public void RegisterBuilder(SecurityObjectBuilder securityObjectMetaData)
{
if (resource.Any(p => p.RealObject == securityObjectMetaData.RealObject))
{
resource.Remove(resource.First(p => p.RealObject == securityObjectMetaData.RealObject));
}
resource.Add(securityObjectMetaData);
}
private SecurityObjectBuilder GetOrCreateBuilder(ModifiedObjectMetadata modifyObjectMetada)
{
SecurityObjectBuilder securityObjectMetaData = securityObjectRepository.GetObjectMetaData(modifyObjectMetada.Object);
if (securityObjectMetaData == null)
{
securityObjectMetaData = new SecurityObjectBuilder();
securityObjectMetaData.SecurityObject = modifyObjectMetada.Object;
securityObjectMetaData.RealObject = securityDbContext.RealDbContext.GetObject(modifyObjectMetada.Object);
securityObjectRepository.RegisterBuilder(securityObjectMetaData);
}
return(securityObjectMetaData);
}
private IList <BlockedObjectInfo> CheckModificationObjects(SecurityObjectBuilder securityObjectMetaData, Type targetType, string memberName)
{
List <BlockedObjectInfo> blockedList = new List <BlockedObjectInfo>();
bool isGranted = securityDbContext.Security.IsGranted(targetType, SecurityOperation.Write, securityObjectMetaData.RealObject, memberName);
if (!isGranted)
{
// throw new SecurityAccessException("Write Deny " + targetType.ToString() + "Member name " + memberName);
blockedList.Add(new BlockedObjectInfo {
operationType = BlockedObjectInfo.OperationType.Write,
objectType = targetType,
memberName = memberName
});
}
return(blockedList);
}
private void ApplyModification(IEnumerable <EntityEntry> entitiesEntry, IEnumerable <ModifiedObjectMetadata> modifyObjectsMetada)
{
foreach (var entityEntry in entitiesEntry)
{
ModifiedObjectMetadata modifyObjectMetada = modifyObjectsMetada.First(p => p.Object == entityEntry.Entity);
SecurityObjectBuilder securityObjectMetaData = securityObjectRepository.GetObjectMetaData(entityEntry.Entity);
if (securityObjectMetaData == null)
{
securityObjectMetaData = new SecurityObjectBuilder();
securityObjectMetaData.RealObject = securityDbContext.RealDbContext.GetObject(entityEntry.Entity);
securityObjectMetaData.SecurityObject = entityEntry.Entity;
securityObjectRepository.RegisterBuilder(securityObjectMetaData);
}
ApplyModyfication(securityObjectMetaData.RealObject, modifyObjectMetada);
}
}
private IEnumerable <SecurityObjectBuilder> PrepareRemovedObjects(IEnumerable <EntityEntry> entitiesEntry)
{
List <SecurityObjectBuilder> securityObjectBuilders = new List <SecurityObjectBuilder>();
foreach (EntityEntry entityEntry in entitiesEntry)
{
SecurityObjectBuilder securityObjectMetaData = securityObjectRepository.GetObjectMetaData(entityEntry.Entity);
if (securityObjectMetaData == null)
{
securityObjectMetaData = new SecurityObjectBuilder();
securityObjectMetaData.RealObject = securityDbContext.RealDbContext.GetObject(entityEntry.Entity);
securityObjectMetaData.SecurityObject = entityEntry.Entity;
securityObjectRepository.RegisterBuilder(securityObjectMetaData);
}
securityObjectBuilders.Add(securityObjectMetaData);
}
return(securityObjectBuilders);
}
private IEnumerable <object> GetOrCreateResultObjects(IEnumerable <object> securityObjects, IEnumerable <object> objects, IEnumerable <SecurityObjectBuilder> modyficationsObjects)
{
List <object> resultObject = new List <object>();
foreach (object targetObject in objects)
{
SecurityObjectBuilder objectMetaData = modyficationsObjects.FirstOrDefault(p => p.RealObject == targetObject);
if (objectMetaData != null && objectMetaData.SecurityObject != null)
{
resultObject.Add(objectMetaData.SecurityObject);
}
else
{
resultObject.Add(targetObject);
}
}
return(resultObject);
}
