Beispiel #1
0
        private static bool hasOperationRigths(XElement operation, string userName)
        {
            //get parameters for the function to check
            string name       = userName;
            string area       = operation.Attribute("area").Value.ToLower();
            string controller = operation.Attribute("controller").Value.ToLower();

            string identifier = name + "_" + area + "_" + controller;

            // check if rights already stored in the session
            if (System.Web.HttpContext.Current.Session["menu_permission"] != null && ((Dictionary <string, bool>)System.Web.HttpContext.Current.Session["menu_permission"]).ContainsKey(identifier))
            {
                return((bool)((Dictionary <string, bool>)System.Web.HttpContext.Current.Session["menu_permission"])[identifier]);
            }

            FeaturePermissionManager featurePermissionManager = new FeaturePermissionManager();
            OperationManager         operationManager         = new OperationManager();

            try
            {
                //currently the action are not check, so we use a wildcard
                string action = "*";//operation.Attribute("action").Value.ToLower();

                //// check if the operation is public
                //var op = operationManager.Operations.Where(x => x.Module.ToUpperInvariant() == area.ToUpperInvariant() && x.Controller.ToUpperInvariant() == controller.ToUpperInvariant() && x.Action.ToUpperInvariant() == action.ToUpperInvariant()).FirstOrDefault();
                //var feature = op?.Feature;
                //if (feature == null) return true;

                ////or user has rights
                //if (string.IsNullOrEmpty(userName)) return false;
                bool permission = featurePermissionManager.HasAccess <User>(name, area, controller, action);

                System.Web.HttpContext.Current.Session[identifier] = permission;

                // check if dictionary for menu permissions exists and create it if not
                if (System.Web.HttpContext.Current.Session["menu_permission"] == null)
                {
                    System.Web.HttpContext.Current.Session["menu_permission"] = new Dictionary <string, bool>();
                }

                ((Dictionary <string, bool>)System.Web.HttpContext.Current.Session["menu_permission"]).Add(identifier, permission); // add menu right for the currently logged in user to session

                return(permission);
            }
            catch (Exception ex)
            {
                throw ex;
            }
            finally
            {
                featurePermissionManager.Dispose();
                operationManager.Dispose();
            }
        }
Beispiel #2
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="subjectId"></param>
        /// <param name="featureId"></param>
        /// <param name="permissionType"></param>
        public void DeleteFeaturePermission(long subjectId, long featureId)
        {
            var featurePermissionManager = new FeaturePermissionManager();

            try
            {
                featurePermissionManager.Delete(subjectId, featureId);
            }
            finally
            {
                featurePermissionManager.Dispose();
            }
        }
Beispiel #3
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="featureId"></param>
        public void AddFeatureToPublic(long featureId)
        {
            var featurePermissionManager = new FeaturePermissionManager();

            try
            {
                if (!featurePermissionManager.Exists(null, featureId))
                {
                    featurePermissionManager.Create(null, featureId, PermissionType.Grant);
                }
            }
            finally
            {
                featurePermissionManager.Dispose();
            }
        }
Beispiel #4
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="featureId"></param>
        public void RemoveFeatureFromPublic(long featureId)
        {
            var featurePermissionManager = new FeaturePermissionManager();

            try
            {
                if (featurePermissionManager.Exists(null, featureId))
                {
                    featurePermissionManager.Delete(null, featureId);
                }
            }
            finally
            {
                featurePermissionManager.Dispose();;
            }
        }
Beispiel #5
0
        // check permission
        protected bool checkPermission(Tuple <string, string, string> LandingPage, User user)
        {
            var featurePermissionManager = new FeaturePermissionManager();
            var operationManager         = new OperationManager();
            var userManager = new UserManager();

            try
            {
                var areaName = LandingPage.Item1;
                if (areaName == "")
                {
                    areaName = "shell";
                }
                var controllerName = LandingPage.Item2;
                var actionName     = LandingPage.Item3;


                var operation = operationManager.Find(areaName, controllerName, "*");

                var feature = operation.Feature;
                if (feature == null)
                {
                    return(true);
                }



                if (featurePermissionManager.HasAccess(user.Id, feature.Id))
                {
                    return(true);
                }
                else
                {
                    return(false);
                }
            }
            finally
            {
                featurePermissionManager.Dispose();
                operationManager.Dispose();
                userManager.Dispose();
            }
        }
        public ActionResult Subjects_Select(long featureId)
        {
            FeaturePermissionManager featurePermissionManager = null;
            SubjectManager           subjectManager           = null;
            FeatureManager           featureManager           = null;

