/// <summary>
/// Checks for access using the provided user session, and Requires Role attributes on the object
/// </summary>
/// <param name="entity">The entity to check access for</param>
/// <param name="permissionTypes">The type of permission being checked for</param>
/// <returns>True if access is allowed</returns>
public bool CheckAccess(object entity, PermissionTypes permissionTypes = PermissionTypes.Read)
{
if (entity is null)
{
return(false);
}
List <ISecurityGroup> LoggedInSecurity = this.UserSession.LoggedInUser.SecurityGroups().ToList();
if (LoggedInSecurity.Any(r => r.ExternalId == entity.GetType().Name))
{
return(true);
}
if (this.GetType().GetCustomAttribute <EntityRequiresRoleAttribute>() is EntityRequiresRoleAttribute roleRequirements)
{
foreach (string Role in roleRequirements.AllowedRoles)
{
if (LoggedInSecurity.Any(r => r.ExternalId == Role))
{
return(true);
}
}
}
return(false);
}
public bool HasPermission(PermissionTypes type, string name)
{
if (IsAdmin)
{
return(true);
}
//set the default to be denied
bool canProceed = false;
dloUserRight right = null;
//Check group permissions
if (Group != null)
{
right = Group.Rights[name];
if (right != null)
{
canProceed = (type & right.Permissions) == type;
}
}
//check user permissions
right = Rights[name];
// right = Rights.GetUserRight(this, name);
if (right != null)
{
canProceed = (type & right.Permissions) == type;
}
return(canProceed);
}
public bool ValidatePermission(string permissionList, PermissionTypes desiredPermission)
{
string delimStr = ",";
char[] delimiter = delimStr.ToCharArray();
try
{
if (permissionList.Length < 1)
{
return(false);
}
string[] permissions = permissionList.Split(delimiter, 100);
int permission = (int)desiredPermission;
for (int i = 0; i < permissions.Length; i++)
{
if (permission.ToString() == permissions[i])
{
return(true);
}
}
}
catch (Exception)
{ }
return(false);
}
public Permission(int UserPermissionID, PermissionTypes Type, int From, int To)
{
this.UserPermissionID = UserPermissionID;
this.Type = Type;
this.From = From;
this.To = this.Type == PermissionTypes.Page ? To : -1;
}
public Users(string _userName, string _password){
userName = _userName;
passWord = _password;
passWord_MD5 = DESEncrypt.Encrypt(_password);
System.Console.WriteLine("passWord_MD5:");
System.Console.WriteLine(passWord_MD5);
permissions = PermissionTypes.Default;
}
public LackOfPermissionException(string?message, string username, string userId, string entityName, int entityId, PermissionTypes permission) : base(message)
{
Username = username;
UserId = userId;
EntityName = entityName;
EntityId = entityId;
Permission = permission;
}
public static ISecurityGroupPermission CreatePermission(IRole Role, PermissionTypes PermissionType)
{
return(new SecurityGroupPermission()
{
SecurityGroup = Role,
Type = PermissionType
});
}
/// <summary>
/// Gets all users that have a given permission
/// </summary>
public List <User> GetAllWithPermission(PermissionTypes permissionType)
{
return((from u in Uow.Users.GetAll()
join p in Uow.Permissions.GetAll() on u.Id equals p.UserId
where p.PermissionTypeId == (int)permissionType && p.Enabled
select u)
.ToList());
}
public List <ControlPermission> GetControlCachedPermissions(int controlId, PermissionTypes type)
{
List <ControlPermission> _permissions = new List <ControlPermission>();
Predicate <ControlPermission> p = delegate(ControlPermission p2) { return(p2.ControlId == controlId && p2.PermissionTypeId == (int)type); };
_permissions = GetAllControlsPermissions().FindAll(p);
return(_permissions);
}
/// <summary>
/// 设置permission权限标志
/// </summary>
/// <param name="flag">要标志的权限</param>
/// <param name="enable">是否允许</param>
private void setFlage(PermissionTypes flag, bool enable)
{
permission = permission | flag;
if (!enable)
{
permission = permission ^ flag;
}
}
/// <summary>
/// Checks if the given entity allows a given kind of access for the specified user
/// </summary>
/// <param name="target">The entity the user is trying to access</param>
/// <param name="user">The user doing the accessing</param>
/// <param name="permissionTypes">The permission types needed to perform the action</param>
