/// <summary>
/// Gets the permission names.
/// </summary>
/// <param name="uris">The uris.</param>
/// <returns>List of premission names.</returns>
internal static List <string> GetPermissionNames(IEnumerable <string> uris)
{
List <string> permissionNames = new List <string>();
foreach (string uri in uris)
{
SecurityPredicate pr = SecurityPredicateAccess.SecurityPredicates.Where(sp =>
sp.Uri.Equals(uri, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (pr != null)
{
permissionNames.Add(pr.Name);
}
else
{
pr = SecurityPredicateAccess.SecurityPredicates.Where(sp =>
sp.InverseUri.Equals(uri, StringComparison.OrdinalIgnoreCase)).FirstOrDefault();
if (pr != null)
{
permissionNames.Add(pr.Name);
}
}
}
////Process 'read' permission - if no deny read is present add read permission to the list
if (!uris.Contains(SecurityPredicateAccess.GetInverseUri("Read")))
{
permissionNames.Add("Read");
}
return(permissionNames);
}
/// <summary>
/// Gets the owned resources.
/// </summary>
/// <typeparam name="T">Type of resource</typeparam>
/// <param name="token">Authenticated token</param>
/// <param name="context">Zentity context</param>
/// <returns>List of resources types</returns>
internal static IQueryable <T> GetOwnedResources <T>(AuthenticatedToken token, ZentityContext context)
where T : Resource
{
string ownerUri = SecurityPredicateAccess.GetPredicateUri("Owner");
string denyOwnerUri = SecurityPredicateAccess.GetInverseUri("Owner");
Identity currentUser = GetIdentity(token.IdentityName, context);
Group allUsers = GetGroup(AllUsersGroupName, context);
if (currentUser != null)
{
IQueryable <T> explicitOwnedResources = currentUser.GetAuthorizedResources(context, ownerUri).OfType <T>();
IQueryable <T> allOwnedResources = token.GetAuthorizedResources(context, ownerUri)
.Concat(allUsers.GetAuthorizedResources(context, ownerUri)).OfType <T>();
IQueryable <T> allDeniedResources = token.GetAuthorizedResources(context, denyOwnerUri)
.Concat(allUsers.GetAuthorizedResources(context, denyOwnerUri)).OfType <T>();
return(allOwnedResources.Except(allDeniedResources).Union(explicitOwnedResources));
}
else
{
return(new List <T>(0).AsQueryable());
}
}
/// <summary>
/// Returns a value indicating if the identity is the explicit
/// owner of the resource.
/// </summary>
/// <typeparam name="T">Type of resource</typeparam>
/// <param name="identity">Identity</param>
/// <param name="resource">Resource</param>
/// <param name="context">Zentity context</param>
/// <returns>System.Boolean; <c>true</c> if the identity is the explicit
/// owner, <c>false</c> otherwise</returns>
internal static bool IsExplicitOwner <T>(Identity identity, Resource resource, ZentityContext context)
where T : Resource
{
return(!identity.VerifyAuthorization(SecurityPredicateAccess.GetInverseUri("Owner"), resource, context) &&
identity.VerifyAuthorization(SecurityPredicateAccess.GetPredicateUri("Owner"), resource, context));
}