings.GetAnonymousGroup(wiki)); UserGroup usersGroup = Users.FindUserGroup(wiki, Settings.GetUsersGroup(wiki)); // Create default groups if they don't exist already, initializing permissions bool aGroupWasCreated = false; if (administratorsGroup == null) { Users.AddUserGroup(wiki, Settings.GetAdministratorsGroup(wiki), "Built-in Administrators"); administratorsGroup = Users.FindUserGroup(wiki, Settings.GetAdministratorsGroup(wiki)); aGroupWasCreated = true; } if (usersGroup == null) { Users.AddUserGroup(wiki, Settings.GetUsersGroup(wiki), "Built-in Users"); usersGroup = Users.FindUserGroup(wiki, Settings.GetUsersGroup(wiki)); aGroupWasCreated = true; } if (anonymousGroup == null) { Users.AddUserGroup(wiki, Settings.GetAnonymousGroup(wiki), "Built-in Anonymous Users"); anonymousGroup = Users.FindUserGroup(wiki, Settings.GetAnonymousGroup(wiki)); aGroupWasCreated = true; } if (aGroupWasCreated) { ImportPageDiscussionPermissions(wiki); } return(aGroupWasCreated); }
protected void rptGroups_ItemCommand(object sender, RepeaterCommandEventArgs e) { if (e.CommandName == "Select") { txtCurrentName.Value = e.CommandArgument as string; //rptGroups.DataBind(); Not needed because the list is hidden on select UserGroup group = Users.FindUserGroup(currentWiki, txtCurrentName.Value); txtName.Text = group.Name; txtName.Enabled = false; txtDescription.Text = group.Description; providerSelector.SelectedProvider = group.Provider.GetType().FullName; providerSelector.Enabled = false; // Select group's global permissions AuthReader authReader = new AuthReader(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); aclActionsSelector.GrantedActions = authReader.RetrieveGrantsForGlobals(group); aclActionsSelector.DeniedActions = authReader.RetrieveDenialsForGlobals(group); btnCreate.Visible = false; btnSave.Visible = true; btnDelete.Visible = true; bool isDefaultGroup = group.Name == Settings.GetAdministratorsGroup(currentWiki) || group.Name == Settings.GetUsersGroup(currentWiki) || group.Name == Settings.GetAnonymousGroup(currentWiki); pnlEditGroup.Visible = true; pnlList.Visible = false; // Enable/disable interface sections based on provider read-only settings pnlGroupDetails.Enabled = !group.Provider.UserGroupsReadOnly; btnDelete.Enabled = !group.Provider.UserGroupsReadOnly && !isDefaultGroup; lblResult.CssClass = ""; lblResult.Text = ""; } }
/// <summary> /// Detects the permissions of the current user for the current directory. /// </summary> private void DetectPermissions() { string currentUser = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki); AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); canList = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.List, currentUser, currentGroups); canDownload = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.DownloadFiles, currentUser, currentGroups); canUpload = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.UploadFiles, currentUser, currentGroups); canCreateDirs = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.CreateDirectories, currentUser, currentGroups); canDeleteFiles = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.DeleteFiles, currentUser, currentGroups); canDeleteDirs = authChecker.CheckActionForDirectory(provider, CurrentDirectory, Actions.ForDirectories.DeleteDirectories, currentUser, currentGroups); canSetPerms = authChecker.CheckActionForGlobals(Actions.ForGlobals.ManagePermissions, currentUser, currentGroups); isAdmin = Array.Find(currentGroups, delegate(string g) { return(g == Settings.GetAdministratorsGroup(currentWiki)); }) != null; }
