private SecurityClient GetSecurityClient()
{
if (_securityClient == null)
{
_securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
}
return(_securityClient);
}
private IEnumerable <T> FilterByAccess <T> (IEnumerable <T> securableObjects, params Enum[] requiredAccessTypeEnums) where T : ISecurableObject
{
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
AccessType[] requiredAccessTypes = Array.ConvertAll(requiredAccessTypeEnums, AccessType.Get);
return(securableObjects.Where(o => securityClient.HasAccess(o, requiredAccessTypes)));
}
public void Create_WithNullSecurityProvider_ReturnsNullObject()
{
Assert.That(SecurityConfiguration.Current.DisableAccessChecks, Is.False);
_stubSecurityProvider.Stub(_ => _.IsNull).Return(true);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
Assert.That(securityClient, Is.SameAs(SecurityClient.Null));
}
public IEnumerable <Substitution> GetActiveSubstitutions()
{
var securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
if (!securityClient.HasAccess(this, AccessType.Get(GeneralAccessTypes.Read)))
{
return(new Substitution[0]);
}
return(SubstitutingFor.Where(s => s.IsActive));
}
/// <summary>
/// Resolves the hierarchy for the current <see cref="Group"/> as long as the user has <see cref="GeneralAccessTypes.Read"/> permissions
/// on the current object.
/// </summary>
private IEnumerable <Group> GetHierarchyWithSecurityCheck(Group startPoint)
{
var securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
if (!securityClient.HasAccess(this, AccessType.Get(GeneralAccessTypes.Read)))
{
return(Enumerable.Empty <Group>());
}
return(new[] { this }.Concat(Children.SelectMany(c => c.GetHierarchyWithCircularReferenceCheck(startPoint))));
}
public void Create_WithEnabledAccessChecks_ReturnsSecurityClientWithMembersFromServiceLocator()
{
Assert.That(SecurityConfiguration.Current.DisableAccessChecks, Is.False);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
Assert.IsInstanceOf(typeof(SecurityClient), securityClient);
Assert.That(securityClient.SecurityProvider, Is.SameAs(_stubSecurityProvider));
Assert.That(securityClient.PrincipalProvider, Is.SameAs(_stubPrincipalProvider));
Assert.That(securityClient.PermissionProvider, Is.SameAs(_stubPermissionProvider));
Assert.That(securityClient.MemberResolver, Is.SameAs(_stubMemberResolver));
Assert.That(securityClient.FunctionalSecurityStrategy, Is.SameAs(_stubFunctionalSecurityStrategy));
}
// methods and properties
public bool HasAccess(ISecurableObject securableObject, Delegate handler)
{
if (handler == null)
{
return(true);
}
if (SecurityFreeSection.IsActive)
{
return(true);
}
List <DemandTargetPermissionAttribute> attributes = GetPermissionAttributes(handler.GetInvocationList());
bool hasAccess = true;
foreach (DemandTargetPermissionAttribute attribute in attributes)
{
switch (attribute.PermissionSource)
{
case PermissionSource.WxeFunction:
hasAccess &= WxeFunction.HasAccess(attribute.FunctionType);
break;
case PermissionSource.SecurableObject:
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
if (securableObject == null)
{
hasAccess &= securityClient.HasStatelessMethodAccess(attribute.SecurableClass, attribute.MethodName);
}
else
{
hasAccess &= securityClient.HasMethodAccess(securableObject, attribute.MethodName);
}
break;
default:
throw new InvalidOperationException(string.Format(
"Value '{0}' is not supported by the PermissionSource property of the DemandTargetPermissionAttribute.",
attribute.PermissionSource));
}
if (!hasAccess)
{
break;
}
}
return(hasAccess);
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
if (!IsPostBack)
{
GroupTypeList.SetSortingOrder(
new BocListSortingOrderEntry((IBocSortableColumnDefinition)GroupTypeList.FixedColumns[0], SortingDirection.Ascending));
}
GroupTypeList.LoadUnboundValue(GetValues(), false);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
NewGroupTypeButton.Visible = securityClient.HasConstructorAccess(typeof(GroupType));
}
protected override void OnLoad(EventArgs e)
{
base.OnLoad(e);
if (!IsPostBack)
{
TenantList.SetSortingOrder(
new BocListSortingOrderEntry((IBocSortableColumnDefinition)TenantList.FixedColumns[0], SortingDirection.Ascending));
}
TenantList.LoadUnboundValue(GetValues(), IsPostBack);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
Type tenantType = SecurityManagerConfiguration.Current.OrganizationalStructureFactory.GetTenantType();
NewTenantButton.Visible = securityClient.HasConstructorAccess(tenantType);
}
public IEnumerable <Group> GetParents()
{
var securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
if (!securityClient.HasMethodAccess(this, "GetParents"))
{
return(Enumerable.Empty <Group>());
}
return(Parent.CreateSequenceWithCycleCheck(
g => g.Parent,
g => g != null && securityClient.HasAccess(g, AccessType.Get(GeneralAccessTypes.Read)),
null,
g => new InvalidOperationException(
string.Format("The parent hierarchy for group '{0}' cannot be resolved because a circular reference exists.", ID))));
}
public void Create_WithDisabledAccessChecks_ReturnsNullObject()
{
bool backupValue = SecurityConfiguration.Current.DisableAccessChecks;
try
{
SecurityConfiguration.Current.DisableAccessChecks = true;
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
Assert.That(securityClient, Is.SameAs(SecurityClient.Null));
}
finally
{
SecurityConfiguration.Current.DisableAccessChecks = backupValue;
}
}
// methods and properties
public void CheckAccess(WxeFunction function)
{
ArgumentUtility.CheckNotNull("function", function);
if (SecurityFreeSection.IsActive)
{
return;
}
WxeDemandTargetPermissionAttribute attribute = GetPermissionAttribute(function.GetType());
if (attribute == null)
{
return;
}
WxeDemandMethodPermissionAttributeHelper helper = new WxeDemandMethodPermissionAttributeHelper(function.GetType(), attribute);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
switch (helper.MethodType)
{
case MethodType.Instance:
securityClient.CheckMethodAccess(helper.GetSecurableObject(function), helper.MethodName);
break;
case MethodType.Static:
securityClient.CheckStaticMethodAccess(helper.SecurableClass, helper.MethodName);
break;
case MethodType.Constructor:
securityClient.CheckConstructorAccess(helper.SecurableClass);
break;
default:
throw new InvalidOperationException(string.Format(
"Value '{0}' is not supported by the MethodType property of the WxeDemandMethodPermissionAttribute.",
helper.MethodType));
}
}
public bool HasStatelessAccess(Type functionType)
{
ArgumentUtility.CheckNotNullAndTypeIsAssignableFrom("functionType", functionType, typeof(WxeFunction));
if (SecurityFreeSection.IsActive)
{
return(true);
}
WxeDemandTargetPermissionAttribute attribute = GetPermissionAttribute(functionType);
if (attribute == null)
{
return(true);
}
WxeDemandMethodPermissionAttributeHelper helper = new WxeDemandMethodPermissionAttributeHelper(functionType, attribute);
SecurityClient securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
switch (helper.MethodType)
{
case MethodType.Instance:
return(securityClient.HasStatelessMethodAccess(helper.GetTypeOfSecurableObject(), helper.MethodName));
case MethodType.Static:
return(securityClient.HasStaticMethodAccess(helper.SecurableClass, helper.MethodName));
case MethodType.Constructor:
return(securityClient.HasConstructorAccess(helper.SecurableClass));
default:
throw new InvalidOperationException(string.Format(
"Value '{0}' is not supported by the MethodType property of the WxeDemandMethodPermissionAttribute.",
helper.MethodType));
}
}
public SecurityBasedBindablePropertyWriteAccessStrategy()
{
_securityClient = SecurityClient.CreateSecurityClientFromConfiguration();
}
