<field fieldName="read_roles" returnType="stringCollection">MyAssembly.ReadItemR

1. <field fieldName="read_roles" returnType="stringCollection">MyAssembly.ReadItemRoles,MyAssembly</field>
2. <field fieldName="denied_roles" returnType="stringCollection">MyAssembly.DenyReadItemRoles,MyAssembly</field>
3.  
4. public class ReadItemRoles : IComputedIndexField
5. {
6. public object ComputeFieldValue(IIndexable indexable)
7. {
8. var scIndexable = indexable as SitecoreIndexableItem;
9. var item = (Item)scIndexable;
10. List<string> rolesList = new List<string>();
11. using (new Sitecore.SecurityModel.SecurityEnabler())
12. {
13. var roles = RolesInRolesManager.GetAllRoles();
14. var readRoles = roles.Where(r => item.Security.CanRead(r));
15. if (readRoles != null && readRoles.Any())
16. {
17. rolesList = readRoles.Select(r => r.Name.Replace(@"", "|")).ToList();
18. }
19. }
20. return rolesList;
21. }
22.  
23. public string FieldName { get; set; }
24. public string ReturnType { get; set; }
25. }
26.  
27. public class DenyReadItemRoles : IComputedIndexField
28. {
29. public object ComputeFieldValue(IIndexable indexable)
30. {
31. var scIndexable = indexable as SitecoreIndexableItem;
32. var item = (Item)scIndexable;
33. List<string> rolesList = new List<string>();
34. using (new Sitecore.SecurityModel.SecurityEnabler())
35. {
36. var roles = RolesInRolesManager.GetAllRoles();
37. var denyRoles = roles.Where(r => r.IsDenied(item));
38. if (denyRoles != null && denyRoles.Any())
39. {
40. rolesList = denyRoles.Select(r => r.Name.Replace(@"", "|")).ToList();
41. }
42. }
43. if (rolesList.Count == 0)
44. {
45. var denyRoles = new List<string>();
46. denyRoles.Add("none");
47. return denyRoles;
48. }
49. return rolesList;
50. }
51.  
52. public string FieldName { get; set; }
53. public string ReturnType { get; set; }
54. }
55.  
56. internal static class SecurityExtensions
57. {
58. internal static bool IsDenied(this Role role, Item item)
59. {
60. if (item.Security.CanRead(role)) return false;
61. AccessRuleCollection accessRules = item.Security.GetAccessRules();
62. if (accessRules != null)
63. {
64. foreach (AccessRule rule in accessRules)
65. {
66. if (rule.SecurityPermission == SecurityPermission.DenyAccess &&
67. rule.AccessRight == AccessRight.ItemRead && rule.Account == role)
68. {
69. return true;
70. }
71. }
72. }
73. return (item.Parent == null) ? false : role.IsDenied(item.Parent);
74. }
75. }
76.  
77. public static IQueryable<T> ApplySecurityFilter<T>(this IQueryable<T> query) where T : SearchResultItem {
78.  
79. var userRoles = Sitecore.Context.User.Roles.Select(r => r.Name.Replace(@"", "|"));
80.  
81. var readPredicate = PredicateBuilder.False<T>();
82. readPredicate = userRoles.Aggregate(readPredicate, (current, role) => current.Or(i => i["read_roles"].Equals(role)));
83.  
84. var denyPredicate = PredicateBuilder.True<T>();
85. denyPredicate = userRoles.Aggregate(denyPredicate, (current, role) => current.And(i => !i["denied_roles"].Equals(role)));
86.  
87. if (readPredicate.Body.NodeType != System.Linq.Expressions.ExpressionType.Constant) {
88. query = query.Filter(readPredicate);
89. }
90. if (readPredicate.Body.NodeType != System.Linq.Expressions.ExpressionType.Constant) {
91. query = query.Filter(denyPredicate);
92. }
93. return query;
94. }