private static Dictionary <string, List <SecurityObjectBuilder> > GetModifyObjectsInListProperty(SecurityObjectBuilder modyficationsObject, List <SecurityObjectBuilder> modyficationsObjects, IModel model, IPermissionProcessor processor)
{
Dictionary <string, List <SecurityObjectBuilder> > denyObjectsInListProperty = new Dictionary <string, List <SecurityObjectBuilder> >();
Type targetType = modyficationsObject.RealObject.GetType();
IEntityType entityType = model.FindEntityType(targetType);
IEnumerable <INavigation> properties = entityType.GetNavigations();
IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties();
foreach (INavigation propertyNavigation in properties)
{
PropertyInfo navigationListPropertyInfo = propertiesInfo.First(p => p.Name == propertyNavigation.Name);
if (propertyNavigation.IsCollection())
{
IEnumerable listObject = (IEnumerable)navigationListPropertyInfo.GetValue(modyficationsObject.RealObject);
if (listObject != null)
{
foreach (object objectInList in listObject)
{
List <object> denyObject;
modyficationsObject.BlockedObjectsInListProperty.TryGetValue(propertyNavigation.Name, out denyObject);
if (denyObject != null && denyObject.Contains(objectInList))
{
continue;
}
SecurityObjectBuilder securityObjectMetaData = modyficationsObjects.FirstOrDefault(p => p.RealObject == objectInList);
if (securityObjectMetaData != null && securityObjectMetaData.NeedToModify())
{
List <SecurityObjectBuilder> modyfiObjectInList;
if (!denyObjectsInListProperty.TryGetValue(propertyNavigation.Name, out modyfiObjectInList))
{
modyfiObjectInList = new List <SecurityObjectBuilder>();
denyObjectsInListProperty.Add(propertyNavigation.Name, modyfiObjectInList);
}
SecurityObjectBuilder objectInListMetaInfo = modyficationsObjects.First(p => p.RealObject == objectInList);
modyfiObjectInList.Add(objectInListMetaInfo);
}
}
}
}
}
return(denyObjectsInListProperty);
}
public static IEnumerable <SecurityObjectBuilder> GetModificationsDifferences(IPermissionProcessor processor, IModel model, IEnumerable <object> processingEntity, IEnumerable <object> blockedObjects)
{
List <SecurityObjectBuilder> modifiedObjects = new List <SecurityObjectBuilder>();
foreach (object targetObject in processingEntity)
{
SecurityObjectBuilder securityObjectBuilder = new SecurityObjectBuilder();
modifiedObjects.Add(securityObjectBuilder);
securityObjectBuilder.RealObject = targetObject;
securityObjectBuilder.BlockedProperties = GetBlockedProperties(targetObject, model, processor);
securityObjectBuilder.BlockedNavigationProperties = GetBlockedNavigationProperties(targetObject, blockedObjects, model, processor);
securityObjectBuilder.BlockedObjectsInListProperty = GetBlockedObjectsInListProperty(targetObject, blockedObjects, model, processor);
}
foreach (SecurityObjectBuilder modyficationsObject in modifiedObjects)
{
modyficationsObject.ModifyObjectsInListProperty = GetModifyObjectsInListProperty(modyficationsObject, modifiedObjects, model, processor);
}
return(modifiedObjects);
}
private IList <BlockedObjectInfo> CheckModificationObjects(IEnumerable <ModifiedObjectMetadata> modifyObjectsMetada)
{
List <BlockedObjectInfo> blockedList = new List <BlockedObjectInfo>();
foreach (ModifiedObjectMetadata modifyObjectMetada in modifyObjectsMetada)
{
SecurityObjectBuilder securityObjectMetaData = securityObjectRepository.GetObjectMetaData(modifyObjectMetada.Object);
Type targetType = securityObjectMetaData.RealObject.GetType();
foreach (string memberName in modifyObjectMetada.Properties.Keys)
{
blockedList.AddRange(CheckModificationObjects(securityObjectMetaData, targetType, memberName));
}
foreach (string memberName in modifyObjectMetada.NavigationProperties)
{
blockedList.AddRange(CheckModificationObjects(securityObjectMetaData, targetType, memberName));
}
}
return(blockedList);
}
