Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <field fieldName="read_roles" returnType="stringCollection">MyAssembly.ReadItemRoles,MyAssembly</field>
- <field fieldName="denied_roles" returnType="stringCollection">MyAssembly.DenyReadItemRoles,MyAssembly</field>
- public class ReadItemRoles : IComputedIndexField
- {
- public object ComputeFieldValue(IIndexable indexable)
- {
- var scIndexable = indexable as SitecoreIndexableItem;
- var item = (Item)scIndexable;
- List<string> rolesList = new List<string>();
- using (new Sitecore.SecurityModel.SecurityEnabler())
- {
- var roles = RolesInRolesManager.GetAllRoles();
- var readRoles = roles.Where(r => item.Security.CanRead(r));
- if (readRoles != null && readRoles.Any())
- {
- rolesList = readRoles.Select(r => r.Name.Replace(@"", "|")).ToList();
- }
- }
- return rolesList;
- }
- public string FieldName { get; set; }
- public string ReturnType { get; set; }
- }
- public class DenyReadItemRoles : IComputedIndexField
- {
- public object ComputeFieldValue(IIndexable indexable)
- {
- var scIndexable = indexable as SitecoreIndexableItem;
- var item = (Item)scIndexable;
- List<string> rolesList = new List<string>();
- using (new Sitecore.SecurityModel.SecurityEnabler())
- {
- var roles = RolesInRolesManager.GetAllRoles();
- var denyRoles = roles.Where(r => r.IsDenied(item));
- if (denyRoles != null && denyRoles.Any())
- {
- rolesList = denyRoles.Select(r => r.Name.Replace(@"", "|")).ToList();
- }
- }
- if (rolesList.Count == 0)
- {
- var denyRoles = new List<string>();
- denyRoles.Add("none");
- return denyRoles;
- }
- return rolesList;
- }
- public string FieldName { get; set; }
- public string ReturnType { get; set; }
- }
- internal static class SecurityExtensions
- {
- internal static bool IsDenied(this Role role, Item item)
- {
- if (item.Security.CanRead(role)) return false;
- AccessRuleCollection accessRules = item.Security.GetAccessRules();
- if (accessRules != null)
- {
- foreach (AccessRule rule in accessRules)
- {
- if (rule.SecurityPermission == SecurityPermission.DenyAccess &&
- rule.AccessRight == AccessRight.ItemRead && rule.Account == role)
- {
- return true;
- }
- }
- }
- return (item.Parent == null) ? false : role.IsDenied(item.Parent);
- }
- }
- public static IQueryable<T> ApplySecurityFilter<T>(this IQueryable<T> query) where T : SearchResultItem {
- var userRoles = Sitecore.Context.User.Roles.Select(r => r.Name.Replace(@"", "|"));
- var readPredicate = PredicateBuilder.False<T>();
- readPredicate = userRoles.Aggregate(readPredicate, (current, role) => current.Or(i => i["read_roles"].Equals(role)));
- var denyPredicate = PredicateBuilder.True<T>();
- denyPredicate = userRoles.Aggregate(denyPredicate, (current, role) => current.And(i => !i["denied_roles"].Equals(role)));
- if (readPredicate.Body.NodeType != System.Linq.Expressions.ExpressionType.Constant) {
- query = query.Filter(readPredicate);
- }
- if (readPredicate.Body.NodeType != System.Linq.Expressions.ExpressionType.Constant) {
- query = query.Filter(denyPredicate);
- }
- return query;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement