Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.Collections.Generic;
- using System.Linq;
- using System.Text;
- using Microsoft.SharePoint;
- using Microsoft.SharePoint.Publishing;
- using Precio.Soc.ExternalWeb.BL.PageManagers;
- using Precio.Soc.ExternalWeb.Common.Containers;
- using Precio.Soc.ExternalWeb.DAL.FourLevelEntities;
- using COB.SharePoint.Utilities;
- using Precio.Soc.ExternalWeb.Common;
- using Precio.Services.Logging;
- using Precio.Soc.ExternalWeb.Common.Configuration;
- using Precio.Soc.ExternalWeb.BL.Navigation;
- namespace Precio.Soc.ExternalWeb.BL.Security
- {
- public delegate void RunWithElevatedPrivilegesWebDelegate(SPWeb elevatedWeb);
- public delegate void RunWithElevatedPrivilegesSiteDelegate(SPSite elevatedSite);
- public class SecurityUtil
- {
- /// <summary>
- /// Runs the specified delegate method with elevated privileges if current user has high enough permission level.
- /// </summary>
- /// <param name="codeToRunElevated">The code to run elevated.</param>
- /// <param name="minimumPermissionLevel">Minimum requested permission level for operation</param>
- public static void RunWithElevatedPrivilegesIfUserHasPermissionLevel(SocExtWebRolePermissions minimumPermissionLevel, RunWithElevatedPrivilegesSiteDelegate codeToRunElevated)
- {
- if (SecurityUtil.DoesUserHaveRolePermission(
- SPContext.Current.Web.CurrentUser,
- minimumPermissionLevel))
- {
- RunWithElevatedPrivileges(codeToRunElevated);
- }
- else
- {
- codeToRunElevated(SPContext.Current.Site);
- }
- }
- /// <summary>
- /// Runs the specified delegate method with elevated privileges.
- /// </summary>
- /// <param name="codeToRunElevated">The code to run elevated.</param>
- public static void RunWithElevatedPrivileges(RunWithElevatedPrivilegesSiteDelegate codeToRunElevated)
- {
- SPSecurity.RunWithElevatedPrivileges(delegate
- {
- using (SPSite elevatedSite = new SPSite(SPContext.Current.Web.Url))
- {
- bool formDigestSettings = elevatedSite.WebApplication.FormDigestSettings.Enabled;
- bool allowUnsafeUpdates = elevatedSite.AllowUnsafeUpdates;
- try
- {
- elevatedSite.WebApplication.FormDigestSettings.Enabled = false;
- elevatedSite.AllowUnsafeUpdates = true;
- codeToRunElevated(elevatedSite);
- }
- finally
- {
- elevatedSite.AllowUnsafeUpdates = allowUnsafeUpdates;
- elevatedSite.WebApplication.FormDigestSettings.Enabled = formDigestSettings;
- }
- }
- });
- }
- /// <summary>
- /// Runs the specified delegate method with elevated privileges.
- /// </summary>
- /// <param name="codeToRunElevated">The code to run elevated.</param>
- public static void RunWithElevatedPrivileges(RunWithElevatedPrivilegesWebDelegate codeToRunElevated)
- {
- SPSecurity.RunWithElevatedPrivileges(delegate
- {
- using (SPSite site = new SPSite(SPContext.Current.Web.Url))
- {
- using (SPWeb elevatedWeb = site.OpenWeb())
- {
- bool formDigestSettings = elevatedWeb.Site.WebApplication.FormDigestSettings.Enabled;
- bool allowUnsafeUpdates = elevatedWeb.AllowUnsafeUpdates;
- try
- {
- elevatedWeb.Site.WebApplication.FormDigestSettings.Enabled = false;
- elevatedWeb.AllowUnsafeUpdates = true;
- codeToRunElevated(elevatedWeb);
- }
- finally
- {
- elevatedWeb.AllowUnsafeUpdates = allowUnsafeUpdates;
- elevatedWeb.Site.WebApplication.FormDigestSettings.Enabled = formDigestSettings;
- }
- }
- }
- });
- }
- /// <summary>
- /// Runs the specified delegate method with elevated privileges.