            try
            {
                featurePermissionManager = new FeaturePermissionManager();
                subjectManager           = new SubjectManager();
                featureManager           = new FeatureManager();

                var feature = featureManager.FindById(featureId);

                var featurePermissions = new List <FeaturePermissionGridRowModel>();

                if (feature == null)
                {
                    return(View(new GridModel <FeaturePermissionGridRowModel> {
                        Data = featurePermissions
                    }));
                }
                var subjects = subjectManager.Subjects.ToList();

                foreach (var subject in subjects)
                {
                    var rightType = featurePermissionManager.GetPermissionType(subject.Id, feature.Id);
                    var hasAccess = featurePermissionManager.HasAccess(subject.Id, feature.Id);

                    featurePermissions.Add(FeaturePermissionGridRowModel.Convert(subject, featureId, rightType, hasAccess));
                }

                return(View(new GridModel <FeaturePermissionGridRowModel> {
                    Data = featurePermissions
                }));
            }
            finally
            {
                featureManager?.Dispose();
                featurePermissionManager?.Dispose();
                subjectManager?.Dispose();
            }
        }
Beispiel #7
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="subjectId"></param>
        /// <param name="featureId"></param>
        /// <param name="permissionType"></param>
        public void CreateOrUpdateFeaturePermission(long?subjectId, long featureId, int permissionType)
        {
            var featurePermissionManager = new FeaturePermissionManager();

            try
            {
                var featurePermission = featurePermissionManager.Find(subjectId, featureId);

                if (featurePermission != null)
                {
                    featurePermission.PermissionType = (PermissionType)permissionType;
                    featurePermissionManager.Update(featurePermission);
                }
                else
                {
                    featurePermissionManager.Create(subjectId, featureId, (PermissionType)permissionType);
                }
            }
            finally
            {
                featurePermissionManager.Dispose();
            }
        }
Beispiel #8
0
        public ActionResult Subjects_Select(GridCommand command, long featureId)
        {
            FeaturePermissionManager featurePermissionManager = null;
            SubjectManager           subjectManager           = null;
            FeatureManager           featureManager           = null;

            try
            {
                featurePermissionManager = new FeaturePermissionManager();
                subjectManager           = new SubjectManager();
                featureManager           = new FeatureManager();

                var feature = featureManager.FindById(featureId);

                var featurePermissions = new List <FeaturePermissionGridRowModel>();

                if (feature == null)
                {
                    return(View(new GridModel <FeaturePermissionGridRowModel> {
                        Data = featurePermissions
                    }));
                }

                var subjects = new List <Subject>();
                int count    = subjectManager.Subjects.Count();
                ViewData["subjectsGridTotal"] = count;
                if (command != null)// filter subjects based on grid filter settings
                {
                    FilterExpression  filter  = TelerikGridHelper.Convert(command.FilterDescriptors.ToList());
                    OrderByExpression orderBy = TelerikGridHelper.Convert(command.SortDescriptors.ToList());

                    subjects = subjectManager.GetSubjects(filter, orderBy, command.Page, command.PageSize, out count);
                }
                else
                {
                    subjects = subjectManager.Subjects.ToList();
                }


                //foreach (var subject in subjects)
                //{
                //    var rightType = featurePermissionManager.GetPermissionType(subject.Id, feature.Id);
                //    var hasAccess = featurePermissionManager.HasAccess(subject.Id, feature.Id);

                //    featurePermissions.Add(FeaturePermissionGridRowModel.Convert(subject, featureId, rightType, hasAccess));
                //}

                var subjectIds        = subjects.Select(s => s.Id);
                var userPermissionDic = featurePermissionManager.GetPermissionType(subjectIds, feature.Id);
                var userHasAccessDic  = featurePermissionManager.HasAccess(subjects, feature.Id);

                foreach (var item in userPermissionDic)
                {
                    var subject   = subjects.Where(s => s.Id.Equals(item.Key)).FirstOrDefault();
                    var rightType = item.Value;
                    var hasAccess = userHasAccessDic[item.Key];

                    featurePermissions.Add(FeaturePermissionGridRowModel.Convert(subject, featureId, rightType, hasAccess));
                }


                return(View(new GridModel <FeaturePermissionGridRowModel> {
                    Data = featurePermissions, Total = count
                }));
            }
            finally
            {
                featureManager?.Dispose();
                featurePermissionManager?.Dispose();
                subjectManager?.Dispose();
            }
        }
Beispiel #9
0
        public void GenerateSeedData()
        {
            FeatureManager           featureManager           = null;
            FeaturePermissionManager featurePermissionManager = new FeaturePermissionManager();
            OperationManager         operationManager         = new OperationManager();

            try
            {
                featureManager = new FeatureManager();
                List <Feature> features = featureManager.FeatureRepository.Get().ToList();