/// <summary> /// Performs all needed startup operations. /// </summary> public static void Startup() { // Load Host Host.Instance = new Host(); // Initialize MimeTypes MimeTypes.Init(); GlobalSettings.CanOverridePublicDirectory = false; // Initialize Collectors Collectors.InitCollectors(); Collectors.FileNames = new Dictionary <string, string>(10); // Load Global Config IGlobalSettingsStorageProviderV60 globalSettingsStorageProvider = ProviderLoader.LoadGlobalSettingsStorageProvider(ApplicationSettings.Instance.GlobalSettingsStorageProvider); Collectors.AddGlobalSettingsStorageProvider(globalSettingsStorageProvider.GetType(), Assembly.GetAssembly(globalSettingsStorageProvider.GetType())); globalSettingsStorageProvider.SetUp(Host.Instance, GetGlobalSettingsStorageProviderConfiguration()); globalSettingsStorageProvider.Dispose(); // Add StorageProviders, from WebConfig, to Collectors and Setup them ProviderLoader.LoadStorageProviders <ISettingsStorageProviderV60>(new List <StorageProvider>() { ApplicationSettings.Instance.SettingProvider }); ProviderLoader.LoadStorageProviders <IFilesStorageProviderV60>(ApplicationSettings.Instance.FilesProviders); ProviderLoader.LoadStorageProviders <IThemesStorageProviderV60>(ApplicationSettings.Instance.ThemesProviders); ProviderLoader.LoadStorageProviders <IUsersStorageProviderV60>(ApplicationSettings.Instance.UsersProviders); ProviderLoader.LoadStorageProviders <IPagesStorageProviderV60>(ApplicationSettings.Instance.PagesProviders); ProviderLoader.LoadStorageProviders <IIndexDirectoryProviderV60>(new List <StorageProvider>() { ApplicationSettings.Instance.IndexDirectoryProvider }); ProviderLoader.LoadAllFormatterProviders(); foreach (Configuration.Wiki wiki in Collectors.CollectorsBox.GlobalSettingsProvider.GetAllWikis()) { ISettingsStorageProviderV60 ssp = Collectors.CollectorsBox.GetSettingsProvider(wiki.WikiName); if (ssp.IsFirstApplicationStart()) { if (ssp.GetMetaDataItem(MetaDataItem.AccountActivationMessage, null) == "") { ssp.SetMetaDataItem(MetaDataItem.AccountActivationMessage, null, Defaults.AccountActivationMessageContent); } if (ssp.GetMetaDataItem(MetaDataItem.EditNotice, null) == "") { ssp.SetMetaDataItem(MetaDataItem.EditNotice, null, Defaults.EditNoticeContent); } if (ssp.GetMetaDataItem(MetaDataItem.Footer, null) == "") { ssp.SetMetaDataItem(MetaDataItem.Footer, null, Defaults.FooterContent); } if (ssp.GetMetaDataItem(MetaDataItem.Header, null) == "") { ssp.SetMetaDataItem(MetaDataItem.Header, null, Defaults.HeaderContent); } if (ssp.GetMetaDataItem(MetaDataItem.PasswordResetProcedureMessage, null) == "") { ssp.SetMetaDataItem(MetaDataItem.PasswordResetProcedureMessage, null, Defaults.PasswordResetProcedureMessageContent); } if (ssp.GetMetaDataItem(MetaDataItem.Sidebar, null) == "") { ssp.SetMetaDataItem(MetaDataItem.Sidebar, null, Defaults.SidebarContent); } if (ssp.GetMetaDataItem(MetaDataItem.PageChangeMessage, null) == "") { ssp.SetMetaDataItem(MetaDataItem.PageChangeMessage, null, Defaults.PageChangeMessage); } if (ssp.GetMetaDataItem(MetaDataItem.DiscussionChangeMessage, null) == "") { ssp.SetMetaDataItem(MetaDataItem.DiscussionChangeMessage, null, Defaults.DiscussionChangeMessage); } if (ssp.GetMetaDataItem(MetaDataItem.ApproveDraftMessage, null) == "") { ssp.SetMetaDataItem(MetaDataItem.ApproveDraftMessage, null, Defaults.ApproveDraftMessage); } } bool groupsCreated = VerifyAndCreateDefaultGroups(wiki.WikiName); if (groupsCreated) { // It is necessary to set default permissions for file management UserGroup administratorsGroup = Users.FindUserGroup(wiki.WikiName, Settings.GetAdministratorsGroup(wiki.WikiName)); UserGroup anonymousGroup = Users.FindUserGroup(wiki.WikiName, Settings.GetAnonymousGroup(wiki.WikiName)); UserGroup usersGroup = Users.FindUserGroup(wiki.WikiName, Settings.GetUsersGroup(wiki.WikiName)); SetAdministratorsGroupDefaultPermissions(wiki.WikiName, administratorsGroup); SetUsersGroupDefaultPermissions(wiki.WikiName, usersGroup); SetAnonymousGroupDefaultPermissions(wiki.WikiName, anonymousGroup); } // Create the Main Page, if needed if (Pages.FindPage(wiki.WikiName, Settings.GetDefaultPage(wiki.WikiName)) == null) { CreateMainPage(wiki.WikiName); } Log.LogEntry("Wiki " + wiki.WikiName + " is ready", EntryType.General, Log.SystemUsername, null); //Pages.RebuildPageLinks(Pages.GetPages(wiki.WikiName, null)); //foreach(ScrewTurn.Wiki.PluginFramework.NamespaceInfo nspace in Pages.GetNamespaces(wiki.WikiName)) { // Pages.RebuildPageLinks(Pages.GetPages(wiki.WikiName, nspace)); //} } Log.LogEntry("ScrewTurn Wiki is ready", EntryType.General, Log.SystemUsername, null); }
