private List <string> GetDenyProperties(object targetObject)
{
List <string> denyMembers = new List <string>();
Type targetType = targetObject.GetType();
IEntityType entityType = securityDbContext.RealDbContext.Model.FindEntityType(targetType);
IEnumerable <INavigation> properties = entityType.GetNavigations();
IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties();
foreach (IProperty property in properties)
{
PropertyInfo propertyInfo = propertiesInfo.FirstOrDefault(p => p.Name == property.Name);
if (property.IsKey())
{
continue;
}
if (property.GetContainingForeignKeys().Count() > 0)
{
continue;
}
if (property.GetContainingKeys().Count() > 0)
{
continue;
}
if (propertyInfo != null && propertyInfo.GetGetMethod().IsStatic)
{
continue;
}
bool isGranted = permissionProcessor.IsGranted(targetType, SecurityOperation.Read, targetObject, property.Name);
if (!isGranted)
{
denyMembers.Add(property.Name);
}
}
return(denyMembers);
}
private static List <string> GetBlockedProperties(object targetObject, IModel model, IPermissionProcessor processor)
{
List <string> denyMembers = new List <string>();
Type targetType = targetObject.GetType();
IEntityType entityType = model.FindEntityType(targetType);
IEnumerable <IProperty> properties = entityType.GetProperties();
foreach (IProperty property in properties)
{
if (property.IsKey())
{
continue;
}
if (property.GetContainingForeignKeys().Count() > 0)
{
continue;
}
if (property.GetContainingKeys().Count() > 0)
{
continue;
}
bool isGranted = processor.IsGranted(targetType, SecurityOperation.Read, targetObject, property.Name);
if (!isGranted)
{
denyMembers.Add(property.Name);
}
}
return(denyMembers);
}
private static List <string> GetBlockedNavigationProperties(object targetObject, IEnumerable <object> denyObjects, IModel model, IPermissionProcessor processor)
{
List <string> denyNavigationProperties = new List <string>();
Type targetType = targetObject.GetType();
IEntityType entityType = model.FindEntityType(targetType);
IEnumerable <INavigation> properties = entityType.GetNavigations();
IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties();
foreach (INavigation propertyNavigation in properties)
{
bool isGranted = processor.IsGranted(targetObject.GetType(), SecurityOperation.Read, targetObject, propertyNavigation.Name);
if (!isGranted)
{
denyNavigationProperties.Add(propertyNavigation.Name);
denyNavigationProperties.AddRange(GetDenyForeignKey(propertyNavigation).Select(p => p.Name));
}
else
{
PropertyInfo navigationPropertyInfo = propertiesInfo.First(p => p.Name == propertyNavigation.Name);
if (!propertyNavigation.IsCollection())
{
object valueNavigationProperty = navigationPropertyInfo.GetValue(targetObject);
if (valueNavigationProperty != null)
{
bool isDenyNavigationObject = denyObjects.Contains(valueNavigationProperty);
if (isDenyNavigationObject)
{
denyNavigationProperties.Add(propertyNavigation.Name);
denyNavigationProperties.AddRange(GetDenyForeignKey(propertyNavigation).Select(p => p.Name));
}
}
}
}
}
return(denyNavigationProperties);
}
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation, object targetObject)
{
return(processor.IsGranted(type, operation, targetObject, ""));
}
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation)
{
return(processor.IsGranted(type, operation, null, ""));
}
private bool IsMemberGranted(string member, Type type, object realObject)
{
return(processor.IsGranted(type, SecurityOperation.Write, realObject, member));
}
public Expression GetDatabaseReadExpressionFromSecurity(Expression sourceExpression, Type type)
{
Expression loadExpression = null;
if (permissionsProvider.GetPermissions().Count() > 0)
{
ParameterExpression parameterExpression = Expression.Parameter(type, "p");
bool allowReadLevelType = permissionProcessor.IsGranted(type, SecurityOperation.Read);
if (allowReadLevelType)
{
IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
if (objectsDenyExpression.Count() > 0)
{
IEnumerable <Expression> originalExpressions = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria));
IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(originalExpressions);
loadExpression = GetAndMergedExpression(invertedExpressions);
}
}
else
{
IEnumerable <IObjectPermission> objectsAllowExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read));
if (objectsAllowExpression.Count() > 0)
{
IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(objectsAllowExpression.Select(p => p.Criteria));
loadExpression = GetOrMergedExpression(nativeExpression);
IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
nativeExpression = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria));
IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(nativeExpression);
Expression denyObjectExpression = GetAndMergedExpression(invertedExpressions);
if (denyObjectExpression != null)
{
loadExpression = Expression.AndAlso(loadExpression, denyObjectExpression);
}
}
IEnumerable <IMemberPermission> memberAllowExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read));
if (memberAllowExpression.Count() > 0)
{
Expression membersExpression = null;
IEnumerable <IMemberPermission> memberDenyExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
IEnumerable <string> memberNames = memberAllowExpression.GroupBy(x => x.MemberName).Select(g => g.First().MemberName);
foreach (string memberName in memberNames)
{
Expression memberExpression;
IEnumerable <IMemberPermission> currentMemberAllowExpressions = memberAllowExpression.Where(p => p.MemberName == memberName);
IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(currentMemberAllowExpressions.Select(p => p.Criteria));
memberExpression = GetOrMergedExpression(nativeExpression);
IEnumerable <IMemberPermission> currentMemberDenyExpressions = memberDenyExpression.Where(p => p.MemberName == memberName);
if (currentMemberDenyExpressions.Count() > 0)
{
nativeExpression = GetBodiesOfLambdaExpressions(currentMemberDenyExpressions.Select(p => p.Criteria));
IEnumerable <Expression> inversionExpression = GetInvertedExpressions(nativeExpression);
Expression denyLoadObjectExpression = GetAndMergedExpression(inversionExpression);
if (denyLoadObjectExpression != null)
{
memberExpression = Expression.AndAlso(memberExpression, denyLoadObjectExpression);
}
}
if (membersExpression == null)
{
membersExpression = memberExpression;
}
else
{
membersExpression = Expression.OrElse(membersExpression, memberExpression);
}
}
if (membersExpression != null)
{
if (loadExpression == null)
{
loadExpression = membersExpression;
}
else
{
loadExpression = Expression.OrElse(loadExpression, membersExpression);
}
}
}
if (loadExpression == null)
{
loadExpression = Expression.Constant(false);
}
}
if (loadExpression != null)
{
UpdateParameterVisitor updateParameterVisitor = new UpdateParameterVisitor(realDbContext, parameterExpression);
loadExpression = updateParameterVisitor.Visit(loadExpression);
//loadExpression = Expression.Condition(
// loadExpression,
// Expression.Constant(true, typeof(bool)),
// Expression.Constant(false, typeof(bool)));
MethodInfo whereMethodInfo = UtilityHelper.GetMethods("Where", type, 1).First().MakeGenericMethod(type);
Expression whereLambda = Expression.Lambda(loadExpression, parameterExpression);
loadExpression = Expression.Call(whereMethodInfo, new[] { sourceExpression, whereLambda });
}
else
{
loadExpression = sourceExpression;
}
}
else
{
loadExpression = sourceExpression;
}
return(loadExpression);
}
