|
public static GetInstance ( int securableContextId ) : |
||
| securableContextId | int | |
| return | ||
public bool IsAuthorised(Guid?domainUid, Guid rootMapUid, params IRight[] requiredRights)
{
using (SecurityDBDataContext dataContext = new SecurityDBDataContext(Connection))
{
var accessibleGroups = from securableObject in dataContext.GroupAssociations
where securableObject.SecurableContextId == SecurableContextId && securableObject.SecurableParentUid == domainUid && securableObject.SecurableObjectUid == rootMapUid && securableObject.Group.GroupSPID != null
select securableObject.Group;
Dictionary <int, Group> sortedGroups = accessibleGroups.ToDictionary(x => x.GroupSPID.Value);
foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
{
SPGroup group = roleAssignment.Member as SPGroup;
/// Check that we're actually looking at a group, that this group contains the current user, and that this group is on the list of accessible groups.
if (group != null && group.ContainsCurrentUser)
{
/// Do a check that this group actually has the required right.
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
IRole role = null;
switch (roleDefinition.Name)
{
case GlymaSecurityManagerRoleName:
/// This user is a Glyma Security Manager, they have access to everything.
return(true);
case GlymaProjectManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
break;
case GlymaMapManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
break;
case GlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case GlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
case OldGlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case OldGlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
default:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
}
if (sortedGroups.ContainsKey(group.ID))
{
if (role.HasRights(requiredRights))
{
return(true);
}
}
}
}
}
return(false);
}
}
public IEnumerable <Guid> IsAuthorised(Guid?domainUid, IEnumerable <Guid> rootMapUids, params IRight[] requiredRights)
{
using (SecurityDBDataContext dataContext = new SecurityDBDataContext(Connection))
{
List <Guid> authorisedObjects = new List <Guid>();
/// Only get the securable objects for the securable context ID we have access and the domain ID we were provided.
var accessibleGroupAssociations = from securableObject in dataContext.GroupAssociations
where securableObject.SecurableContextId == SecurableContextId// && securableObject.SecurableParentUid == domainUid && securableObject.Group.GroupSPID != null
select securableObject;
//foreach (Guid rootMapUid in rootMapUids)
//{
// accessibleGroupAssociations = from securableObject in accessibleGroupAssociations
// where securableObject.SecurableObjectUid == rootMapUid
// select securableObject;
//}
/// Only get the securable objects for the root map IDs we were supplied with.
//var accessibleAndRelevantGroupAssociations = from securableObject in accessibleGroupAssociations
// where rootMapUids.Any(x => x == securableObject.SecurableObjectUid)
// select securableObject;
Dictionary <int, List <Guid> > organisedGroupAssociations = new Dictionary <int, List <Guid> >();
foreach (var groupAssociation in accessibleGroupAssociations)
{
if (groupAssociation.Group.GroupSPID == null)
{
continue;
}
List <Guid> groupAssociations;
if (!organisedGroupAssociations.ContainsKey(groupAssociation.Group.GroupSPID.Value))
{
groupAssociations = new List <Guid>();
organisedGroupAssociations[groupAssociation.Group.GroupSPID.Value] = groupAssociations;
}
else
{
groupAssociations = organisedGroupAssociations[groupAssociation.Group.GroupSPID.Value];
}
if (groupAssociation.SecurableObjectUid != null)
{
groupAssociations.Add(groupAssociation.SecurableObjectUid.Value);
}
}
List <Guid> accessibleObjects = new List <Guid>();
foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
{
SPGroup group = roleAssignment.Member as SPGroup;
/// Check that we're actually looking at a group, and that this group is on the list of accessible groups, and that this group contains the current user.
if (group != null && group.ContainsCurrentUser)
{
/// Do a check that this group actually has the required right.
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
IRole role = null;
switch (roleDefinition.Name)
{
case GlymaSecurityManagerRoleName:
/// This user is a Glyma Security Manager, they have access to everything.
return(rootMapUids);
case GlymaProjectManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
break;
case GlymaMapManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
break;
case GlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case GlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
case OldGlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case OldGlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
default:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
}
if (organisedGroupAssociations.ContainsKey(group.ID))
{
if (role.HasRights(requiredRights))
{
accessibleObjects.AddRange(organisedGroupAssociations[group.ID]);
}
}
}
}
}
return(accessibleObjects.ToArray());
//Dictionary<Guid, SecurityPair> sortedGroups = accessibleGroups.ToDictionary(x => x.SecurableObjectUid.Value);
//foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
//{
// SPGroup group = roleAssignment.Member as SPGroup;
// /// Check that we're actually looking at a group, that this group contains the current user, and that this group is on the list of accessible groups.
// if (group != null && group.ContainsCurrentUser && sortedGroups.ContainsKey(group.ID))
// {
// /// Do a check that this group actually has the required right.
// foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
// {
// IRole role = null;
// switch (roleDefinition.Name)
// {
// case GlymaSecurityManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaSecurityManagerRole;
// break;
// case GlymaProjectManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
// break;
// case GlymaMapManagerRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
// break;
// case GlymaMapAuthorRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
// break;
// case GlymaMapReaderRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// case OldGlymaMapAuthorRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
// break;
// case OldGlymaMapReaderRoleName:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// default:
// role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
// break;
// }
// if (role.HasRights(requiredRights))
// {
// }
// }
// }
//}
//return false;
}
}
public bool IsAuthorised(params IRight[] requiredRights)
{
/// We need to filter out only the rights for which kind of query is going to be permitted. In this case only the following rights should be allowed.
/// 1. All Glyma Security Manager rights as they have unrestricted access to the entire securable context.
/// 2. Glyma Project Manager create right as they have unrestricted rights to create new domains.
/// 3. The transaction right as this is a requires transaction to do anything other than reading.
/// 4. The benign access right as this right doesn't actually have access to do anything and should be given to anyone that has access to the system, even unauthorised people.
List <IRight> rightsPermittedForThisQuery = new List <IRight>();
foreach (IRight requiredRight in requiredRights)
{
if (requiredRight == SPGlymaRightFactory.Instance.SecurableContextManageRight ||
requiredRight == SPGlymaRightFactory.Instance.RootMapCreateRight ||
requiredRight == SPGlymaRightFactory.Instance.TransactionRight ||
requiredRight == SPGlymaRightFactory.Instance.BenignAccessRight)
{
rightsPermittedForThisQuery.Add(requiredRight);
}
}
IRight[] permittedRights = rightsPermittedForThisQuery.ToArray();
foreach (SPRoleAssignment roleAssignment in Web.RoleAssignments)
{
SPGroup group = roleAssignment.Member as SPGroup;
/// Check that we're actually looking at a group, that this group contains the current user, and that this group is on the list of accessible groups.
if (group != null && group.ContainsCurrentUser)
{
/// Do a check that this group actually has the required right.
foreach (SPRoleDefinition roleDefinition in roleAssignment.RoleDefinitionBindings)
{
IRole role = null;
switch (roleDefinition.Name)
{
case GlymaSecurityManagerRoleName:
/// This user is a Glyma Security Manager, they have access to everything.
return(true);
case GlymaProjectManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaProjectManagerRole;
break;
case GlymaMapManagerRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapManagerRole;
break;
case GlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case GlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
case OldGlymaMapAuthorRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapAuthorRole;
break;
case OldGlymaMapReaderRoleName:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
default:
role = SPGlymaRoleFactory.GetInstance(SecurableContextId.Value).GlymaMapReaderRole;
break;
}
if (role.HasRights(permittedRights))
{
return(true);
}
}
}
}
return(false);
}
