/// <summary>
 /// Gets an enumeration of CustomUserProperties for a set of user-labels that is appropriate for the given user
 /// </summary>
 /// <param name="userLabels">the labels that describe the current user</param>
 /// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
 /// <returns>an enumerable of all the custom user-properties for this user</returns>
 public IEnumerable <CustomUserProperty> GetCustomProperties(string[] userLabels, string userAuthenticationType)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return((from u in securityContext.Users.Where(UserFilter(userLabels, userAuthenticationType))
             .Join(securityContext.UserProperties, UserId, p => p.UserId, (tu, tp) => tp)
             select u).ToArray());
 }
 /// <summary>
 /// Gets an enumeration of Permissions that are assigned to the given user through its roles
 /// </summary>
 /// <param name="user">the user for which to get the permissions</param>
 /// <returns>an enumerable of permissions for the given user</returns>
 public IEnumerable <Permission> GetPermissions(User user)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return((from p in (from r in AllRoles(securityContext.Users.First(UserFilter(user))) select r.Role.RolePermissions).SelectMany(rp => rp) select new Permission
     {
         //PermissionName = $"{(!p.Permission.IsGlobal?p.Tenant.TenantName:"")}{p.Permission.PermissionName}"
         PermissionName = p.Permission.PermissionName
     }).Distinct().ToArray());
 }
 public IEnumerable <ScopeInfo> GetEligibleScopes(string[] userLabels, string authType)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, true, false);
     return((from d in (from t in securityContext.Users.Where(UserFilter(userLabels, authType))
                        .Join(securityContext.TenantUsers, UserId, u => u.UserId, (tu, tt) => tt.Tenant)
                        select t).Distinct()
             orderby d.DisplayName
             select new ScopeInfo {
         ScopeDisplayName = d.DisplayName, ScopeName = d.TenantName
     }).ToArray());
 }
        /// <summary>
        /// Gets an enumeration of CustomUserProperties for a set of user-labels that is appropriate for the given user
        /// </summary>
        /// <param name="originalClaims">the claims that were originally attached to the current identity</param>
        /// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
        /// <returns>an enumerable of all the custom user-properties for this user</returns>
        public IEnumerable <ClaimData> GetCustomProperties(ClaimData[] originalClaims,
                                                           string userAuthenticationType)
        {
            using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
            var typeClaims = securityContext.AuthenticationClaimMappings.Where(n =>
                                                                               n.AuthenticationType.AuthenticationTypeName == userAuthenticationType).ToArray();
            var preMapped = from t in originalClaims
                            join i in typeClaims on t.Type equals i.IncomingClaimName
                            select new { Original = t, Map = i };

            return((from t in preMapped where string.IsNullOrEmpty(t.Map.Condition) || (ExpressionParser.Parse(t.Map.Condition, t.Original) is bool b && b)
                    select TryGetClaim(t.Map, t.Original)).Where(n => n != null));
        }
        /// <summary>
        /// Gets an enumeration of Permissions that are assigned to the given Role
        /// </summary>
        /// <param name="role">the role for which to get the permissions</param>
        /// <returns>an enumerable of permissions for the given role</returns>
        public IEnumerable <Permission> GetPermissions(Role role)
        {
            using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
            if (role is TRole dbRole)
            {
                return(from p in dbRole.RolePermissions select p.Permission);
            }

            return((from p in securityContext.SecurityRoles.First(r => r.RoleName == role.RoleName).RolePermissions select new Permission
            {
                //PermissionName = $"{(!p.Permission.IsGlobal ? p.Tenant.TenantName : "")}{p.Permission.PermissionName}"
                PermissionName = p.Permission.PermissionName
            }).ToArray());
        }
        public NavigationMenu GetNavigationRoot()
        {
            using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
            string explicitTenant = null;

            if (permissionScope.IsScopeExplicit)
            {
                explicitTenant = permissionScope.PermissionPrefix;
            }

