protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
if (!c.User.CanGrantRole(Role))
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot grant role '{1}' to '{2}'.", c.User.Name, Role, Grantee))));
}
return(AssertResult.Allow());
});
context.Assertions.Add(c => {
if (WithAdmin)
{
if (!c.User.IsRoleAdmin(Role))
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' does not administrate role '{1}'.", c.User, Role))));
}
}
return(AssertResult.Allow());
});
context.Assertions.Add(c => {
if (!c.User.CanManageUsers())
{
throw new SecurityException(String.Format("The user '{0}' has not enough rights to manage other users.", c.User.Name));
}
});
}
protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
bool modifyOwnRecord = c.User.Name.Equals(UserName);
if (modifyOwnRecord)
{
return(AssertResult.Allow());
}
if (!c.User.CanManageUsers())
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot create users", c.User.Name))));
}
return(AssertResult.Allow());
});
context.Assertions.Add(c => {
if (String.Equals(UserName, User.PublicName, StringComparison.OrdinalIgnoreCase) ||
String.Equals(UserName, User.SystemName, StringComparison.OrdinalIgnoreCase))
{
return(AssertResult.Deny(new SecurityException(String.Format("User name '{0}' is reserved for the system.", UserName))));
}
return(AssertResult.Allow());
});
}
protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
if (!c.User.CanManageRoles())
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' has not enough rights to create roles.", c.User.Name))));
}
return(AssertResult.Allow());
});
}
protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
if (String.Equals(UserName, User.PublicName, StringComparison.OrdinalIgnoreCase) ||
String.Equals(UserName, User.SystemName, StringComparison.OrdinalIgnoreCase))
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' is reserved and cannot be dropped.", UserName))));
}
return(AssertResult.Allow());
});
context.Assertions.Add(c => {
if (!c.User.CanDropUser(UserName))
{
throw new SecurityException(String.Format("The user '{0}' has not enough rights to drop the other user '{1}'",
c.User.Name, UserName));
}
});
}
protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
if (SystemRoles.IsSystemRole(RoleName))
{
return(AssertResult.Deny(new SecurityException(String.Format("The role '{0}' is system protected.", RoleName))));
}
return(AssertResult.Allow());
});
context.Assertions.Add(c => {
if (!c.User.CanDropRole(RoleName))
{
return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' has not enough rights to drop a role.", c.User.Name))));
}
return(AssertResult.Allow());
});
}
