public bool CanAccess(RequestAttributes reqAttrs, Format format, string operationName) { if (HostContext.Config != null && !HostContext.Config.EnableAccessRestrictions) return true; Operation operation; OperationNamesMap.TryGetValue(operationName.ToLower(), out operation); if (operation == null) return false; var canCall = HasImplementation(operation, format); if (!canCall) return false; if (operation.RestrictTo == null) return true; var allow = operation.RestrictTo.HasAccessTo(reqAttrs); if (!allow) return false; var allowsFormat = operation.RestrictTo.HasAccessTo((RequestAttributes)(long)format); return allowsFormat; }
private static bool CanShowToNetwork(RestrictAttribute restrictTo, RequestAttributes reqAttrs) { if (reqAttrs.IsLocalhost()) return restrictTo.CanShowTo(RequestAttributes.Localhost) || restrictTo.CanShowTo(RequestAttributes.LocalSubnet); return restrictTo.CanShowTo( reqAttrs.IsLocalSubnet() ? RequestAttributes.LocalSubnet : RequestAttributes.External); }
public void AssertServiceRestrictions(Type requestType, RequestAttributes actualAttributes) { if (!appHost.Config.EnableAccessRestrictions) return; if ((RequestAttributes.InProcess & actualAttributes) == RequestAttributes.InProcess) return; RestrictAttribute restrictAttr; var hasNoAccessRestrictions = !requestServiceAttrs.TryGetValue(requestType, out restrictAttr) || restrictAttr.HasNoAccessRestrictions; if (hasNoAccessRestrictions) { return; } var failedScenarios = StringBuilderCache.Allocate(); foreach (var requiredScenario in restrictAttr.AccessibleToAny) { var allServiceRestrictionsMet = (requiredScenario & actualAttributes) == actualAttributes; if (allServiceRestrictionsMet) { return; } var passed = requiredScenario & actualAttributes; var failed = requiredScenario & ~(passed); failedScenarios.AppendFormat("\n -[{0}]", failed); } var internalDebugMsg = (RequestAttributes.InternalNetworkAccess & actualAttributes) != 0 ? "\n Unauthorized call was made from: " + actualAttributes : ""; throw new UnauthorizedAccessException( string.Format("Could not execute service '{0}', The following restrictions were not met: '{1}'" + internalDebugMsg, requestType.GetOperationName(), StringBuilderCache.ReturnAndFree(failedScenarios))); }