Beispiel #1
0
        /// <summary>
        /// Checks if the CurrentUser is allowed to access the specified theme in the requested context.
        /// </summary>
        /// <param name="theme">The theme access is being requested for.</param>
        /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            Theme theme,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (theme == null)
            {
                Logger.LogError(5, "Access to a NULL Theme cannot be allowed!");
                return(false);
            }

            List <GroupPermissions> contentAllowedGroups = null;

            isAllowed =
                IsContentAccessAllowed(theme.Dlt_ID, SecureRequestContext.ContentType.THEME, out contentAllowedGroups);
            if (isAllowed)
            {
                isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
            }

            return(isAllowed);
        }
Beispiel #2
0
        public bool IsAllowed(
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (requestContext == null)
            {
                Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!");
                return(false);
            }

            if (!requestContext.IsSecurityContextDynamic)
            {
                isAllowed = IsRequestContextAllowed(CurrentUserSecurityContext.CurrentUserGroupPermissions, requestContext);
            }
            else
            {
                AppSecurityContext  appSecContext     = new AppSecurityContext(AppSecurityContext.StagingDbLcf);
                UserSecurityContext dynamicSecContext = UserSecurityContext.GetCurrentUserSecurityContext(appSecContext);
                isAllowed = IsRequestContextAllowed(dynamicSecContext.CurrentUserGroupPermissions, requestContext);
            }

            return(isAllowed);
        }
Beispiel #3
0
        /// <summary>
        /// Checks if the CurrentUser is allowed to access the specified layergroup in the requested context.
        /// </summary>
        /// <param name="layerGroup">The layerGroup access is being requested for.</param>
        /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            LayerGroup layerGroup,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (layerGroup == null)
            {
                Logger.LogError(5, "Access to a NULL layerGroup cannot be allowed!");
                return(false);
            }

            List <GroupPermissions> contentAllowedGroups = null;

            isAllowed =
                IsContentAccessAllowed(layerGroup.LayerGroup_ID, SecureRequestContext.ContentType.STAT_LAYER_GROUP, out contentAllowedGroups);
            if (isAllowed)
            {
                isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
            }

            return(isAllowed);
        }
Beispiel #4
0
        /// <summary>
        /// Checks if the CurrentUser is allowed to access the specified facility group in the requested context.
        /// </summary>
        /// <param name="stat">The facility group access is being requested for.</param>
        /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            FacilityGroup fac,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (fac == null)
            {
                Logger.LogError(5, "Access to a NULL facilityGroup cannot be allowed!");
                return(false);
            }

            List <GroupPermissions> contentAllowedGroups = null;

            isAllowed =
                IsContentAccessAllowed(fac.Dlf_ID, SecureRequestContext.ContentType.FACILITY_GROUP, out contentAllowedGroups);
            if (isAllowed)
            {
                isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
            }

            return(isAllowed);
        }
Beispiel #5
0
        /// <summary>
        /// Filters the supplied list of theme objects returning a list of only those
        /// statistics that are allowed by the security context.
        /// Other descriptions of content (e.g. ThemeMenuNode) can be translated (into Theme for example) using the ContentIdentityTranslator class.
        /// </summary>
        /// <param name="themes">A list of Theme objects to check access is allowed to.</param>
        /// <param name="reqContext">The context within which the request is being.</param>
        /// <returns>A list of only those themes that are allowed by the security context.</returns>
        public List <Theme> GetAllowed(
            List <Theme> themes,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(themes);
            }

            List <Theme> allowedThemes = null;

            if (themes == null)
            {
                Logger.LogError(5, "Cannot filter a NULL list of Themes!");
                return(null);
            }
            else if (themes.Count == 0)
            {
                // Logger.LogWarning("Cannot filter an empty list of Themes!");
                return(themes);
            }

            allowedThemes = new List <Theme>();

            foreach (Theme theme in themes)
            {
                if (IsAllowed(theme, requestContext))
                {
                    allowedThemes.Add(theme);
                }
            }

            return(allowedThemes);
        }
Beispiel #6
0
        /// <summary>
        /// Checks if the CurrentUser is allowed to access the specified report in the requested context.
        /// </summary>
        /// <param name="report">The report access is being requested for.</param>
        /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            Report report,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (report == null)
            {
                Logger.LogError(5, "Access to a NULL report cannot be allowed!");
                return(false);
            }