                Feature dataPlanning = features.FirstOrDefault(f => f.Name.Equals("Data Planning"));
                if (dataPlanning == null)
                {
                    dataPlanning = featureManager.Create("Data Planning", "Data Planning Management");
                }

                Feature datastructureFeature = features.FirstOrDefault(f =>
                                                                       f.Name.Equals("Datastructure Management") &&
                                                                       f.Parent != null &&
                                                                       f.Parent.Id.Equals(dataPlanning.Id));

                if (datastructureFeature == null)
                {
                    datastructureFeature = featureManager.Create("Datastructure Management", "Datastructure Management", dataPlanning);
                }

                if (!operationManager.Exists("RPM", "DataStructureSearch", "*"))
                {
                    operationManager.Create("RPM", "DataStructureSearch", "*", datastructureFeature);
                }

                if (!operationManager.Exists("RPM", "DataStructureEdit", "*"))
                {
                    operationManager.Create("RPM", "DataStructureEdit", "*", datastructureFeature);
                }

                if (!operationManager.Exists("RPM", "Structures", "*"))
                {
                    operationManager.Create("RPM", "Structures", "*", datastructureFeature);
                }

                if (!operationManager.Exists("RPM", "DataStructureIO", "*"))
                {
                    operationManager.Create("RPM", "DataStructureIO", "*", datastructureFeature);
                }

                Feature atributeFeature = features.FirstOrDefault(f =>
                                                                  f.Name.Equals("Variable Template Management") &&
                                                                  f.Parent != null &&
                                                                  f.Parent.Id.Equals(dataPlanning.Id));

                if (atributeFeature == null)
                {
                    atributeFeature = featureManager.Create("Variable Template Management", "Variable Template Management", dataPlanning);
                }
                ;

                if (!operationManager.Exists("RPM", "DataAttribute", "*"))
                {
                    operationManager.Create("RPM", "DataAttribute", "*", atributeFeature);
                }

                Feature unitFeature = features.FirstOrDefault(f =>
                                                              f.Name.Equals("Unit Management") &&
                                                              f.Parent != null &&
                                                              f.Parent.Id.Equals(dataPlanning.Id));

                if (unitFeature == null)
                {
                    unitFeature = featureManager.Create("Unit Management", "Unit Management", dataPlanning);
                }

                if (!operationManager.Exists("RPM", "Unit", "*"))
                {
                    operationManager.Create("RPM", "Unit", "*", unitFeature);
                }

                Feature dataTypeFeature = features.FirstOrDefault(f =>
                                                                  f.Name.Equals("Data Type Management") &&
                                                                  f.Parent != null &&
                                                                  f.Parent.Id.Equals(dataPlanning.Id));

                if (dataTypeFeature == null)
                {
                    dataTypeFeature = featureManager.Create("Data Type Management", "Data Type Management", dataPlanning);
                }

                if (!operationManager.Exists("RPM", "Home", "*"))
                {
                    operationManager.Create("RPM", "Home", "*", dataTypeFeature);
                }

                if (!operationManager.Exists("RPM", "Help", "*"))
                {
                    operationManager.Create("RPM", "Help", "*");
                }


                Feature api = features.FirstOrDefault(f =>
                                                      f.Name.Equals("API") &&
                                                      f.Parent != null &&
                                                      f.Parent.Id.Equals(dataPlanning.Id));

                if (api == null)
                {
                    api = featureManager.Create("API", "API", dataPlanning);
                }

                if (!operationManager.Exists("API", "Structures", "*"))
                {
                    operationManager.Create("API", "Structures", "*", api);
                }

                //set api public
                featurePermissionManager.Create(null, api.Id, Security.Entities.Authorization.PermissionType.Grant);
            }
            finally
            {
                featureManager.Dispose();
                featurePermissionManager.Dispose();
                operationManager.Dispose();
            }

            //create seed data from csv files
            MappingReader    mappingReader    = new MappingReader();
            AttributeCreator attributeCreator = new AttributeCreator();
            string           filePath         = AppConfiguration.GetModuleWorkspacePath("RPM");

            // read data types from csv file
            DataTable mappedDataTypes = mappingReader.readDataTypes(filePath);

            // create read data types in bpp
            attributeCreator.CreateDataTypes(ref mappedDataTypes);

            //// read dimensions from csv file
            DataTable mappedDimensions = mappingReader.readDimensions(filePath);

            // create dimensions in bpp
            attributeCreator.CreateDimensions(ref mappedDimensions);

            //// read units from csv file
            DataTable mappedUnits = mappingReader.readUnits(filePath);

