/*
Kooboo is a content management system based on ASP.NET MVC framework. Copyright 2009 Yardi Technology Limited.
This program is free software: you can redistribute it and/or modify it under the terms of the
GNU General Public License version 3 as published by the Free Software Foundation.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program.
If not, see http://www.kooboo.com/gpl3/.
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Security;
using System.Security.Principal;
using Everest.Library.Data.Entity;
using Everest.CmsServices.Models;
using Everest.Library;
using Everest.Library.Providers.Caching;
namespace Everest.CmsServices.Services{
public class Permission
{
public string Name { get; set; }
public bool View { get; set; }
}
/// <summary>
///
/// </summary>
public class UserPermission
{
/// <summary>
/// Gets or sets the name of the user.
/// </summary>
/// <value>The name of the user.</value>
public string UserName { get; set; }
/// <summary>
/// Gets or sets the roles.
/// </summary>
/// <value>The roles.</value>
public IEnumerable<string> Roles { get; set; }
/// <summary>
/// Gets or sets the applications.
/// </summary>
/// <value>The applications.</value>
public IEnumerable<string> Applications { get; set; }
/// <summary>
/// Gets or sets a value indicating whether this instance is administrator.
/// </summary>
/// <value>
/// <c>true</c> if this instance is administrator; otherwise, <c>false</c>.
/// </value>
public bool IsAdministrator { get; set; }
/// <summary>
/// Gets or sets the permissions.
/// </summary>
/// <value>The permissions.</value>
public IEnumerable<Permission> Permissions { get; set; }
/// <summary>
/// Determines whether the specified name is allowed.
/// </summary>
/// <param name="name">The name.</param>
/// <param name="actionType">Type of the action.</param>
/// <returns>
/// <c>true</c> if the specified name is allowed; otherwise, <c>false</c>.
/// </returns>
public virtual bool IsAllowed(string name, string application, ActionType actionType)
{
bool isAllowed = false;
if (application == CmsGlobal.RootApplicationName || this.Applications.Contains(application, StringComparer.InvariantCultureIgnoreCase))
{
foreach (var permission in Permissions)
{
if (permission.Name.Equals(name, StringComparison.InvariantCultureIgnoreCase))
{
switch (actionType)
{
case ActionType.View:
isAllowed = isAllowed || permission.View;
break;
//case ActionType.Add:
// isAllowed = isAllowed || permission.Add;
// break;
//case ActionType.Update:
// isAllowed = isAllowed || permission.Update;
// break;
//case ActionType.Delete:
// isAllowed = isAllowed || permission.Delete;
// break;
//case ActionType.Audit:
// isAllowed = isAllowed || permission.Audit;
// break;
default:
break;
}
if (isAllowed)
{
break;
}
}
}
}
return isAllowed;
}
/// <summary>
/// Determines whether this instance [can access application] the specified application.
/// </summary>
/// <param name="application">The application.</param>
/// <returns>
/// <c>true</c> if this instance [can access application] the specified application; otherwise, <c>false</c>.
/// </returns>
public virtual bool CanAccessApplication(string application)
{
return Applications.Contains(application, StringComparer.InvariantCultureIgnoreCase);
}
}
public class PermissionService
{
/// <summary>
/// Gets the user permission.
/// </summary>
/// <param name="user">The user.</param>
/// <returns></returns>
public virtual UserPermission GetUserPermission(string userName)
{
string cacheKey = string.Format("GetUserPermission_UserName:{0}", userName);
UserPermission userPermission = CacheManager.Get(CachedData.Permission, cacheKey) as UserPermission;
if (userPermission == null)
{
IEverestCmsDataContext dataContext = EverestCmsEntities.GetDataContext();
userPermission = new UserPermission();
userPermission.UserName = userName;
userPermission.Roles = GetRoles(userName);
userPermission.Applications = CachedData.GetApplicationsByUser(userName);
var condition = EfUtility.BuildContainsExpression<Cms_Permission, string>(c => c.aspnet_Roles.RoleName, userPermission.Roles);
userPermission.Permissions = dataContext.Cms_Permission.Where(condition).Select(p => new Permission
{
Name = p.PermissionName,
View = p.View
//Add = p.Add,
//Delete = p.Delete,
//Update = p.Update,
//Audit = p.Audit
});
userPermission.IsAdministrator = IsAdministrator(userName);
CacheManager.Add(CachedData.Permission, cacheKey, userPermission);
}
return userPermission;
}
/// <summary>
/// Gets the roles.
/// </summary>
/// <param name="userName">Name of the user.</param>
/// <returns></returns>
public virtual IEnumerable<string> GetRoles(string userName)
{
return Roles.GetRolesForUser(userName);
}
/// <summary>
/// Determines whether the specified user is administrator.
/// </summary>
/// <param name="user">The user.</param>
/// <returns>
/// <c>true</c> if the specified user is administrator; otherwise, <c>false</c>.
/// </returns>
protected virtual bool IsAdministrator(string userName)
{
if (userName.Equals(CmsGlobal.AdministratorUserName, StringComparison.InvariantCultureIgnoreCase))
{
return true;
}
return false;
}
/// <summary>
/// Determines whether the specified user is allowed.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="name">The name.</param>
/// <param name="action">The action.</param>
/// <returns>
/// <c>true</c> if the specified user is allowed; otherwise, <c>false</c>.
/// </returns>
public virtual bool IsAllowed(string userName, string name, string application, ActionType action)
{
if (IsAdministrator(userName))
{
return true;
}
UserPermission userPermission = GetUserPermission(userName);
return userPermission.IsAllowed(name, application, action);
}
/// <summary>
/// Determines whether [is allowed edit content] [the specified user].
/// </summary>
/// <param name="user">The user.</param>
/// <param name="contentFolderUUID">The content folder UUID.</param>
/// <param name="application">The application.</param>
/// <param name="action">The action.</param>
/// <returns>
/// <c>true</c> if [is allowed edit content] [the specified user]; otherwise, <c>false</c>.
/// </returns>
public virtual bool IsAllowedEditContent(string userName, Guid contentFolderUUID, string application, ActionType action)
{
if (!CanAccessApplication(userName, application))
{
return false;
}
var dataContext = EverestCmsEntities.GetDataContext();
var workflow = dataContext.QueryWorkflowByFolder(contentFolderUUID).FirstOrDefault();
if (workflow != null)
{
WorkflowService workflowService = UnityManager.Resolve<WorkflowService>();
return workflowService.IsUserInWorkflow(workflow, userName);
}
return true;
}
/// <summary>
/// Determines whether this instance [can access application] the specified user.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="application">The application.</param>
/// <returns>
/// <c>true</c> if this instance [can access application] the specified user; otherwise, <c>false</c>.
/// </returns>
public virtual bool CanAccessApplication(string userName, string application)
{
if (IsAdministrator(userName))
{
return true;
}
UserPermission userPermission = GetUserPermission(userName);
return userPermission.CanAccessApplication(application);
}
}
}
|