            List <GroupPermissions> contentAllowedGroups = null;

            isAllowed =
                IsContentAccessAllowed(report.Report_ID, SecureRequestContext.ContentType.REPORT, out contentAllowedGroups);
            if (isAllowed)
            {
                isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
            }

            return(isAllowed);
        }
Beispiel #7
0
        /// <summary>
        /// Filters the supplied list of facility group objects returning a list of only those
        /// statistics that are allowed by the security context.
        /// Other descriptions of content (e.g. cg_facility_desciption) can be translated (into FacilityGroup for example) using the ContentIdentityTranslator class.
        /// </summary>
        /// <param name="statDescs">A list of FacilityGroup objects to check access is allowed to.</param>
        /// <param name="reqContext">The context within which the request is being.</param>
        /// <returns>A list of only those statistics that are allowed by the security context.</returns>
        public List <FacilityGroup> GetAllowed(
            List <FacilityGroup> facilityGroups,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(facilityGroups);
            }

            List <FacilityGroup> allowedFacilityGroups = null;

            if (facilityGroups == null)
            {
                Logger.LogError(5, "Cannot filter a NULL list of facilityGroups!");
                return(null);
            }
            else if (facilityGroups.Count == 0)
            {
                // Logger.LogWarning("Cannot filter an empty list of facilityGroups!");
                return(facilityGroups);
            }

            allowedFacilityGroups = new List <FacilityGroup>();

            foreach (FacilityGroup facilityGroup in facilityGroups)
            {
                if (IsAllowed(facilityGroup, requestContext))
                {
                    allowedFacilityGroups.Add(facilityGroup);
                }
            }

            return(allowedFacilityGroups);
        }
Beispiel #8
0
        public List <Report> GetAllowed(
            List <Report> reports,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(reports);
            }

            List <Report> allowedReports = null;

            if (reports == null)
            {
                Logger.LogError(5, "Cannot filter a NULL list of reports!");
                return(reports);
            }
            else if (reports.Count == 0)
            {
                // Logger.LogWarning("Cannot filter an empty list of reports!");
                return(reports);
            }

            allowedReports = new List <Report>();

            foreach (Report report in reports)
            {
                if (IsAllowed(report, requestContext))
                {
                    allowedReports.Add(report);
                }
            }

            return(allowedReports);
        }
Beispiel #9
0
        /// <summary>
        /// Filters the supplied list of GeogType/StatLayer Pair objects returning a list of only those
        /// statistics that are allowed by the security context.
        /// Other descriptions of content (e.g. cg_statistic_desciption) can be translated (into GeogTypeStatLayerPair for example) using the ContentIdentityTranslator class.
        /// </summary>
        /// <param name="statDescs">A list of statistic objects to check access is allowed to.</param>
        /// <param name="reqContext">The context within which the request is being.</param>
        /// <returns>A list of only those statistics that are allowed by the security context.</returns>
        public List <GeogTypeStatLayerPair> GetAllowed(
            List <GeogTypeStatLayerPair> statDescs,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(statDescs);
            }

            List <GeogTypeStatLayerPair> allowedStatDescs = null;

            if (statDescs == null)
            {
                Logger.LogError(5, "Cannot filter a NULL list of stat descs!");
                return(null);
            }
            else if (statDescs.Count == 0)
            {
                // Logger.LogWarning("Cannot filter an empty list of stat descs!");
                return(statDescs);
            }

            allowedStatDescs = new List <GeogTypeStatLayerPair>();

            foreach (GeogTypeStatLayerPair stat in statDescs)
            {
                if (IsAllowed(stat, requestContext))
                {
                    allowedStatDescs.Add(stat);
                }
            }

            return(allowedStatDescs);
        }
Beispiel #10
0
        //public bool IsAllowed(
        //   ZoomLevelInformation zli)
        //{
        //    SecureRequestContext requestContext = new SecureRequestContext(SecureRequestContext.DisplayType.MAP);
        //    return IsAllowed(zli, requestContext);
        //}

        //public bool IsAllowed(
        //    ZoomLevelInformation zli,
        //    SecureRequestContext requestContext)
        //{
        //    bool isAllowed = false;

        //    try
        //    {
        //        if (AppSecContext.ZoomLevelIdGeoTypeIdLookup == null ||
        //            AppSecContext.ZoomLevelIdGeoTypeIdLookup.Count < 1)
        //        {
        //            Logger.LogError("Cannot check if ZoomLevelInformation is allowed as ZoomLevelIdGeoTypeIdLookup is NULL or empty!");
        //            return false;
        //        }

        //        // 1. Get the dlg_ID from the application cache using the ZoomLevelInformation.ID:
        //        if (!AppSecContext.ZoomLevelIdGeoTypeIdLookup.ContainsKey(zli.ID))
        //        {
        //            // This zoom level is not in the dl_geographies table and therefore is not secured and not securable.
        //            return true;
        //        }

