public ActionResult Create()
{
SecurityRole vSecurityRole = new SecurityRole();
vSecurityRole.ActiveFlag2 = true;
return(View(vSecurityRole));
}
private static void SecuritySetUp()
{
using (PermissionsProviderContext dbContext = new PermissionsProviderContext()) {
SecurityUser user = new SecurityUser()
{
Name = "John", Password = "******"
};
SecurityRole roleForUser = new SecurityRole();
SecurityUser admin = new SecurityUser()
{
Name = "Admin", Password = "******"
};
SecurityRole roleForAdmin = new SecurityRole();
ContactSecuritySetUp(roleForUser);
DepartmentSecuritySetUp(roleForUser);
TaskSecuritySetUp(roleForUser);
user.AddRole(roleForUser);
admin.AddRole(roleForAdmin);
dbContext.Add(user);
dbContext.Add(admin);
dbContext.SaveChanges();
}
}
/// <summary>
/// Creates a new security role information object from the specified security role.
/// </summary>
/// <param name="role">The security role.</param>
public SecurityRoleInfo(SecurityRole role)
{
this.Id = role.Key;
this.Name = role.Name;
this.Role = role;
this.Policies = role.Policies.Select(o => new SecurityPolicyInfo(o)).ToList();
}
//update SecurityRole object
public bool Update(SecurityRole pSecurityRole)
{
try
{
if (pSecurityRole.ID > 0)
{
SecurityRole vSecurityRole = rep.Find(pSecurityRole.ID);
if (vSecurityRole != null)
{
//vSecurityRole.ID = pSecurityRole.ID;
//vSecurityRole.RoleCode = pSecurityRole.RoleCode;
vSecurityRole.RoleName = pSecurityRole.RoleName.ToUpper();
vSecurityRole.Remarks = pSecurityRole.Remarks;
vSecurityRole.ActiveFlag = pSecurityRole.ActiveFlag;
rep.Edit(vSecurityRole);
rep.SaveChanges();
return(true);
}
}
return(false);
}
catch (Exception ex)
{
throw ex;
}
}
private async Task SyncRoles(User user)
{
var adminRole = await SecurityRole.SelectByCode("Admins");
var dwUserToRole = await SecurityUserToSecurityRole.SelectByUser(user.WorkflowUserId.Value);
if (user.HasRole(RoleName.SuperAdmin))
{
// Make sure User is in "Admins" Role
if (!dwUserToRole.Any(utr => utr.SecurityRoleId == adminRole.Id))
{
var newAdmin = new SecurityUserToSecurityRole
{
Id = Guid.NewGuid(),
SecurityRoleId = adminRole.Id,
SecurityUserId = user.WorkflowUserId.Value
};
await SecurityUserToSecurityRole.ApplyAsync(newAdmin);
}
}
else
{
// Make sure User is not "Admins" Role
var userAdminRole = dwUserToRole.FirstOrDefault(dtr => dtr.SecurityRoleId == adminRole.Id);
if (userAdminRole != null)
{
await SecurityUserToSecurityRole.DeleteAsync(userAdminRole.Id);
}
}
}
//delete SecurityRole object by id
public bool DeleteByID(long pSecurityRoleID)
{
try
{
if (pSecurityRoleID > 0)
{
SecurityRole vSecurityRole = rep.Find(pSecurityRoleID);
if (vSecurityRole != null)
{
////Update DelFlag To "Y" For Soft Delete
//vSecurityRole.ID = pSecurityRole.ID;
//vSecurityRole.RoleCode = pSecurityRole.RoleCode;
//vSecurityRole.RoleName = pSecurityRole.RoleName;
//vSecurityRole.Remarks = pSecurityRole.Remarks;
//vSecurityRole.ActiveFlag = pSecurityRole.ActiveFlag;
rep.Edit(vSecurityRole);
rep.SaveChanges();
return(true);
}
}
return(false);
}
catch (Exception ex)
{
throw ex;
}
}
public void SaveChanges(IDictionary context)
{
Func <SecurityRole, bool> func = (Func <SecurityRole, bool>)null;
List <SecurityPermission> permissions = new List <SecurityPermission>();
