/// <summary>
/// Initializes a new instance of the <see cref="OwnershipInitializationCreateEntityDecorator{T}"/> class.
/// </summary>
/// <param name="next">The decorated instance for which authorization is being performed.</param>
/// <param name="authorizationContextProvider">Provides access to the authorization context, such as the resource and action.</param>
/// <param name="authorizationFilteringProvider">The component capable of authorizing the request, given necessary context.</param>
/// <param name="authorizationFilterDefinitionProvider"></param>
/// <param name="explicitObjectValidators"></param>
/// <param name="authorizationBasisMetadataSelector"></param>
/// <param name="securityRepository"></param>
/// <param name="sessionFactory"></param>
/// <param name="apiKeyContextProvider"></param>
/// <param name="viewBasedSingleItemAuthorizationQuerySupport"></param>
public OwnershipInitializationCreateEntityDecorator(
ICreateEntity <T> next,
IAuthorizationContextProvider authorizationContextProvider,
IAuthorizationFilteringProvider authorizationFilteringProvider,
IAuthorizationFilterDefinitionProvider authorizationFilterDefinitionProvider,
IExplicitObjectValidator[] explicitObjectValidators,
IAuthorizationBasisMetadataSelector authorizationBasisMetadataSelector,
ISecurityRepository securityRepository,
ISessionFactory sessionFactory,
IApiKeyContextProvider apiKeyContextProvider,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
: base(
authorizationContextProvider,
authorizationFilteringProvider,
authorizationFilterDefinitionProvider,
explicitObjectValidators,
authorizationBasisMetadataSelector,
securityRepository,
sessionFactory,
apiKeyContextProvider,
viewBasedSingleItemAuthorizationQuerySupport)
{
_next = Preconditions.ThrowIfNull(next, nameof(next));
_apiKeyContextProvider = Preconditions.ThrowIfNull(apiKeyContextProvider, nameof(apiKeyContextProvider));
}
/// <summary>
/// Initializes a new instance of the <see cref="GetEntityByKeyAuthorizationDecorator{T}"/> class.
/// </summary>
/// <param name="next">The decorated instance for which authorization is being performed.</param>
/// <param name="authorizationContextProvider">Provides access to the authorization context, such as the resource and action.</param>
/// <param name="authorizationFilteringProvider"></param>
/// <param name="authorizationFilterDefinitionProvider"></param>
/// <param name="explicitObjectValidators"></param>
/// <param name="authorizationBasisMetadataSelector"></param>
/// <param name="securityRepository"></param>
/// <param name="sessionFactory"></param>
/// <param name="apiKeyContextProvider"></param>
/// <param name="viewBasedSingleItemAuthorizationQuerySupport"></param>
public GetEntityByKeyAuthorizationDecorator(
IGetEntityByKey <T> next,
IAuthorizationContextProvider authorizationContextProvider,
IAuthorizationFilteringProvider authorizationFilteringProvider,
IAuthorizationFilterDefinitionProvider authorizationFilterDefinitionProvider,
IExplicitObjectValidator[] explicitObjectValidators,
IAuthorizationBasisMetadataSelector authorizationBasisMetadataSelector,
ISecurityRepository securityRepository,
ISessionFactory sessionFactory,
IApiKeyContextProvider apiKeyContextProvider,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
: base(
authorizationContextProvider,
authorizationFilteringProvider,
authorizationFilterDefinitionProvider,
explicitObjectValidators,
authorizationBasisMetadataSelector,
securityRepository,
sessionFactory,
apiKeyContextProvider,
viewBasedSingleItemAuthorizationQuerySupport)
{
_next = next;
_viewBasedSingleItemAuthorizationQuerySupport = viewBasedSingleItemAuthorizationQuerySupport;
