Beispiel #1
0
        public async Task Invoke(CRUDContext <TService> ctx)
        {
            IAuthorizer <TService> authorizer = ctx.ServiceContainer.GetAuthorizer();
            RunTimeMetadata        metadata   = ctx.Service.GetMetadata();

            foreach (DbSet dbSet in ctx.Request.dbSets)
            {
                //methods on domain service which are attempted to be executed by client (SaveChanges triggers their execution)
                Dictionary <string, MethodInfoData> domainServiceMethods = new Dictionary <string, MethodInfoData>();
                DbSetInfo dbInfo = metadata.DbSets[dbSet.dbSetName];

                dbSet.rows.Aggregate <RowInfo, Dictionary <string, MethodInfoData> >(domainServiceMethods, (dict, rowInfo) =>
                {
                    MethodInfoData method = rowInfo.GetCRUDMethodInfo(metadata, dbInfo.dbSetName);
                    if (method == null)
                    {
                        throw new DomainServiceException(string.Format(ErrorStrings.ERR_REC_CHANGETYPE_INVALID,
                                                                       dbInfo.GetEntityType().Name, rowInfo.changeType));
                    }

                    string dicKey = string.Format("{0}:{1}", method.OwnerType.FullName, method.MethodInfo.Name);
                    if (!dict.ContainsKey(dicKey))
                    {
                        dict.Add(dicKey, method);
                    }
                    return(dict);
                });

                await authorizer.CheckUserRightsToExecute(domainServiceMethods.Values);
            }

            await _next(ctx);
        }
Beispiel #2
0
 public static bool CanAccessMethod(MethodInfo methInfo, IAuthorizer authorizer)
 {
     try
     {
         authorizer.CheckUserRightsToExecute(methInfo);
         return true;
     }
     catch(AccessDeniedException)
     {
         return false;
     }
 }
Beispiel #3
0
 public static bool CanAccessMethod(MethodInfo methInfo, IAuthorizer authorizer)
 {
     try
     {
         authorizer.CheckUserRightsToExecute(methInfo);
         return(true);
     }
     catch (AccessDeniedException)
     {
         return(false);
     }
 }