protected void Page_Load(object sender, EventArgs e) { currentWiki = DetectWiki(); rssFeedsMode = Settings.GetRssFeedsMode(currentWiki); if (rssFeedsMode == RssFeedsMode.Disabled) { Response.Clear(); Response.StatusCode = 404; Response.End(); return; } string currentUsername = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki); AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); currentNamespace = DetectNamespace(); if (string.IsNullOrEmpty(currentNamespace)) { currentNamespace = null; } if (SessionFacade.LoginKey == null) { // Look for username/password in the query string if (Request["Username"] != null && Request["Password"] != null) { // Try to authenticate UserInfo u = Users.FindUser(currentWiki, Request["Username"]); if (u != null) { // Very "dirty" way - pages should not access Providers if (u.Provider.TestAccount(u, Request["Password"])) { // Valid account currentUsername = Request["Username"]; currentGroups = Users.FindUser(currentWiki, currentUsername).Groups; } } else { // Check for built-in admin account if (Request["Username"].Equals("admin") && Request["Password"].Equals(GlobalSettings.GetMasterPassword())) { currentUsername = "******"; currentGroups = new string[] { Settings.GetAdministratorsGroup(currentWiki) }; } } } } Response.ClearContent(); Response.ContentType = "text/xml;charset=UTF-8"; Response.ContentEncoding = System.Text.UTF8Encoding.UTF8; if (Request["Page"] != null) { PageContent page = Pages.FindPage(currentWiki, Request["Page"]); if (page == null) { return; } if (Request["Discuss"] == null) { // Check permission for the page bool canReadPage = authChecker.CheckActionForPage(page.FullName, Actions.ForPages.ReadPage, currentUsername, currentGroups); if (!canReadPage) { Response.StatusCode = 401; return; } // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)), Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension, Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx?Page=", page.FullName), Formatter.StripHtml(page.Title) + " - " + Properties.Messages.PageUpdates); // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName))); rss.WriteEndElement(); rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension); UserInfo user = Users.FindUser(currentWiki, page.User); string username = user != null?Users.GetDisplayName(user) : page.User; // Create the description tag rss.WriteStartElement("description"); if (rssFeedsMode == RssFeedsMode.Summary) { rss.WriteCData(Formatter.StripHtml(page.Title) + ": " + Properties.Messages.ThePageHasBeenUpdatedBy + " " + page.User + (page.Comment.Length > 0 ? ".<br />" + page.Comment : ".")); } else { rss.WriteCData(FormattedContent.GetFormattedPageContent(currentWiki, page)); } rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", page.LastModified.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(page.FullName, page.LastModified)); rss.WriteEndElement(); // Complete the item element CompleteCurrentElement(rss); // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } else { // Check permission for the discussion bool canReadDiscussion = authChecker.CheckActionForPage(page.FullName, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups); if (!canReadDiscussion) { Response.StatusCode = 401; return; } List <Message> messages = new List <Message>(Pages.GetPageMessages(page)); // Un-tree Messages messages = UnTreeMessages(messages); // Sort from newer to older messages.Sort(new MessageDateTimeComparer(true)); // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)) + " - Discussion Updates", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension + "?Discuss=1", Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx?Page=", page.FullName, "&Discuss=1"), Settings.GetWikiTitle(currentWiki) + " - " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, page.Title, false, FormattingContext.PageContent, page.FullName)) + " - Discussion Updates"); for (int i = 0; i < messages.Count; i++) { // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, messages[i].Subject, false, FormattingContext.MessageBody, page.FullName))); rss.WriteEndElement(); rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + page.FullName + GlobalSettings.PageExtension + "?Discuss=1"); UserInfo user = Users.FindUser(currentWiki, messages[i].Username); string username = user != null?Users.GetDisplayName(user) : messages[i].Username; // Create the description tag rss.WriteStartElement("description"); if (rssFeedsMode == RssFeedsMode.Summary) { rss.WriteCData(Properties.Messages.AMessageHasBeenPostedBy.Replace("##SUBJECT##", messages[i].Subject) + " " + username + "."); } else { rss.WriteCData(FormattingPipeline.FormatWithPhase3(currentWiki, FormattingPipeline.FormatWithPhase1And2(currentWiki, messages[i].Body, false, FormattingContext.MessageBody, page.FullName), FormattingContext.MessageBody, page.FullName)); } rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", messages[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(page.FullName + "-" + messages[i].ID.ToString(), messages[i].DateTime)); rss.WriteEndElement(); // Complete the item element CompleteCurrentElement(rss); } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } } else { if (Request["Discuss"] == null) { // All page updates // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); bool useCat = false; string cat = ""; if (Request["Category"] != null) { useCat = true; cat = Request["Category"]; } // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Properties.Messages.PageUpdates, Settings.GetMainUrl(currentWiki), Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx", (useCat ? ("?Category=" + cat) : "")), Properties.Messages.RecentPageUpdates); RecentChange[] ch = RecentChanges.GetAllChanges(currentWiki); Array.Reverse(ch); for (int i = 0; i < ch.Length; i++) { // Suppress this entry if we've already reported this page (so we don't create duplicate entries in the feed page) bool duplicateFound = false; for (int j = 0; j < i; j++) { if (ch[j].Page == ch[i].Page) { duplicateFound = true; break; } } if (duplicateFound) { continue; } // Skip message-related entries if (!IsPageChange(ch[i].Change)) { continue; } PageContent p = Pages.FindPage(currentWiki, ch[i].Page); if (p != null) { // Check permissions for every page bool canReadThisPage = authChecker.CheckActionForPage(p.FullName, Actions.ForPages.ReadPage, currentUsername, currentGroups); if (!canReadThisPage) { continue; } if (useCat) { CategoryInfo[] infos = Pages.GetCategoriesForPage(p); if (infos.Length == 0 && cat != "-") { continue; } else if (infos.Length != 0) { bool found = false; for (int k = 0; k < infos.Length; k++) { if (infos[k].FullName == cat) { found = true; break; } } if (!found) { continue; } } } } // Check namespace if (p != null && NameTools.GetNamespace(p.FullName) != currentNamespace) { continue; } // Skip deleted pages as their category binding is unknown if (p == null && useCat) { continue; } // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, ch[i].Title, false, FormattingContext.PageContent, p.FullName))); rss.WriteEndElement(); if (ch[i].Change != Change.PageDeleted && p != null) { if (ch[i].Change != Change.PageDeleted && p != null) { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension); } else { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki)); } } UserInfo user = Users.FindUser(currentWiki, ch[i].User); string username = user != null?Users.GetDisplayName(user) : ch[i].User; rss.WriteElementString("author", username); // Create the description tag StringBuilder sb = new StringBuilder(); if (rssFeedsMode == RssFeedsMode.Summary || p == null) { switch (ch[i].Change) { case Change.PageUpdated: sb.Append(Properties.Messages.ThePageHasBeenUpdatedBy); break; case Change.PageDeleted: sb.Append(Properties.Messages.ThePageHasBeenDeletedBy); break; case Change.PageRenamed: sb.Append(Properties.Messages.ThePageHasBeenRenamedBy); break; case Change.PageRolledBack: sb.Append(Properties.Messages.ThePageHasBeenRolledBackBy); break; } sb.Append(" " + username + (ch[i].Description.Length > 0 ? ".