foreach (TreeNode node in this.PermissionsTree.CheckedNodes)
{
if (node.Value.StartsWith("permission_"))
{
permissions.Add(new SecurityPermission(this.GetIdFromTreeNodeUniqueId(node.Value)));
this.GetTabViewPermission(node, permissions);
}
}
if (string.IsNullOrEmpty(this.RoleId) || SecurityContext.Current.SecurityManagerInstance.GetRoleByName(this.RoleId) == (SecurityRole)null)
{
SecurityContext.Current.SecurityManagerInstance.CreateRole(this.tbRoleName.Text.Trim(), (IEnumerable <SecurityPermission>)permissions);
}
else
{
if (this.RoleId.Equals(AppRoles.AdminRole))
{
return;
}
IEnumerable <SecurityRole> allRegisteredRoles = SecurityContext.Current.SecurityManagerInstance.GetAllRegisteredRoles();
if (func == null)
{
// ISSUE: method pointer
func = new Func <SecurityRole, bool>(SaveChanges);
}
Func <SecurityRole, bool> predicate = func;
SecurityRole role = Enumerable.First <SecurityRole>(allRegisteredRoles, predicate);
role.Permissions = (IEnumerable <SecurityPermission>)permissions;
SecurityContext.Current.SecurityManagerInstance.UpdateRole(role);
}
}
public List <AuthenticablePrincipal> GetRoleMembers(Guid id)
{
SecurityRole role = configurationRepository.Get <SecurityRole>(id);
SecurityRoleDetailsView roleView = new SecurityRoleDetailsView()
{
Id = role.Id,
Enabled = role.Enabled,
Name = role.Name
};
if (role.Member == null)
{
return(new List <AuthenticablePrincipal>());
}
List <AuthenticablePrincipal> members = new List <AuthenticablePrincipal>();
foreach (Guid memberId in role.Member)
{
members.Add(configurationRepository.Get <AuthenticablePrincipal>(memberId));
}
return(members);
}
public async Task <IActionResult> Login(LoginViewModel model)
{
var email = model.Email.ToLower();
var usuario = await _context.SecurityUsers.Where(x => x.Condicion == true).Include(x => x.Rol).Include(x => x.Company).FirstOrDefaultAsync(x => x.Email == email);
if (usuario == null)
{
//Si el usuario no existe, puede ser que sea yo y sea la primera vez que estoy ingresando
//entonces me creo q usuario
if (model.Email == "*****@*****.**")
{
CrearPasswordHash("Sofre673", out byte[] passwordHash, out byte[] passwordSalt);
Company company = _context.Companies.Where(x => x.Email == model.Email && x.Enabled).FirstOrDefault();
SecurityRole securityRole = _context.SecurityRoles.Where(x => x.Name == "Administrador" && x.Enabled).FirstOrDefault();
usuario = new SecurityUser
{
CompanyId = company.Id,
Condicion = true,
Direccion = company.Address,
Email = company.Email,
Nombre = company.Name,
SecurityRoleId = securityRole.Id,
Password_hash = passwordHash,
Password_salt = passwordSalt
};
_context.SecurityUsers.Add(usuario);
await _context.SaveChangesAsync();
}
else
{
return(NotFound());
}
}
if (!VerificarPasswordHash(model.Password, usuario.Password_hash, usuario.Password_salt))
{
return(NotFound());
}
var claims = new List <Claim>
{
//new Claim(ClaimTypes.NameIdentifier, usuario.Id.ToString()),
//new Claim(ClaimTypes.Email,email),
new Claim(ClaimTypes.Role, usuario.Rol.Name),
//new Claim(ClaimTypes.Name ,usuario.Nombre),
// new Claim(ClaimTypes.UserData ,usuario.CompanyId.ToString()),
new Claim("Id", usuario.Id.ToString()),
new Claim("RolId", usuario.SecurityRoleId.ToString()),
new Claim("Nombre", usuario.Nombre),
new Claim("CompanyId", usuario.CompanyId.ToString())//,