        //        // 2. Check if the dlg_ID access is allowed:
        //        GeogTypeStatLayerPair geogType = new GeogTypeStatLayerPair();
        //        geogType.GeogTypeID = AppSecContext.ZoomLevelIdGeoTypeIdLookup[zli.ID];
        //        geogType.IsGeogTypeOnly = true;

        //        isAllowed = IsAllowed(geogType, requestContext);
        //    }
        //    catch (Exception ex)
        //    {
        //        Logger.LogError("Problem checking if requested ZoomLevelInformation (ID = " + zli.ID + ") is allowed at " + ex);
        //        isAllowed = false;
        //    }

        //    return isAllowed;
        //}

        /// <summary>
        /// Checks if the CurrentUser is allowed to access the specified statistic (layer and geography type) in the requested context.
        /// </summary>
        /// <param name="stat">The statistic access is being requested for.</param>
        /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            GeogTypeStatLayerPair stat,
            SecureRequestContext requestContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (stat == null)
            {
                Logger.LogError(5, "Access to a NULL stat desc cannot be allowed!");
                return(false);
            }

            List <GroupPermissions> allowedGeoUserGroups = null;
            List <GroupPermissions> allowedLayerGroups   = null;

            isAllowed =
                (stat.IsStatLayerOnly || IsContentAccessAllowed(stat.GeogTypeID, SecureRequestContext.ContentType.GEO_LAYER, out allowedGeoUserGroups)) &&
                (stat.IsGeogTypeOnly || IsContentAccessAllowed(stat.StatLayerID, SecureRequestContext.ContentType.STAT_LAYER, out allowedLayerGroups));

            if (isAllowed)
            {
                if (stat.IsStatLayerOnly && allowedLayerGroups != null && allowedLayerGroups.Count > 0)
                {
                    isAllowed = IsRequestContextAllowed(allowedLayerGroups, requestContext);
                }
                else if (stat.IsGeogTypeOnly && allowedGeoUserGroups != null && allowedGeoUserGroups.Count > 0)
                {
                    isAllowed = IsRequestContextAllowed(allowedGeoUserGroups, requestContext);
                }
                else if (!stat.IsStatLayerOnly && !stat.IsGeogTypeOnly)
                {
                    List <GroupPermissions> contentAllowedGroups = GetUserGroupsInCommon(allowedGeoUserGroups, allowedLayerGroups);

                    if (contentAllowedGroups == null || contentAllowedGroups.Count == 0)
                    {
                        isAllowed = false;
                    }
                    else
                    {
                        isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
                    }
                }
            }

            return(isAllowed);
        }
Beispiel #11
0
        public bool IsRequestContextAllowed(
            List <GroupPermissions> contentAllowedGroups,
            SecureRequestContext requestContext)
        {
            bool isRequestContextAllowed = false;

            if (!requestContext.IsSpecified)
            {   // If this is a request that has no security context at all, allow it.
                return(true);
            }

            if (contentAllowedGroups == null || contentAllowedGroups.Count == 0)
            {
                return(false);
            }

            if (requestContext == null)
            {
                return(false);
            }

            foreach (GroupPermissions group in contentAllowedGroups)
            {
                bool displayModeAllowed = false;

                // TODO: change this to work like the functionality below:
                if (requestContext.DisplayMode == SecureRequestContext.DisplayType.UNKNOWN ||
                    IsContained(group.GroupDisplayPermissions, requestContext.DisplayMode))
                {
                    displayModeAllowed = true;
                }

                bool functionalityAllowed = false;

                if (requestContext.Functionality == SecureRequestContext.FunctionalityType.UNKNOWN ||
                    IsContained(group.GroupFunctionPermissions, requestContext.Functionality))
                {
                    functionalityAllowed = true;
                }

                if (displayModeAllowed && functionalityAllowed)
                {
                    isRequestContextAllowed = true;
                    break;
                }
            }

            return(isRequestContextAllowed);
        }
Beispiel #12
0
        /// <summary>
        /// Checks if the CurrentUser is allowed the requested context.
        /// </summary>
        /// <param name="requestContext">The request context access is being checked for.</param>
        /// <returns>True, if the request is allowed, false otherwise.</returns>
        public bool IsAllowed(
            SecureRequestContext requestContext,
            UserSecurityContext secContext)
        {
            if (!IsUseSecurityRules)
            {
                return(true);
            }

            bool isAllowed = false;

            if (requestContext == null)
            {
                Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!");
                return(false);
            }

            isAllowed = IsRequestContextAllowed(secContext.CurrentUserGroupPermissions, requestContext);

            return(isAllowed);
        }