Beispiel #1
0
        /// <summary>
        /// Evaluates whether a selected user is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity">The entity.</param>
        /// <param name="action">The action.</param>
        /// <param name="specialRole">The special role.</param>
        /// <returns></returns>
        public static bool Authorized(ISecured entity, string action, SpecialRole specialRole)
        {
            // If there's no Authorizations object, create it
            if (Authorizations == null)
            {
                Load();
            }

            var entityTypeId = entity.TypeId;

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if (Authorizations.Keys.Contains(entityTypeId) &&
                Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
                Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
            {
                foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
                {
                    if (authRule.SpecialRole == specialRole)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }
                }
            }

            // If no match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if (entity.ParentAuthority != null)
            {
                return(Authorized(entity.ParentAuthority, action, specialRole));
            }
            else
            {
                return(entity.IsAllowedByDefault(action));
            }
        }
Beispiel #2
0
 /// <summary>
 /// Evaluates whether a selected person is allowed to perform the selected action on the selected
 /// entity.
 /// </summary>
 /// <param name="entity">The entity.</param>
 /// <param name="action">The action.</param>
 /// <param name="person">The person.</param>
 /// <returns></returns>
 public static bool Authorized(ISecured entity, string action, Rock.Model.Person person)
 {
     return(ItemAuthorized(entity, action, person) ?? entity.IsAllowedByDefault(action));
 }
Beispiel #3
0
 /// <summary>
 /// Evaluates whether a selected user is allowed to perform the selected action on the selected
 /// entity.
 /// </summary>
 /// <param name="entity">The entity.</param>
 /// <param name="action">The action.</param>
 /// <param name="specialRole">The special role.</param>
 /// <returns></returns>
 public static bool Authorized(ISecured entity, string action, SpecialRole specialRole)
 {
     return(ItemAuthorized(entity, action, specialRole) ?? entity.IsAllowedByDefault(action));
 }
Beispiel #4
0
        /// <summary>
        /// Evaluates whether a selected person is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity">The entity.</param>
        /// <param name="action">The action.</param>
        /// <param name="person">The person.</param>
        /// <returns></returns>
        public static bool Authorized(ISecured entity, string action, Rock.Model.Person person)
        {
            // If there's no Authorizations object, create it
            if (Authorizations == null)
            {
                Load();
            }

            var entityTypeId = entity.TypeId;

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if (Authorizations.Keys.Contains(entityTypeId) &&
                Authorizations[entityTypeId].Keys.Contains(entity.Id) &&
                Authorizations[entityTypeId][entity.Id].Keys.Contains(action))
            {
                string userName = person != null?person.Guid.ToString() : string.Empty;

                foreach (AuthRule authRule in Authorizations[entityTypeId][entity.Id][action])
                {
                    // All Users
                    if (authRule.SpecialRole == SpecialRole.AllUsers)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Authenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    // All Unauthenticated Users
                    if (authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty)
                    {
                        return(authRule.AllowOrDeny == "A");
                    }

                    if (authRule.SpecialRole == SpecialRole.None && person != null)
                    {
                        // See if person has been authorized to entity
                        if (authRule.PersonId.HasValue &&
                            authRule.PersonId.Value == person.Id)
                        {
                            return(authRule.AllowOrDeny == "A");
                        }

                        // See if person is in role authorized
                        if (authRule.GroupId.HasValue)
                        {
                            Role role = Role.Read(authRule.GroupId.Value);
                            if (role != null && role.IsUserInRole(userName))
                            {
                                return(authRule.AllowOrDeny == "A");
                            }
                        }
                    }
                }
            }

            // If no match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if (entity.ParentAuthority != null)
            {
                return(Authorized(entity.ParentAuthority, action, person));
            }
            else
            {
                return(entity.IsAllowedByDefault(action));
            }
        }
Beispiel #5
0
        /// <summary>
        /// Evaluates whether a selected person is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity">The entity.</param>
        /// <param name="action">The action.</param>
        /// <param name="person">The person.</param>
        /// <param name="rockContext">The rock context.</param>
        /// <returns></returns>
        public static bool Authorized( ISecured entity, string action, Rock.Model.Person person, RockContext rockContext = null )
        {
            // If there's no Authorizations object, create it
            if ( Authorizations == null )
            {
                rockContext = rockContext ?? new RockContext();
                Load( rockContext );
            }

            var entityTypeId = entity.TypeId;