            NavigationMenu retVal = new NavigationMenu();

            retVal.Children.AddRange(SelectNavigation(null, explicitTenant));
            return(retVal);
        }
 /// <summary>
 /// Gets an enumeration of Permissions for a set of user-labels that is appropriate for the given user
 /// </summary>
 /// <param name="userLabels">the labels that describe the current user</param>
 /// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
 /// <returns>an enumerable of permissions for the given user-labels</returns>
 public IEnumerable <Permission> GetPermissions(string[] userLabels, string userAuthenticationType)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return((from tr in securityContext.Users.Where(UserFilter(userLabels, userAuthenticationType))
             .Join(securityContext.TenantUsers, UserId, tr => tr.UserId, (tu, tt) => tt)
             join ur in securityContext.TenantUserRoles on tr.TenantUserId equals ur.TenantUserId
             join r in securityContext.SecurityRoles on new { ur.RoleId, tr.TenantId } equals new { r.RoleId, r.TenantId }
             join rp in securityContext.RolePermissions on new { r.RoleId, r.TenantId } equals new { rp.RoleId, rp.TenantId }
             join rt in securityContext.Tenants on rp.TenantId equals rt.TenantId
             join p in securityContext.Permissions on rp.PermissionId equals p.PermissionId
             select new Permission
     {
         //PermissionName = p.PermissionName != rt.TenantName?$"{(!p.IsGlobal?rt.TenantName:"")}{p.PermissionName}":p.PermissionName
         PermissionName = p.PermissionName
     }).Distinct().ToArray());
 }
        /// <summary>
        /// Gets a list of activated features for a specific permission-Scope
        /// </summary>
        /// <param name="permissionScopeName">the name of the current permission-prefix selected by the current user</param>
        /// <returns>returns a list of activated features</returns>
        public IEnumerable <Feature> GetFeatures(string permissionScopeName)
        {
            IDisposable tmp = null;

            try
            {
                if (!securityContext.Tenants.Any(n => n.TenantName == permissionScopeName))
                {
                    tmp = new FullSecurityAccessHelper(securityContext, true, true);
                }

                var dt  = DateTime.SpecifyKind(DateTime.UtcNow, DateTimeKind.Local);
                var raw = (from t in securityContext.Features
                           join a in securityContext.TenantFeatureActivations.Where(ta =>
                                                                                    ta.Tenant.TenantName == permissionScopeName &&
                                                                                    (ta.ActivationStart == null || ta.ActivationStart <= dt) &&
                                                                                    (ta.ActivationEnd == null || ta.ActivationEnd >= dt))
                           .GroupBy(g => new { g.FeatureId, g.Tenant.TenantName })
                           .Select(n => new { n.Key.FeatureId, n.Key.TenantName })
                           on t.FeatureId equals a.FeatureId into lfaj
                           from hoj in lfaj.DefaultIfEmpty()
                           select new { T = t, A = hoj.TenantName }).ToArray();

                /*EntityQueryable<Feature> mmp = (EntityQueryable<Feature>)raw;
                 * logger.LogDebug(mmp.DebugView.Query);*/
                return(raw.Select(n => new Feature
                {
                    FeatureName = n.T.FeatureName,
                    FeatureDescription = n.T.FeatureDescription,
                    Enabled = n.T.Enabled || !string.IsNullOrEmpty(n.A)
                }).ToArray());
            }
            finally
            {
                tmp?.Dispose();
            }
        }
 /// <summary>
 /// Gets a value indicating whether the specified Permission-Scope exists
 /// </summary>
 /// <param name="permissionScopeName">the permissionScope to check for existence</param>
 /// <returns>a value indicating whether the specified permissionScope is valid</returns>
 public bool PermissionScopeExists(string permissionScopeName)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return(securityContext.Tenants.Any(n => n.TenantName == permissionScopeName));
 }
 /// <summary>
 /// Gets an enumeration of CustomUserProperties for the given user
 /// </summary>
 /// <param name="user">the user for which to get the custom properties</param>
 /// <returns>an enumerable of all the custom user-properties for this user</returns>
 public IEnumerable <CustomUserProperty> GetCustomProperties(User user)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return((from p in UserProps(securityContext.Users.First(UserFilter(user))) select p).ToArray());
 }
 /// <summary>
 /// Gets an enumeration of Roles that are assigned to the given user
 /// </summary>
 /// <param name="user">the user for which to get the roles</param>
 /// <returns>an enumerable of all the user-roles</returns>
 public IEnumerable <Role> GetRoles(User user)
 {
     using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
     return((from r in AllRoles(securityContext.Users.First(UserFilter(user))) select r.Role).ToArray());
 }