/// <returns>True if the user is allowed to continue</returns>
public bool AllowsAccessType(Entity target, IUser user, PermissionTypes permissionTypes)
{
if (target is null)
{
throw new ArgumentNullException(nameof(target));
}
return(this.AllowsAccessType(target.Guid, user, permissionTypes));
}
public bool CheckAccess(EmailMessage entity, PermissionTypes permissionTypes = PermissionTypes.Read)
{
if (this.UserSession.IsLoggedIn && this.UserSession.LoggedInUser.HasRole(RoleNames.CONTENT_MANAGER))
{
return(true);
}
return(this.EntitySecurityProvider.CheckAccess(entity, permissionTypes));
}
/// <summary>
/// Adds the specified permissions to the Entity
/// </summary>
/// <param name="target">The entity that the permissions are applied to</param>
/// <param name="securityGroup">The security group being granted the permissions</param>
/// <param name="permissionTypes">The permission types to add</param>
public void AddPermission(Entity target, SecurityGroup securityGroup, PermissionTypes permissionTypes)
{
if (target is null)
{
throw new ArgumentNullException(nameof(target));
}
this.AddPermission(target.Guid, securityGroup, permissionTypes);
}
public async Task<bool> HasFilePermissionAsync(int fileId, PermissionTypes requestedPermission)
{
var libraryIds = await GetUserLibraryIdsAsync(requestedPermission);
var fileIds = await _db.Files
.Where(f => f.Id == fileId)
.SelectMany(f => f.Document.Libraries.Select(l=>l.LibraryId))
.ToArrayAsync();
return fileIds.Any(outer => libraryIds.Any(inner => inner == outer));
}
public async Task<bool> HasDocumentPermissionAsync(int documentId, PermissionTypes requestedPermission)
{
var libraryIds = await GetUserLibraryIdsAsync(requestedPermission);
var docLibraryIds = await _db.Documents
.Where(d => d.Id == documentId)
.SelectMany(d => d.Libraries.Select(l=>l.LibraryId))
.ToArrayAsync();
return docLibraryIds.Any(outer => libraryIds.Any(inner => inner == outer));
}
public static ISecurityGroupPermission CreatePermission(string RoleName, PermissionTypes PermissionType)
{
return(new SecurityGroupPermission()
{
SecurityGroup = new Role()
{
ExternalId = RoleName
},
Type = PermissionType
});
}
private void AddService(Type type)
{
PermissionTypes pt = new PermissionTypes();
Guid svcId = GetSecuredMethodsList(type, pt);
if (svcId != Guid.Empty)
{
pt.Sort();
_Permissions.Add(svcId, pt);
}
}
public Permission Add(PermissionTypes type)
{
Permission permission = new Permission(this);
permission.ObjectState = ObjectStates.Added;
permission.Type = type;
_permissions.Add(permission);
return(permission);
}
public async Task <bool> HasDocumentPermissionAsync(int documentId, PermissionTypes requestedPermission)
{
var libraryIds = await GetUserDistributionGroupIdsAsync(requestedPermission).ConfigureAwait(false);
var docLibraryIds = await _db.Documents
.Where(d => d.Id == documentId)
.SelectMany(d => d.Distributions.Select(l => l.DistributionGroupId))
.ToArrayAsync()
.ConfigureAwait(false);
return(docLibraryIds.Any(outer => libraryIds.Any(inner => inner == outer)));
}
/// <inheritdoc/>
public void IsServerRequestValid(Server server, ChatUser user, PermissionTypes permission)
{
CheckMembership(user, server);
var userPermissions = GetUserPermissionsOnEntity(user, server);
if (!IsUserPermitted(userPermissions, permission))
{
throw new LackOfPermissionException("User lacks permission to perform requested action.", user.UserName,
user.Id, server.Name, server.Id, permission);
}
}
private string GetDescription(PermissionTypes permissionType)
{
var memberInfo = typeof(PermissionTypes).GetMember(permissionType.ToString()).FirstOrDefault();
var attribute = (DescriptionAttribute)memberInfo.GetCustomAttributes(typeof(DescriptionAttribute), false).FirstOrDefault();
if (attribute == null)
{
throw new Exception("Description attribute is missing for the permission type " + permissionType);
}
return(attribute.Description);
}
//----------------------------------------------------------------------------------------------------
public void Set_PermissionType(string permissionType_SingleCharacter)
{