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
                // one to find the first one specific to the selected user or a role that the selected user belongs
                // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if ( Authorizations.Keys.Contains( entityTypeId ) &&
                Authorizations[entityTypeId].Keys.Contains( entity.Id ) &&
                Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) )
            {
                string userName = person != null ? person.Guid.ToString() : string.Empty;

                foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] )
                {
                    // All Users
                    if ( authRule.SpecialRole == SpecialRole.AllUsers )
                    {
                        return authRule.AllowOrDeny == "A";
                    }

                    // All Authenticated Users
                    if ( authRule.SpecialRole == SpecialRole.AllAuthenticatedUsers && userName.Trim() != string.Empty )
                    {
                        return authRule.AllowOrDeny == "A";
                    }

                    // All Unauthenticated Users
                    if ( authRule.SpecialRole == SpecialRole.AllUnAuthenticatedUsers && userName.Trim() == string.Empty )
                    {
                        return authRule.AllowOrDeny == "A";
                    }

                    if ( authRule.SpecialRole == SpecialRole.None && person != null )
                    {
                        // See if person has been authorized to entity
                        if ( authRule.PersonId.HasValue &&
                            authRule.PersonId.Value == person.Id )
                        {
                            return authRule.AllowOrDeny == "A";
                        }

                        // See if person is in role authorized
                        if ( authRule.GroupId.HasValue )
                        {
                            Role role = Role.Read( authRule.GroupId.Value );
                            if ( role != null && role.IsUserInRole( userName ) )
                            {
                                return authRule.AllowOrDeny == "A";
                            }
                        }
                    }
                }
            }

            // If no match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if ( entity.ParentAuthority != null )
            {
                return Authorized( entity.ParentAuthority, action, person );
            }
            else
            {
                return entity.IsAllowedByDefault( action );
            }
        }
Beispiel #6
0
        /// <summary>
        /// Evaluates whether a selected user is allowed to perform the selected action on the selected
        /// entity.
        /// </summary>
        /// <param name="entity">The entity.</param>
        /// <param name="action">The action.</param>
        /// <param name="specialRole">The special role.</param>
        /// <returns></returns>
        public static bool Authorized( ISecured entity, string action, SpecialRole specialRole )
        {
            // If there's no Authorizations object, create it
            if ( Authorizations == null )
            {
                Load( new RockContext() );
            }

            var entityTypeId = entity.TypeId;

            // If there are entries in the Authorizations object for this entity type and entity instance, evaluate each
            // one to find the first one specific to the selected user or a role that the selected user belongs
            // to.  If a match is found return whether the user is allowed (true) or denied (false) access
            if ( Authorizations.Keys.Contains( entityTypeId ) &&
                Authorizations[entityTypeId].Keys.Contains( entity.Id ) &&
                Authorizations[entityTypeId][entity.Id].Keys.Contains( action ) )
            {
                foreach ( AuthRule authRule in Authorizations[entityTypeId][entity.Id][action] )
                {
                    if ( authRule.SpecialRole == specialRole )
                    {
                        return authRule.AllowOrDeny == "A";
                    }
                }
            }

            // If no match was found for the selected user on the current entity instance, check to see if the instance
            // has a parent authority defined and if so evaluate that entities authorization rules.  If there is no
            // parent authority return the defualt authorization
            if ( entity.ParentAuthority != null )
            {
                return Authorized( entity.ParentAuthority, action, specialRole );
            }
            else
            {
                return entity.IsAllowedByDefault( action );
            }
        }
Beispiel #7
0
 /// <summary>
 /// Evaluates whether a selected person is allowed to perform the selected action on the selected
 /// entity.
 /// </summary>
 /// <param name="entity">The entity.</param>
 /// <param name="action">The action.</param>
 /// <param name="person">The person.</param>
 /// <returns></returns>
 public static bool Authorized( ISecured entity, string action, Rock.Model.Person person )
 {
     return ItemAuthorized( entity, action, person, true, true ) ?? entity.IsAllowedByDefault( action );
 }
Beispiel #8
0
 /// <summary>
 /// Evaluates whether a selected user is allowed to perform the selected action on the selected
 /// entity.
 /// </summary>
 /// <param name="entity">The entity.</param>
 /// <param name="action">The action.</param>
 /// <param name="specialRole">The special role.</param>
 /// <returns></returns>
 public static bool Authorized( ISecured entity, string action, SpecialRole specialRole )
 {
     return ItemAuthorized( entity, action, specialRole, true, true ) ?? entity.IsAllowedByDefault( action );
 }