/// <summary>
/// Gets an enumeration of CustomUserProperties for a set of user-labels that is appropriate for the given user
/// </summary>
/// <param name="userLabels">the labels that describe the current user</param>
/// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
/// <returns>an enumerable of all the custom user-properties for this user</returns>
public IEnumerable <CustomUserProperty> GetCustomProperties(string[] userLabels, string userAuthenticationType)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return((from u in securityContext.Users.Where(UserFilter(userLabels, userAuthenticationType))
.Join(securityContext.UserProperties, UserId, p => p.UserId, (tu, tp) => tp)
select u).ToArray());
}
/// <summary>
/// Gets an enumeration of Permissions that are assigned to the given user through its roles
/// </summary>
/// <param name="user">the user for which to get the permissions</param>
/// <returns>an enumerable of permissions for the given user</returns>
public IEnumerable <Permission> GetPermissions(User user)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return((from p in (from r in AllRoles(securityContext.Users.First(UserFilter(user))) select r.Role.RolePermissions).SelectMany(rp => rp) select new Permission
{
//PermissionName = $"{(!p.Permission.IsGlobal?p.Tenant.TenantName:"")}{p.Permission.PermissionName}"
PermissionName = p.Permission.PermissionName
}).Distinct().ToArray());
}
public IEnumerable <ScopeInfo> GetEligibleScopes(string[] userLabels, string authType)
{
using var tmp = new FullSecurityAccessHelper(securityContext, true, false);
return((from d in (from t in securityContext.Users.Where(UserFilter(userLabels, authType))
.Join(securityContext.TenantUsers, UserId, u => u.UserId, (tu, tt) => tt.Tenant)
select t).Distinct()
orderby d.DisplayName
select new ScopeInfo {
ScopeDisplayName = d.DisplayName, ScopeName = d.TenantName
}).ToArray());
}
/// <summary>
/// Gets an enumeration of CustomUserProperties for a set of user-labels that is appropriate for the given user
/// </summary>
/// <param name="originalClaims">the claims that were originally attached to the current identity</param>
/// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
/// <returns>an enumerable of all the custom user-properties for this user</returns>
public IEnumerable <ClaimData> GetCustomProperties(ClaimData[] originalClaims,
string userAuthenticationType)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
var typeClaims = securityContext.AuthenticationClaimMappings.Where(n =>
n.AuthenticationType.AuthenticationTypeName == userAuthenticationType).ToArray();
var preMapped = from t in originalClaims
join i in typeClaims on t.Type equals i.IncomingClaimName
select new { Original = t, Map = i };
return((from t in preMapped where string.IsNullOrEmpty(t.Map.Condition) || (ExpressionParser.Parse(t.Map.Condition, t.Original) is bool b && b)
select TryGetClaim(t.Map, t.Original)).Where(n => n != null));
}
/// <summary>
/// Gets an enumeration of Permissions that are assigned to the given Role
/// </summary>
/// <param name="role">the role for which to get the permissions</param>
/// <returns>an enumerable of permissions for the given role</returns>
public IEnumerable <Permission> GetPermissions(Role role)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
if (role is TRole dbRole)
{
return(from p in dbRole.RolePermissions select p.Permission);
}
return((from p in securityContext.SecurityRoles.First(r => r.RoleName == role.RoleName).RolePermissions select new Permission
{
//PermissionName = $"{(!p.Permission.IsGlobal ? p.Tenant.TenantName : "")}{p.Permission.PermissionName}"
PermissionName = p.Permission.PermissionName
}).ToArray());
}
public NavigationMenu GetNavigationRoot()
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
string explicitTenant = null;
if (permissionScope.IsScopeExplicit)
{
explicitTenant = permissionScope.PermissionPrefix;
}
NavigationMenu retVal = new NavigationMenu();
retVal.Children.AddRange(SelectNavigation(null, explicitTenant));
return(retVal);
}
/// <summary>
/// Gets an enumeration of Permissions for a set of user-labels that is appropriate for the given user