this.PermissionType = PermissionTypes.NotSet;
switch (permissionType_SingleCharacter)
{
case "C": this.PermissionType = PermissionTypes.Connection; break;
case "S": this.PermissionType = PermissionTypes.Schema; break;
case "T": this.PermissionType = PermissionTypes.Table; break;
}
}
/// <summary>
/// Checks if the given entity allows a given kind of access for the specified user
/// </summary>
/// <param name="target">The Guid of the entity that is being accessed</param>
/// <param name="user">The user doing the accessing</param>
/// <param name="permissionTypes">The permission types needed to perform the action</param>
/// <returns>True if the user is allowed to continue</returns>
public bool AllowsAccessType(Guid target, IUser user, PermissionTypes permissionTypes)
{
EntityPermissions existing = this.GetForEntity(target);
if (existing != null)
{
return(existing.AllowsAccessType(user, permissionTypes));
}
else
{
return(false);
}
}
public static bool IsUserAllowed(int userID, int contentID, PermissionTypes permissionType, ContentTypes contentType)
{
int permissionTypeID = permissionType.ToInt();
int contentTypeID = contentType.ToInt();
return(db.Permissions.Any(
p =>
p.PermissionTypeID >= permissionTypeID &&
p.ContentTypeID == contentTypeID &&
p.ContentID == contentID &&
p.GrantedUserID == userID
));
}
public List <Planet> GetPlanets(int userID, PermissionTypes permissionType)
{
List <Planet> planets = db.Planets.ToList();
foreach (Planet planet in planets)
{
if (planet.IsPublic == false && planet.OwnerID != userID && !UserRepo.IsUserAllowed(userID, planet.PlanetID, permissionType, ContentTypes.Planet))
{
planets.Remove(planet);
}
}
return(planets);
}
/// <inheritdoc/>
public void IsChannelRequestValid(Channel channel, Server server, ChatUser user,
PermissionTypes permission)
{
CheckMembership(user, server);
//Combines global server permissions with channel-specific permissions
var userPermissions = GetUserPermissionsOnEntity(user, server).Concat(GetUserPermissionsOnEntity(user, channel));
if (!IsUserPermitted(userPermissions, permission))
{
throw new LackOfPermissionException("User lacks permission to perform requested action.", user.UserName,
user.Id, channel.Name, channel.Id, permission);
}
}
private Object[] BuildArgs <T>(T dataObject, String principal, PermissionTypes permissionType)
{
String tableName = PersistenceService.GetTypeName(dataObject.GetType());
String objectId = PersistenceService.GetEntityId <T>(dataObject);
if (principal != null)
{
return new Object[] { tableName, principal, objectId, GetOperation(), permissionType }
}
;
else
{
return new Object[] { tableName, objectId, GetOperation(), permissionType }
};
}
/// <summary>
/// Gets universes of specified user that has specified permission
/// </summary>
/// <param name="userID"></param>
/// <param name="permissionType"></param>
/// <returns></returns>
public List <Universe> GetUniverses(int userID, PermissionTypes permissionType)
{
List <Universe> allUniverses = GetUniverses();
List <Universe> grantedUniverses = new List <Universe>();
foreach (Universe universe in allUniverses)
{
if (universe.IsPublic == true || universe.OwnerID == userID || UserRepo.IsUserAllowed(userID, universe.UniverseID, permissionType, ContentTypes.Universe))
{
grantedUniverses.Add(universe);
}
}
return(grantedUniverses);
}
internal static string ToSerializedValue(this PermissionTypes value)
{
switch (value)
{
case PermissionTypes.Read:
return("Read");
case PermissionTypes.Write:
return("Write");
case PermissionTypes.Manage:
return("Manage");
}
return(null);
}
/// <summary>
/// 设置角色的对象权限
/// </summary>
/// <param name="roleId"></param>
/// <param name="objectId"></param>
/// <param name="permission"></param>
public static void setPermission(string roleId, string objectId, PermissionTypes permission)
{
PermissionTypes oldPerm = getRoleObjectPermission(roleId, objectId);
oldPerm = oldPerm | permission;
DatabaseAdmin dba = SecuritySettings.getDBA();
DbCommand cmd = dba.getSqlStringCommand(SecurityDataScripts.SetRoleObjectPermissionSql);
dba.addInParameter(cmd, "@roleId", DbType.String, roleId);