<br />" + ch[i].Description : ".")); } else { // p != null sb.Append(FormattedContent.GetFormattedPageContent(currentWiki, p)); } rss.WriteStartElement("description"); rss.WriteCData(sb.ToString()); rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("pubDate", ch[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(ch[i].Page, ch[i].DateTime)); rss.WriteEndElement(); // Complete the item element rss.WriteEndElement(); } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } else { // All discussion updates // Start an XML writer for the output stream using (XmlWriter rss = XmlWriter.Create(Response.OutputStream)) { // Build an RSS header BuildRssHeader(rss); bool useCat = false; string cat = ""; if (Request["Category"] != null) { useCat = true; cat = Request["Category"]; } // Build the channel element BuildChannelHead(rss, Settings.GetWikiTitle(currentWiki) + " - " + Properties.Messages.DiscussionUpdates, Settings.GetMainUrl(currentWiki), Settings.GetMainUrl(currentWiki) + UrlTools.BuildUrl(currentWiki, "RSS.aspx", (useCat ? ("?Category=" + cat) : "")), Properties.Messages.RecentDiscussionUpdates); RecentChange[] ch = RecentChanges.GetAllChanges(currentWiki); Array.Reverse(ch); for (int i = 0; i < ch.Length; i++) { // Skip page-related entries if (!IsMessageChange(ch[i].Change)) { continue; } PageContent p = Pages.FindPage(currentWiki, ch[i].Page); if (p != null) { // Check permissions for every page bool canReadThisPageDiscussion = authChecker.CheckActionForPage(p.FullName, Actions.ForPages.ReadDiscussion, currentUsername, currentGroups); if (!canReadThisPageDiscussion) { continue; } if (useCat) { CategoryInfo[] infos = Pages.GetCategoriesForPage(p); if (infos.Length == 0 && cat != "-") { continue; } else if (infos.Length != 0) { bool found = false; for (int k = 0; k < infos.Length; k++) { if (infos[k].FullName == cat) { found = true; break; } } if (!found) { continue; } } } // Check namespace if (NameTools.GetNamespace(p.FullName) != currentNamespace) { continue; } // Write the item element rss.WriteStartElement("item"); rss.WriteStartElement("title"); rss.WriteCData(Properties.Messages.Discussion + ": " + Formatter.StripHtml(FormattingPipeline.PrepareTitle(currentWiki, ch[i].Title, false, FormattingContext.PageContent, p.FullName))); rss.WriteEndElement(); string id = Tools.GetMessageIdForAnchor(ch[i].DateTime); if (ch[i].Change != Change.MessageDeleted) { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension + "?Discuss=1#" + id); } else { rss.WriteElementString("link", Settings.GetMainUrl(currentWiki) + ch[i].Page + GlobalSettings.PageExtension + "?Discuss=1"); } string messageContent = FindMessageContent(ch[i].Page, id); UserInfo user = Users.FindUser(currentWiki, ch[i].User); string username = user != null?Users.GetDisplayName(user) : ch[i].User; // Create the description tag StringBuilder sb = new StringBuilder(); if (rssFeedsMode == RssFeedsMode.Summary || messageContent == null) { switch (ch[i].Change) { case Change.MessagePosted: sb.Append(Properties.Messages.AMessageHasBeenPostedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; case Change.MessageEdited: sb.Append(Properties.Messages.AMessageHasBeenEditedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; case Change.MessageDeleted: sb.Append(Properties.Messages.AMessageHasBeenDeletedBy.Replace("##SUBJECT##", ch[i].MessageSubject)); break; } sb.Append(" " + username + (ch[i].Description.Length > 0 ? ".<br />" + ch[i].Description : ".")); } else { sb.Append(FormattingPipeline.FormatWithPhase3(currentWiki, FormattingPipeline.FormatWithPhase1And2(currentWiki, messageContent, false, FormattingContext.MessageBody, null), FormattingContext.MessageBody, null)); } rss.WriteStartElement("description"); rss.WriteCData(sb.ToString()); rss.WriteEndElement(); // Write the remaining elements rss.WriteElementString("author", username); rss.WriteElementString("pubDate", ch[i].DateTime.ToUniversalTime().ToString("R")); rss.WriteStartElement("guid"); rss.WriteAttributeString("isPermaLink", "false"); rss.WriteString(GetGuid(ch[i].Page, ch[i].DateTime)); rss.WriteEndElement(); // Complete the item element rss.WriteEndElement(); } } // Complete the channel element CompleteCurrentElement(rss); // Complete the rss element CompleteCurrentElement(rss); // Finish off rss.Flush(); rss.Close(); } } } }