- /// </summary>
- /// <param name="codeToRunElevated">The code to run elevated.</param>
- /// <param name="minimumPermissionLevel">Minimum requested permission level for operation</param>
- public static void RunWithElevatedPrivileges(RunWithElevatedPrivilegesWebDelegate codeToRunElevated, SocExtWebRolePermissions minimumPermissionLevel)
- {
- SPUser user = SPContext.Current.Web.CurrentUser;
- bool userHasPermission = DoesUserHaveRolePermission(user, minimumPermissionLevel);
- if (userHasPermission)
- {
- RunWithElevatedPrivileges(codeToRunElevated);
- }
- else
- {
- throw new UnauthorizedAccessException("Current user has no access for this operation.");
- }
- }
- public static bool DoesUserHaveRolePermission(SPUser user, SocExtWebRolePermissions minimumPermissionLevel)
- {
- if (user == null)
- {
- return false;
- }
- if (user.IsSiteAdmin)
- {
- return true;
- }
- string anvandareGroupName = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, Precio.Soc.ExternalWeb.Common.Constants.ConfigKeys.AnvandareGroupName);
- string redaktorGroupName = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, Precio.Soc.ExternalWeb.Common.Constants.ConfigKeys.RedaktorGroupName);
- string webbSamordnareGroupName = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, Precio.Soc.ExternalWeb.Common.Constants.ConfigKeys.WebbSamordnareGroupName);
- string webbStrategGroupName = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, Precio.Soc.ExternalWeb.Common.Constants.ConfigKeys.WebbStrategGroupName);
- if (minimumPermissionLevel == SocExtWebRolePermissions.Anvandare && (
- SPContext.Current.Web.SiteGroups[anvandareGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[redaktorGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[webbSamordnareGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[webbStrategGroupName].ContainsCurrentUser
- ))
- {
- return true;
- }
- if (minimumPermissionLevel == SocExtWebRolePermissions.Redaktor && (
- SPContext.Current.Web.SiteGroups[redaktorGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[webbSamordnareGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[webbStrategGroupName].ContainsCurrentUser
- ))
- {
- return true;
- }
- if (minimumPermissionLevel == SocExtWebRolePermissions.WebbSamordnare && (
- SPContext.Current.Web.SiteGroups[webbSamordnareGroupName].ContainsCurrentUser ||
- SPContext.Current.Web.SiteGroups[webbStrategGroupName].ContainsCurrentUser
- ))
- {
- return true;
- }
- if (minimumPermissionLevel == SocExtWebRolePermissions.WebbStrateg && (
- SPContext.Current.Web.SiteGroups[webbStrategGroupName].ContainsCurrentUser
- ))
- {
- return true;
- }
- return false;
- }
- /// <summary>
- /// Loads the group using the configuration.
- /// </summary>
- /// <param name="rootWeb"></param>
- /// <returns>The group, null if the group is not found.</returns>
- public static SPGroup GetWebbsamordnareGroup(SPWeb rootWeb)
- {
- string groupName;
- try
- {
- groupName = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, Constants.ConfigKeys.WebbSamordnareGroupName);
- if (!rootWeb.ContainsSiteGroup(groupName))
- {
- LoggingServiceFacade.LogEvent(
- string.Format("SecurityUtil,GetWebbsamordnareGroup: The group {0} is missing, the configuration feature needs to be reactivated.", groupName),
- EntryType.Error);
- return null;
- }
- return rootWeb.SiteGroups[groupName];
- }
- catch (Exception ex)
- {
- LoggingServiceFacade.LogEvent(
- string.Format("SecurityUtil,GetWebbsamordnareGroup: Loading of group name failed, key: {0} \nReason:\n{1}",
- Constants.ConfigKeys.WebbSamordnareGroupName, ex.ToString()),
- EntryType.Error);
- return null;
- }
- }
- public static string LoadRoleName(string roleNameConfigKey)
- {
- string value;
- try
- {
- value = ConfigStoreUtil.GetConfigValue(Constants.ConfigCategories.GeneralConfiguration, roleNameConfigKey);
- }
- catch (Exception ex)
- {
- LoggingServiceFacade.LogEvent(
- string.Format("EnsureConfigurationReceiver,EnsureRoles: Loading of rolename failed \nReason:\n{0}", ex.ToString()),
- EntryType.Error);
- value = null;
- }
- return value;
- }
- /// <summary>
- ///
- /// </summary>
- /// <param name="currentSite"></param>
- /// <param name="changeType"></param>
- /// <param name="source"></param>
- /// <param name="target">null if target is root</param>
- /// <returns></returns>
- public static bool DoesUserHavePermissions(SPSite currentSite, ChangeType changeType, NodeValue source, NodeValue target)
- {
- bool userHasPermissions = true;
- switch (changeType)
- {
- case ChangeType.Copy:
- //if source is web, check managesubwebs on target else check addlistitems
- userHasPermissions =
- (IsWeb(currentSite, source) && CheckWebPermission(currentSite, target, SPBasePermissions.ManageSubwebs))
- || (!IsWeb(currentSite, source) && CheckPermission(currentSite, target, SPBasePermissions.AddListItems, SPBasePermissions.AddListItems));
- break;
- case ChangeType.Move:
- //Check if source is default sheisse
- using (var man = new FourLevelManager())
- {
- if (target == null && !man.IsPageDefaultPage(source.MossPageId, currentSite))
- {
- userHasPermissions = false;
- break;
- }
- }
- //Check source, ManageWeb? Check target, ManageSubWebs?