}
protected RepositoryOperationAuthorizationDecoratorBase(
IAuthorizationContextProvider authorizationContextProvider,
IAuthorizationFilteringProvider authorizationFilteringProvider,
IAuthorizationFilterDefinitionProvider authorizationFilterDefinitionProvider,
IExplicitObjectValidator[] explicitObjectValidators,
IAuthorizationBasisMetadataSelector authorizationBasisMetadataSelector,
ISecurityRepository securityRepository,
ISessionFactory sessionFactory,
IApiKeyContextProvider apiKeyContextProvider,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
{
_authorizationContextProvider = authorizationContextProvider;
_authorizationFilteringProvider = authorizationFilteringProvider;
_authorizationFilterDefinitionProvider = authorizationFilterDefinitionProvider;
_explicitObjectValidators = explicitObjectValidators;
_authorizationBasisMetadataSelector = authorizationBasisMetadataSelector;
_sessionFactory = sessionFactory;
_apiKeyContextProvider = apiKeyContextProvider;
_viewBasedSingleItemAuthorizationQuerySupport = viewBasedSingleItemAuthorizationQuerySupport;
// Lazy initialization
_bitValuesByAction = new Lazy <Dictionary <string, Actions> >(
() => new Dictionary <string, Actions>
{
{ securityRepository.GetActionByName("Create").ActionUri, Actions.Create },
{ securityRepository.GetActionByName("Read").ActionUri, Actions.Read },
{ securityRepository.GetActionByName("Update").ActionUri, Actions.Update },
{ securityRepository.GetActionByName("Delete").ActionUri, Actions.Delete }
});
}
public ViewBasedAuthorizationFilterDefinition(
string filterName,
string viewName,
string viewTargetEndpointName,
string subjectEndpointName,
Func <EdFiAuthorizationContext, AuthorizationFilterContext, InstanceAuthorizationResult> authorizeInstance,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
: base(
filterName,
$@"{{currentAlias}}.{subjectEndpointName} IN (
SELECT {{newAlias1}}.{viewTargetEndpointName}
FROM " + GetFullNameForView($"auth_{viewName}") + $@" {{newAlias1}}
WHERE {{newAlias1}}.{RelationshipAuthorizationConventions.ViewSourceColumnName} IN (:{RelationshipAuthorizationConventions.ClaimsParameterName}))",
(criteria, @where, parameters, joinType) => criteria.ApplyJoinFilter(
@where,
parameters,
viewName,
subjectEndpointName,
viewTargetEndpointName,
joinType,
Guid.NewGuid().ToString("N")),
authorizeInstance,
(t, p) => p.HasPropertyNamed(subjectEndpointName ?? viewTargetEndpointName))
{
ViewName = viewName;
ViewTargetEndpointName = viewTargetEndpointName;
SubjectEndpointName = subjectEndpointName ?? viewTargetEndpointName;
ViewBasedSingleItemAuthorizationQuerySupport = viewBasedSingleItemAuthorizationQuerySupport;
}
public RelationshipsWithStudentsOnlyThroughResponsibilityAuthorizationStrategyFilterDefinitionsFactory(
IEducationOrganizationIdNamesProvider educationOrganizationIdNamesProvider,
IApiKeyContextProvider apiKeyContextProvider,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
: base(educationOrganizationIdNamesProvider, apiKeyContextProvider, viewBasedSingleItemAuthorizationQuerySupport)
{
_viewBasedSingleItemAuthorizationQuerySupport = viewBasedSingleItemAuthorizationQuerySupport;
}
public RelationshipsAuthorizationStrategyFilterDefinitionsFactory(
IEducationOrganizationIdNamesProvider educationOrganizationIdNamesProvider,
IApiKeyContextProvider apiKeyContextProvider,
IViewBasedSingleItemAuthorizationQuerySupport viewBasedSingleItemAuthorizationQuerySupport)
{
_educationOrganizationIdNamesProvider = educationOrganizationIdNamesProvider;
_apiKeyContextProvider = apiKeyContextProvider;
_viewBasedSingleItemAuthorizationQuerySupport = viewBasedSingleItemAuthorizationQuerySupport;
}