/// </summary>
/// <param name="userLabels">the labels that describe the current user</param>
/// <param name="userAuthenticationType">the authentication-type that was used to authenticate current user</param>
/// <returns>an enumerable of permissions for the given user-labels</returns>
public IEnumerable <Permission> GetPermissions(string[] userLabels, string userAuthenticationType)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return((from tr in securityContext.Users.Where(UserFilter(userLabels, userAuthenticationType))
.Join(securityContext.TenantUsers, UserId, tr => tr.UserId, (tu, tt) => tt)
join ur in securityContext.TenantUserRoles on tr.TenantUserId equals ur.TenantUserId
join r in securityContext.SecurityRoles on new { ur.RoleId, tr.TenantId } equals new { r.RoleId, r.TenantId }
join rp in securityContext.RolePermissions on new { r.RoleId, r.TenantId } equals new { rp.RoleId, rp.TenantId }
join rt in securityContext.Tenants on rp.TenantId equals rt.TenantId
join p in securityContext.Permissions on rp.PermissionId equals p.PermissionId
select new Permission
{
//PermissionName = p.PermissionName != rt.TenantName?$"{(!p.IsGlobal?rt.TenantName:"")}{p.PermissionName}":p.PermissionName
PermissionName = p.PermissionName
}).Distinct().ToArray());
}
/// <summary>
/// Gets a list of activated features for a specific permission-Scope
/// </summary>
/// <param name="permissionScopeName">the name of the current permission-prefix selected by the current user</param>
/// <returns>returns a list of activated features</returns>
public IEnumerable <Feature> GetFeatures(string permissionScopeName)
{
IDisposable tmp = null;
try
{
if (!securityContext.Tenants.Any(n => n.TenantName == permissionScopeName))
{
tmp = new FullSecurityAccessHelper(securityContext, true, true);
}
var dt = DateTime.SpecifyKind(DateTime.UtcNow, DateTimeKind.Local);
var raw = (from t in securityContext.Features
join a in securityContext.TenantFeatureActivations.Where(ta =>
ta.Tenant.TenantName == permissionScopeName &&
(ta.ActivationStart == null || ta.ActivationStart <= dt) &&
(ta.ActivationEnd == null || ta.ActivationEnd >= dt))
.GroupBy(g => new { g.FeatureId, g.Tenant.TenantName })
.Select(n => new { n.Key.FeatureId, n.Key.TenantName })
on t.FeatureId equals a.FeatureId into lfaj
from hoj in lfaj.DefaultIfEmpty()
select new { T = t, A = hoj.TenantName }).ToArray();
/*EntityQueryable<Feature> mmp = (EntityQueryable<Feature>)raw;
* logger.LogDebug(mmp.DebugView.Query);*/
return(raw.Select(n => new Feature
{
FeatureName = n.T.FeatureName,
FeatureDescription = n.T.FeatureDescription,
Enabled = n.T.Enabled || !string.IsNullOrEmpty(n.A)
}).ToArray());
}
finally
{
tmp?.Dispose();
}
}
/// <summary>
/// Gets a value indicating whether the specified Permission-Scope exists
/// </summary>
/// <param name="permissionScopeName">the permissionScope to check for existence</param>
/// <returns>a value indicating whether the specified permissionScope is valid</returns>
public bool PermissionScopeExists(string permissionScopeName)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return(securityContext.Tenants.Any(n => n.TenantName == permissionScopeName));
}
/// <summary>
/// Gets an enumeration of CustomUserProperties for the given user
/// </summary>
/// <param name="user">the user for which to get the custom properties</param>
/// <returns>an enumerable of all the custom user-properties for this user</returns>
public IEnumerable <CustomUserProperty> GetCustomProperties(User user)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return((from p in UserProps(securityContext.Users.First(UserFilter(user))) select p).ToArray());
}
/// <summary>
/// Gets an enumeration of Roles that are assigned to the given user
/// </summary>
/// <param name="user">the user for which to get the roles</param>
/// <returns>an enumerable of all the user-roles</returns>
public IEnumerable <Role> GetRoles(User user)
{
using var tmp = new FullSecurityAccessHelper(securityContext, false, false);
return((from r in AllRoles(securityContext.Users.First(UserFilter(user))) select r.Role).ToArray());
}