- if (target != null)
- userHasPermissions =
- (IsWeb(currentSite, source) && CheckPermission(currentSite, target, SPBasePermissions.ManageSubwebs, SPBasePermissions.AddListItems) && CheckWebPermission(currentSite, source, SPBasePermissions.ManageWeb)
- || (!IsWeb(currentSite, source) && CheckPermission(currentSite, target, SPBasePermissions.AddListItems, SPBasePermissions.AddListItems) && CheckWebPermission(currentSite, source, SPBasePermissions.AddListItems)));
- else
- userHasPermissions = CheckWebPermission(currentSite, new NodeValue()
- {
- Level = PageLevel.Level0
- }, SPBasePermissions.ManageSubwebs);
- break;
- case ChangeType.Mirror:
- //Is in correct role on target?
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.AddListItems, SPBasePermissions.AddListItems);
- break;
- case ChangeType.Delete:
- //Has manageweb || deletelistitem on source?
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.ManageWeb, SPBasePermissions.DeleteListItems);
- break;
- case ChangeType.DeleteMirror:
- //Is in correct role on source
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.ManageWeb, SPBasePermissions.AddListItems);
- break;
- case ChangeType.Rename:
- //Has editlistitem || has manageweb
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.ManageWeb, SPBasePermissions.ManageWeb);
- break;
- case ChangeType.Reorder:
- userHasPermissions = CheckWebPermission(currentSite, source, SPBasePermissions.ManageWeb);
- break;
- case ChangeType.Hide:
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.ManageWeb, SPBasePermissions.ManageWeb);
- break;
- case ChangeType.Show:
- userHasPermissions = CheckPermission(currentSite, source, SPBasePermissions.ManageWeb, SPBasePermissions.ManageWeb);
- break;
- default:
- break;
- }
- return userHasPermissions;
- }
- private static bool IsWeb(SPSite currentSite, NodeValue source)
- {
- bool isWeb;
- using (StructureDelegate del = new StructureDelegate())
- {
- IFourLevelEntity sourceEntity = del.LoadEntityById(source.Level, source.GetId());
- using (SPWeb containingWeb = currentSite.OpenWeb(sourceEntity.MossPage.WebId))
- {
- PublishingWeb publWeb = PublishingWeb.GetPublishingWeb(containingWeb);
- SPListItem physicalPage = publWeb.PagesList.GetItemById(sourceEntity.MossPage.ItemId);
- if (publWeb.DefaultPage.UniqueId == physicalPage.File.UniqueId)
- {
- isWeb = true;
- }
- else
- {
- isWeb = false;
- }
- }
- }
- return isWeb;
- }
- private static bool CheckPermission(SPSite currentSite, NodeValue source, SPBasePermissions rightsIfWeb, SPBasePermissions rightsIfListItem)
- {
- bool hasPermissions;
- using (StructureDelegate del = new StructureDelegate())
- {
- IFourLevelEntity sourceEntity = del.LoadEntityById(source.Level, source.GetId());
- using (SPWeb containingWeb = currentSite.OpenWeb(sourceEntity.MossPage.WebId))
- {
- PublishingWeb publWeb = PublishingWeb.GetPublishingWeb(containingWeb);
- SPListItem physicalPage = publWeb.PagesList.GetItemById(sourceEntity.MossPage.ItemId);
- if (publWeb.DefaultPage.UniqueId == physicalPage.File.UniqueId)
- {
- hasPermissions = containingWeb.DoesUserHavePermissions(rightsIfWeb);
- }
- else
- {
- hasPermissions = physicalPage.DoesUserHavePermissions(rightsIfListItem);
- }
- }
- }
- return hasPermissions;
- }
- private static bool CheckWebPermission(SPSite currentSite, NodeValue source, SPBasePermissions permission)
- {
- bool hasPermissions;
- if (source.Level == PageLevel.Level0)
- {
- hasPermissions = currentSite.RootWeb.DoesUserHavePermissions(permission);
- }
- else
- {
- using (StructureDelegate del = new StructureDelegate())
- {
- IFourLevelEntity sourceEntity = del.LoadEntityById(source.Level, source.GetId());
- using (SPWeb containingWeb = currentSite.OpenWeb(sourceEntity.MossPage.WebId))
- {
- hasPermissions = containingWeb.DoesUserHavePermissions(permission);
- }
- }
- }
- return hasPermissions;
- }
- public static bool IsPageChildOnTarget(NodeValue sourceNodeValue, NodeValue targetNodeValue)
- {
- bool hasSameParent;
- using (var man = new FourLevelManager())
- {
- var sourceEntity = man.LoadEntityById(sourceNodeValue.Level, sourceNodeValue.GetId());
- var targetEntity = man.LoadEntityById(targetNodeValue.Level, targetNodeValue.GetId());
- hasSameParent = man.IsParentOfNode(sourceEntity, targetEntity);
- }
- return hasSameParent;
- }
- }
- }
Add Comment
Please, Sign In to add comment