dba.addInParameter(cmd, "@objectId", DbType.String, objectId);
dba.addInParameter(cmd, "@permission", DbType.Int32, oldPerm);
dba.execNonQuery(cmd);
//for(PermissionTypes
}
public void AddToCategory(Category category, PermissionTypes permissionType)
{
var permissionsTable = _webDriver.FindElement(By.ClassName("permissiontable"));
var categoryRows = permissionsTable.FindElements(By.CssSelector(".permissiontable tbody tr"));
var categoryRow = categoryRows.Single(row => row.FindElement(By.XPath("./td")).Text == category.Name);
var permissionCheckboxes = categoryRow.FindElements(By.CssSelector(".permissioncheckbox input"));
var permissionCheckbox = permissionCheckboxes[(int)permissionType];
if (!permissionCheckbox.Selected)
{
permissionCheckbox.Click();
}
}
public async Task<IEnumerable<int>> GetUserLibraryIdsAsync(PermissionTypes requestedPermission)
{
if (_cacheUserLibraryIds.Any())
{
return _cacheUserLibraryIds;
}
var userId = _userContext.UserId;
return _cacheUserLibraryIds =
await _db.UserLibraries
.Where(ul => ul.ApplicationUserId == userId &&
(ul.Permissions & requestedPermission) != 0)
.Select(ul => ul.LibraryId)
.ToArrayAsync();
}
public void Set(Type type, PermissionTypes permissionType, string key)
{
if (!Permissions.ContainsKey(type))
{
Permissions.Add(type, new Dictionary <string, Permission>());
}
var permission = Permissions[type];
if (!permission.ContainsKey(key))
{
permission.Add(key, new Permission());
}
permission[key].Type = permissionType;
}
/// <summary>
/// 根据权限处理按钮的状态
/// </summary>
public static void DealDisplayStatues(WebControl control, PermissionTypes permissionType)
{
bool hasPermission = PermissionValidation.GeneralValidate(permissionType);
if (hasPermission == false)
{
NoPermissionControlDisplayModes displayModes = GetNoPermissionControlDisplayMode();
switch (displayModes)
{
case NoPermissionControlDisplayModes.Disable:
control.Enabled = false;
control.ToolTip = ResourcesManager.GetValue("NoPermissionDisplayInfo");
break;
case NoPermissionControlDisplayModes.Hidden:
default:
control.Visible = false;
break;
}
}
}
public static AccessControlPermission Create(Core core, ItemType type, string permissionName, string permissionDescription, PermissionTypes permissionType)
{
return Create(core, type.TypeId, permissionName, permissionDescription, permissionType);
}
public static AccessControlPermission Create(Core core, long typeId, string permissionName, string permissionDescription, PermissionTypes permissionType)
{
if (core == null)
{
throw new NullCoreException();
}
AccessControlPermission acp = (AccessControlPermission)Item.Create(core, typeof(AccessControlPermission),
new FieldValuePair("permission_item_type_id", typeId),
new FieldValuePair("permission_name", permissionName),
new FieldValuePair("permission_description", permissionDescription),
new FieldValuePair("permission_type", (byte)permissionType));
return acp;
}
public PermissionInfo(string key, string description, PermissionTypes type)
{
this.Key = key;
this.Description = description;
this.PermissionType = type;
}
private static string PermissionTypeToString(PermissionTypes permissionTypes)
{
switch (permissionTypes)
{
case PermissionTypes.View:
return "View";
case PermissionTypes.Interact:
return "Interact";
case PermissionTypes.CreateAndEdit:
return "Create and Edit";
case PermissionTypes.Delete:
return "Delete";
default:
return "Other";
}
}
public PermissionAttribute(string key, string description, PermissionTypes type)
{
this.permissionKey = key;
this.permissionDescription = description;
this.permissionType = type;
}
private Object[] BuildArgs( String fileOrDirURL, String principal, bool isRole, PermissionTypes permissionType )
{
FileOperation operation = GetOperation();
BasePermission permission;
if( isRole )
permission = new FileRolePermission();
else
permission = new FileUserPermission();
permission.folder = fileOrDirURL;
permission.access = permissionType;
permission.operaiton = operation;
if( principal != null )
return new Object[] { Backendless.AppId, Backendless.VersionNum, principal, permission };
else
return new Object[] { Backendless.AppId, Backendless.VersionNum, permission };
}