private IEnumerable <BlockedObjectInfo> CheckModifiedNavigations(IEnumerable <ModifiedObjectMetadata> modifyObjectMetadaForAddedObjects)
{
List <BlockedObjectInfo> blockedList = new List <BlockedObjectInfo>();
foreach (ModifiedObjectMetadata modifyObjectMetada in modifyObjectMetadaForAddedObjects)
{
SecurityObjectBuilder securityObjectMetaData = GetOrCreateBuilder(modifyObjectMetada);
Type targetType = securityObjectMetaData.RealObject.GetType();
foreach (var navigationProperty in modifyObjectMetada.NavigationProperties)
{
bool isGranted = securityDbContext.Security.IsGranted(targetType, SecurityOperation.Write, securityObjectMetaData.RealObject, navigationProperty);
if (!isGranted)
{
blockedList.Add(new BlockedObjectInfo {
operationType = BlockedObjectInfo.OperationType.Write,
objectType = targetType,
memberName = navigationProperty
});
}
}
}
return(blockedList);
}
private IEnumerable <object> CreateSecurityObjects(IEnumerable <object> processingEntity, IEnumerable <object> denyObjects, IEnumerable <SecurityObjectBuilder> modyficationsObjects)
{
List <object> securityObjects = new List <object>();
foreach (object targetObject in processingEntity)
{
SecurityObjectBuilder modifyObjectMetaInfo = modyficationsObjects.First(p => p.RealObject == targetObject);
if (modifyObjectMetaInfo != null)
{
object securityObject;
if (modifyObjectMetaInfo.SecurityObject == null)
{
securityObject = modifyObjectMetaInfo.CreateSecurityObject(securityDbContext.Model, securityObjectRepository);
}
else
{
securityObject = modifyObjectMetaInfo.SecurityObject;
}
securityObjects.Add(securityObject);
}
}
return(securityObjects);
}
public bool RemoveBuilder(SecurityObjectBuilder builder)
{
return(resource.Remove(builder));
}
public object CreateRealObject(IModel model, ISecurityObjectRepository securityObjectRepository)
{
Type targetType = SecurityObject.GetType();
RealObject = Activator.CreateInstance(SecurityObject.GetType());
IEntityType entityType = model.FindEntityType(targetType);
IEnumerable <PropertyInfo> properiesInfo = targetType.GetRuntimeProperties();
IEnumerable <INavigation> navigations = entityType.GetNavigations();
IReadOnlyList <IProperty> primaryKeyProperties = entityType.FindPrimaryKey().Properties;
foreach (PropertyInfo propertyInfo in properiesInfo)
{
object defaultValue = propertyInfo.GetValue(RealObject);
defaultValueDictionary[propertyInfo.Name] = defaultValue;
if (navigations.Any(p => p.Name == propertyInfo.Name))
{
INavigation navigation = navigations.First(p => p.Name == propertyInfo.Name);
if (navigation.IsCollection())
{
IClrCollectionAccessor collectionAccessor = navigation.GetCollectionAccessor();
IEnumerable realObjectListPropertyValue = (IEnumerable)propertyInfo.GetValue(RealObject);
IEnumerable securityObjectListPropertyValue = (IEnumerable)propertyInfo.GetValue(SecurityObject);
if (securityObjectListPropertyValue != null && realObjectListPropertyValue != null)
{
foreach (object objectInListProperty in securityObjectListPropertyValue)
{
SecurityObjectBuilder metadata = securityObjectRepository.GetObjectMetaData(objectInListProperty);
if (metadata == null)
{
metadata = new SecurityObjectBuilder();
securityObjectRepository.RegisterBuilder(metadata);
metadata.SecurityObject = objectInListProperty;
metadata.CreateRealObject(model, securityObjectRepository);
}
collectionAccessor.Add(RealObject, metadata.RealObject);
}
}
}
else
{
object realValue = propertyInfo.GetValue(SecurityObject);
if (!Equals(realValue, null))
{
SecurityObjectBuilder metadata = securityObjectRepository.GetObjectMetaData(realValue);
if (metadata == null)
{
metadata = new SecurityObjectBuilder();
securityObjectRepository.RegisterBuilder(metadata);
metadata.SecurityObject = realValue;
metadata.CreateRealObject(model, securityObjectRepository);