protected void btnSave_Click(object sender, EventArgs e) { bool wasVisible = pnlPageName.Visible; pnlPageName.Visible = true; if (!wasVisible && Settings.GetAutoGeneratePageNames(currentWiki) && txtName.Enabled) { txtName.Text = GenerateAutoName(txtTitle.Text); } txtName.Text = txtName.Text.Trim(); Page.Validate("nametitle"); Page.Validate("captcha"); if (!Page.IsValid) { if (!rfvTitle.IsValid || !rfvName.IsValid || !cvName1.IsValid || !cvName2.IsValid) { pnlPageName.Visible = true; pnlManualName.Visible = false; } return; } pnlPageName.Visible = wasVisible; // Check permissions if (currentPage == null) { // Check permissions for creating new pages if (!canCreateNewPages) { UrlTools.Redirect("AccessDenied.aspx"); } } else { // Check permissions for editing current page if (!canEdit && !canEditWithApproval) { UrlTools.Redirect("AccessDenied.aspx"); } } chkMinorChange.Visible = true; chkSaveAsDraft.Visible = true; // Verify edit with approval if (!canEdit && canEditWithApproval) { chkSaveAsDraft.Checked = true; } // Check for scripts (Administrators can always add SCRIPT tags) if (!SessionFacade.GetCurrentGroupNames(currentWiki).Contains(Settings.GetAdministratorsGroup(currentWiki)) && !Settings.GetScriptTagsAllowed(currentWiki)) { Regex r = new Regex(@"\<script.*?\>", RegexOptions.Compiled | RegexOptions.IgnoreCase); if (r.Match(editor.GetContent()).Success) { lblResult.Text = @"<span style=""color: #FF0000;"">" + Properties.Messages.ScriptDetected + "</span>"; return; } } bool redirect = true; if (sender == btnSaveAndContinue) { redirect = false; } lblResult.Text = ""; lblResult.CssClass = ""; string username = ""; if (SessionFacade.LoginKey == null) { username = Request.UserHostAddress; } else { username = SessionFacade.CurrentUsername; } IPagesStorageProviderV40 provider = FindAppropriateProvider(); // Create list of selected categories List <CategoryInfo> categories = new List <CategoryInfo>(); for (int i = 0; i < lstCategories.Items.Count; i++) { if (lstCategories.Items[i].Selected) { CategoryInfo cat = Pages.FindCategory(currentWiki, lstCategories.Items[i].Value); // Sanity check if (cat.Provider == provider) { categories.Add(cat); } } } txtComment.Text = txtComment.Text.Trim(); txtDescription.Text = txtDescription.Text.Trim(); SaveMode saveMode = SaveMode.Backup; if (chkSaveAsDraft.Checked) { saveMode = SaveMode.Draft; } if (chkMinorChange.Checked) { saveMode = SaveMode.Normal; } if (txtName.Enabled) { // Find page, if inexistent create it Log.LogEntry("Page update requested for " + txtName.Text, EntryType.General, username, currentWiki); string nspace = DetectNamespaceInfo() != null?DetectNamespaceInfo().Name : null; PageContent pg = Pages.FindPage(NameTools.GetFullName(DetectNamespace(), txtName.Text), provider); if (pg == null) { saveMode = SaveMode.Normal; pg = Pages.SetPageContent(currentWiki, nspace, txtName.Text, provider, txtTitle.Text, username, DateTime.UtcNow, txtComment.Text, editor.GetContent(), GetKeywords(), txtDescription.Text, saveMode); attachmentManager.CurrentPage = pg; } else { Pages.SetPageContent(currentWiki, nspace, txtName.Text, provider, txtTitle.Text, username, DateTime.UtcNow, txtComment.Text, editor.GetContent(), GetKeywords(), txtDescription.Text, saveMode); } // Save categories binding Pages.Rebind(pg, categories.ToArray()); // If not a draft, remove page draft if (saveMode != SaveMode.Draft) { Pages.DeleteDraft(pg.FullName, pg.Provider); isDraft = false; } else { isDraft = true; } ManageDraft(); lblResult.CssClass = "resultok"; lblResult.Text = Properties.Messages.PageSaved; // This is a new page, so only who has page management permissions can execute this code // No notification must be sent for drafts