/// <summary> /// Check if a user may do something - and throw an error if the permission is not given /// </summary> /// <param name="contentType"></param> /// <param name="grant"></param> /// <param name="autoAllowAdmin"></param> /// <param name="specificItem"></param> private void PerformSecurityCheck(string contentType, PermissionGrant grant, bool autoAllowAdmin = false, IEntity specificItem = null) { // Check if we can find this content-type var ctc = new ContentTypeController(); ctc.SetAppIdAndUser(App.AppId); var cache = DataSource.GetCache(null, App.AppId); var ct = cache.GetContentType(contentType); if (ct == null) { ThrowHttpError(HttpStatusCode.NotFound, "Could not find Content Type '" + contentType + "'.", "content-types"); return; } // Check if the content-type has a GUID as name - only these can have permission assignments Guid ctGuid; var staticNameIsGuid = Guid.TryParse(ct.StaticName, out ctGuid); if(!staticNameIsGuid) ThrowHttpError(HttpStatusCode.Unauthorized, "Content Type '" + contentType + "' is not a standard Content Type - no permissions possible."); // Check permissions in 2sxc - or check if the user has admin-right (in which case he's always granted access for these types of content) var permissionChecker = new PermissionController(App.ZoneId, App.AppId, ctGuid, specificItem, Dnn.Module); var allowed = permissionChecker.UserMay(grant); var isAdmin = autoAllowAdmin && DotNetNuke.Security.Permissions.ModulePermissionController.CanAdminModule(Dnn.Module); if(!(allowed || isAdmin)) ThrowHttpError(HttpStatusCode.Unauthorized, "Request not allowed. User needs permissions to " + grant + " for Content Type '" + contentType + "'.", "permissions"); }
// todo: check if this call could be replaced with the normal ContentTypeController.Get to prevent redundant code public IEnumerable<object> GetContentTypesWithStatus() { // 2016-09-08 2dm - changed to use all templates, because of https://github.com/2sic/2sxc/issues/831 var availableTemplates = GetAllTemplates().ToList();// GetVisibleTemplates(); var visTemplates = availableTemplates.Where(t => !t.IsHidden).ToList(); var mdCache = TemplateDataSource().Cache; var ctc = new ContentTypeController(); var ser = new Serializer(); return GetAvailableContentTypes(Settings.AttributeSetScope) .Where(p => availableTemplates.Any(t => t.ContentTypeStaticName == p.StaticName)) // must exist in at least 1 template .OrderBy(p => p.Name) .Select(p => new { p.StaticName, p.Name, IsHidden = !(visTemplates.Any(t => t.ContentTypeStaticName == p.StaticName)), // must check if *any* template is visible, otherise tell the UI that it's hidden Metadata = ser.Prepare(ctc.GetMetadata(p, mdCache)) }); }