}
if (propertyInfo.SetMethod != null)
{
propertyInfo.SetValue(RealObject, metadata.RealObject);
}
}
}
}
else
{
bool isGeneratedPrimaryKey = false;
foreach (IProperty primaryKeyProperty in primaryKeyProperties)
{
if ((propertyInfo.Name == primaryKeyProperty.Name) && primaryKeyProperty.RequiresValueGenerator)
{
isGeneratedPrimaryKey = true;
}
}
if (propertyInfo.SetMethod != null && !isGeneratedPrimaryKey)
{
object securityValue = propertyInfo.GetValue(SecurityObject);
propertyInfo.SetValue(RealObject, securityValue);
}
}
}
return(RealObject);
}
public object CreateSecurityObject(IModel model, ISecurityObjectRepository securityObjectRepository)
{
Type targetType = RealObject.GetType();
SecurityObject = Activator.CreateInstance(RealObject.GetType());
IEntityType entityType = model.FindEntityType(targetType);
IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties();
IEnumerable <INavigation> navigations = entityType.GetNavigations();
foreach (PropertyInfo propertyInfo in propertiesInfo)
{
object defaultValue = propertyInfo.GetValue(SecurityObject);
defaultValueDictionary[propertyInfo.Name] = defaultValue;
if (this.IsPropertyBlocked(propertyInfo.Name))
{
if (navigations.Any(p => p.Name == propertyInfo.Name))
{
INavigation navigation = navigations.First(p => p.Name == propertyInfo.Name);
if (navigation.IsCollection())
{
if (propertyInfo.SetMethod != null)
{
propertyInfo.SetValue(SecurityObject, null);
}
}
}
continue;
}
if (navigations.Any(p => p.Name == propertyInfo.Name))
{
INavigation navigation = navigations.First(p => p.Name == propertyInfo.Name);
if (navigation.IsCollection())
{
IClrCollectionAccessor collectionAccessor = navigation.GetCollectionAccessor();
IEnumerable objectRealListProperty = (IEnumerable)propertyInfo.GetValue(RealObject);
IEnumerable objectSecurityListProperty = (IEnumerable)propertyInfo.GetValue(SecurityObject);
List <object> denyObject;
BlockedObjectsInListProperty.TryGetValue(propertyInfo.Name, out denyObject);
if (objectRealListProperty != null)
{
foreach (object objInList in objectRealListProperty)
{
if (denyObject != null && denyObject.Contains(objInList))
{
continue;
}
object objectToAdd;
SecurityObjectBuilder metadata = securityObjectRepository.GetObjectMetaData(objInList);
if (metadata != null)
{
if (metadata.SecurityObject != null)
{
objectToAdd = metadata.SecurityObject;
}
else
{
objectToAdd = metadata.CreateSecurityObject(model, securityObjectRepository);
}
}
else
{
throw new Exception();
}
collectionAccessor.Add(SecurityObject, objectToAdd);
}
}
}
else
{
object realValue = propertyInfo.GetValue(RealObject);
SecurityObjectBuilder metadata = securityObjectRepository.GetObjectMetaData(realValue);
if (metadata != null && realValue != null)
{
if (metadata.SecurityObject == null)
{
metadata.SecurityObject = metadata.CreateSecurityObject(model, securityObjectRepository);
}
if (propertyInfo.SetMethod != null)
{
propertyInfo.SetValue(SecurityObject, metadata.SecurityObject);
}
}
else
{
if (propertyInfo.SetMethod != null)
{
propertyInfo.SetValue(SecurityObject, realValue);
}
}
}
}
else
{
if (propertyInfo.SetMethod != null)
{
object realValue = propertyInfo.GetValue(RealObject);
propertyInfo.SetValue(SecurityObject, realValue);
}
}
}
foreach (PropertyInfo propertyInfo in propertiesInfo)
{
object originalValue = propertyInfo.GetValue(SecurityObject);
originalValueSecurityObjectDictionary.Add(propertyInfo.Name, originalValue);
}
if (SecurityObject is ISecurityEntity)
{
ISecurityEntity securityEntity = (ISecurityEntity)SecurityObject;
List <string> blockedMembers = new List <string>();
blockedMembers.AddRange(BlockedProperties);
blockedMembers.AddRange(BlockedNavigationProperties);
securityEntity.BlockedMembers = blockedMembers;
}
return(SecurityObject);
}