awaiting approval if (redirect) { Collisions.CancelEditingSession(pg, username); string target = UrlTools.BuildUrl(currentWiki, Tools.UrlEncode(txtName.Text), GlobalSettings.PageExtension, "?NoRedirect=1"); UrlTools.Redirect(target); } else { // Disable PageName, because the name cannot be changed anymore txtName.Enabled = false; pnlManualName.Visible = false; } } else { // Used for redirecting to a specific section after editing it string anchor = ""; if (currentPage == null) { currentPage = Pages.FindPage(currentWiki, NameTools.GetFullName(DetectNamespace(), txtName.Text)); } // Save data Log.LogEntry("Page update requested for " + currentPage.FullName, EntryType.General, username, currentWiki); if (!isDraft && currentSection != -1) { StringBuilder sb = new StringBuilder(currentPage.Content.Length); int start, len; ExtractSection(currentPage.Content, currentSection, out start, out len, out anchor); if (start > 0) { sb.Append(currentPage.Content.Substring(0, start)); } sb.Append(editor.GetContent()); if (start + len < currentPage.Content.Length - 1) { sb.Append(currentPage.Content.Substring(start + len)); } Pages.SetPageContent(currentPage.Provider.CurrentWiki, NameTools.GetNamespace(currentPage.FullName), NameTools.GetLocalName(currentPage.FullName), txtTitle.Text, username, DateTime.UtcNow, txtComment.Text, sb.ToString(), GetKeywords(), txtDescription.Text, saveMode); } else { Pages.SetPageContent(currentPage.Provider.CurrentWiki, NameTools.GetNamespace(currentPage.FullName), NameTools.GetLocalName(currentPage.FullName), txtTitle.Text, username, DateTime.UtcNow, txtComment.Text, editor.GetContent(), GetKeywords(), txtDescription.Text, saveMode); } // Save Categories binding Pages.Rebind(currentPage, categories.ToArray()); // If not a draft, remove page draft if (saveMode != SaveMode.Draft) { Pages.DeleteDraft(currentPage.FullName, currentPage.Provider); isDraft = false; } else { isDraft = true; } ManageDraft(); lblResult.CssClass = "resultok"; lblResult.Text = Properties.Messages.PageSaved; // This code is executed every time the page is saved, even when "Save & Continue" is clicked // This causes a draft approval notification to be sent multiple times for the same page, // but this is the only solution because the user might navigate away from the page after // clicking "Save & Continue" but not "Save" or "Cancel" - in other words, it is necessary // to take every chance to send a notification because no more chances might be available if (!canEdit && canEditWithApproval) { Pages.SendEmailNotificationForDraft(currentPage.Provider.CurrentWiki, currentPage.FullName, txtTitle.Text, txtComment.Text, username); } if (redirect) { Collisions.CancelEditingSession(currentPage, username); string target = UrlTools.BuildUrl(currentWiki, Tools.UrlEncode(currentPage.FullName), GlobalSettings.PageExtension, "?NoRedirect=1", (!string.IsNullOrEmpty(anchor) ? ("#" + anchor + "_" + currentSection.ToString()) : "")); UrlTools.Redirect(target); } } }
/// <summary> /// Detects the permissions of the current user. /// </summary> private void DetectPermissions() { if (CurrentPage != null) { string currentWiki = Tools.DetectCurrentWiki(); string currentUser = SessionFacade.GetCurrentUsername(); string[] currentGroups = SessionFacade.GetCurrentGroupNames(currentWiki); AuthChecker authChecker = new AuthChecker(Collectors.CollectorsBox.GetSettingsProvider(currentWiki)); canDownload = authChecker.CheckActionForPage(CurrentPage.FullName, Actions.ForPages.DownloadAttachments, currentUser, currentGroups); canUpload = authChecker.CheckActionForPage(CurrentPage.FullName, Actions.ForPages.UploadAttachments, currentUser, currentGroups); canDelete = authChecker.CheckActionForPage(CurrentPage.FullName, Actions.ForPages.DeleteAttachments, currentUser, currentGroups); isAdmin = Array.Find(currentGroups, delegate(string g) { return(g == Settings.GetAdministratorsGroup(currentWiki)); }) != null; } else { canDownload = false; canUpload = false; canDelete = false; isAdmin = false; } lstProviders.Visible = isAdmin; }