            // create read units in bpp
            attributeCreator.CreateUnits(ref mappedUnits);

            //// read attributes from csv file
            DataTable mappedAttributes = mappingReader.readAttributes(filePath);

            // free memory
            mappedDataTypes.Clear();
            mappedDimensions.Clear();
            // create read attributes in bpp
            attributeCreator.CreateAttributes(ref mappedAttributes);

            createResearchPlan();
            //createSeedDataTypes();
            //createSIUnits();
            //createEmlDatasetAdv();
            //createABCD();


            //ImportSchema("Basic ABCD", "ABCD_2.06.XSD","Dataset","BExIS.Dlm.Entities.Data.Dataset");
            //ImportSchema("Basic Eml", "eml.xsd","dataset","BExIS.Dlm.Entities.Data.Dataset");

            DataStructureManager dsm = null;

            try
            {
                dsm = new DataStructureManager();
                foreach (StructuredDataStructure sds in dsm.StructuredDataStructureRepo.Get())
                {
                    DataStructureIO.convertOrder(sds);
                }
            }
            finally
            {
                dsm.Dispose();
            }
        }
Beispiel #10
0
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            var featurePermissionManager = new FeaturePermissionManager();
            var operationManager         = new OperationManager();
            var userManager = new UserManager();

            try
            {
                //
                // get values from request
                var areaName = "Shell";
                try
                {
                    areaName = filterContext.RouteData.DataTokens["area"].ToString();
                }
                catch
                {
                    // ignored
                }
                var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
                var actionName     = filterContext.ActionDescriptor.ActionName;

                var userName = string.Empty;
                if (filterContext.HttpContext.User.Identity.IsAuthenticated)
                {
                    userName = filterContext.HttpContext.User.Identity.Name;
                }

                //
                // check request

                var operation = operationManager.Find(areaName, controllerName, "*");
                if (operation == null)
                {
                    filterContext.Result = new RedirectToRouteResult(new
                                                                     RouteValueDictionary {
                        { "action", "AccessDenied" },
                        { "controller", "Error" },
                        { "Area", string.Empty }
                    });
                    return;
                }

                var feature = operation.Feature;

                if (feature == null)
                {
                    return;
                }

                var result = userManager.FindByNameAsync(userName);

                if (featurePermissionManager.HasAccess(result.Result?.Id, feature.Id))
                {
                    return;
                }

                if (!filterContext.HttpContext.User.Identity.IsAuthenticated)
                {
                    HandleUnauthorizedRequest(filterContext);
                }
                else
                {
                    filterContext.Result = new RedirectToRouteResult(new
                                                                     RouteValueDictionary {
                        { "action", "AccessDenied" },
                        { "controller", "Error" },
                        { "Area", string.Empty }
                    });
                }
            }
            finally
            {
                featurePermissionManager.Dispose();
                operationManager.Dispose();
                userManager.Dispose();
            }
        }
        public override void OnAuthorization(HttpActionContext actionContext)
        {
            var featurePermissionManager = new FeaturePermissionManager();
            var operationManager         = new OperationManager();
            var userManager = new UserManager();

            try
            {
                // Check for HTTPS
                //if (actionContext.Request.RequestUri.Scheme != Uri.UriSchemeHttps)
                //{
                //    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                //    return;
                //}

                var areaName       = "Api";
                var controllerName = actionContext.ActionDescriptor.ControllerDescriptor.ControllerName;
                var actionName     = actionContext.ActionDescriptor.ActionName;
                var operation      = operationManager.Find(areaName, controllerName, "*");
                if (operation == null)
                {
                    actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                    return;
                }

                var feature = operation.Feature;
                if (feature != null && !featurePermissionManager.Exists(null, feature.Id))
                {
                    if (actionContext.Request.Headers.Authorization == null)
                    {
                        actionContext.Response = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                        return;
                    }

                    var token = actionContext.Request.Headers.Authorization?.ToString().Substring("Bearer ".Length).Trim();
                    // resolve the token to the corresponding user
                    var users = userManager.Users.Where(u => u.Token == token);

                    if (users == null || users.Count() != 1)
                    {
                        actionContext.Response         = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                        actionContext.Response.Content = new StringContent("Bearer token not exist.");
                        return;
                    }

                    if (!featurePermissionManager.HasAccess(users.Single().Id, feature.Id))
                    {
                        actionContext.Response         = new HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
                        actionContext.Response.Content = new StringContent("Token is not valid.");

                        return;
                    }
                }
            }
            finally
            {
                featurePermissionManager.Dispose();
                operationManager.Dispose();
                userManager.Dispose();
            }
        }