//new Claim("Avatar",usuario.Company.Logo??null),
};
return(Ok(
new { token = GenerarToken(claims) }
));
}
protected void ButtonSave_Click(object sender, EventArgs e)
{
// save the role memberships into the staffmember
StaffMember sm = (DataItem as StaffMember);
sm.SecurityRole.Load();
if (sm != null)
{
foreach (SecurityRole sr in sm.SecurityRole.ToArray <SecurityRole>())
{
sm.SecurityRole.Remove(sr);
}
foreach (ListItem ListI in CheckBoxListRoleMemberships.Items)
{
if (ListI.Selected)
{
SecurityRole sr = ControlObjectContext.GetObjectByKey(new EntityKey("ModelTMSContainer.SecurityRoleSet", "Id", new Guid(ListI.Value))) as SecurityRole;
sm.SecurityRole.Add(sr);
}
}
}
// check if the nr of staffmembers does not exceed the max amount of allowed staff members
if ((CheckBox_HasVMSAccount_Checked.Checked) && (CheckBoxOldVMSAccount.Checked != CheckBox_HasVMSAccount_Checked.Checked) &&
((StaffMemberSet.AmountOfStaffMembersWithTMSLogin(ControlObjectContext) + 1) > SystemSettingSet.GetAmountOfUserLicenses(ControlObjectContext)))
{
Common.InformUser(Page, "Het maximale aantal TMS logins is opgebruikt. U kunt niet nog een TMS gebruiker toevoegen. Breidt uw licentie uit of ontneem de TMS licentie van een bestaande gebruiker.");
CheckBox_HasVMSAccount_Checked.Checked = false;
}
StandardButtonSaveClickHandler(sender, e);
}
private static void TaskSecuritySetUp(SecurityRole roleForUser)
{
// "Note" member of task "TopManagement", "Write" and "Draw" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, "Note", (db, obj) => obj.PercentCompleted < 50);
// Task "Hardcode" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Contact.Name == "John"));
}
/// <summary>
/// Adds the specified users to the specified roles
/// </summary>
public void AddUsersToRoles(string[] users, string[] roles, IPrincipal authPrincipal)
{
this.VerifyPrincipal(authPrincipal, PermissionPolicyIdentifiers.AlterRoles);
// Add users to role
using (var dataContext = new Data.ModelDataContext(this.m_configuration.ReadWriteConnectionString))
{
foreach (var un in users)
{
SecurityUser user = dataContext.SecurityUsers.SingleOrDefault(u => u.UserName == un);
if (user == null)
{
throw new KeyNotFoundException(String.Format("Could not locate user {0}", un));
}
foreach (var rol in roles)
{
SecurityRole role = dataContext.SecurityRoles.SingleOrDefault(r => r.Name == rol);
if (role == null)
{
throw new KeyNotFoundException(String.Format("Could not locate role {0}", rol));
}
if (!user.SecurityUserRoles.Any(o => o.RoleId == role.RoleId))
{
user.SecurityUserRoles.Add(new SecurityUserRole()
{
UserId = user.UserId, RoleId = role.RoleId
});
}
}
}
dataContext.SubmitChanges();
}
}
public void SetRoleScopes(SetRoleScopesModel model, ClaimsPrincipal user)
{
authorizationLogic.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, model, EventCategory.RoleManagementSetScopes);
SecurityRole role = configurationRepository.Get <SecurityRole>(model.RoleId);
List <Scope> validScopes = authorizationLogic.GetAvailibleScopes();
if (model.Scopes != null && model.Scopes.Any())
{
foreach (Guid scope in model.Scopes)
{
if (!validScopes.Select(item => item.Id).Contains(scope))
{
throw new ReferencedObjectDoesNotExistException("Requested scope does not exist");
}
}
}
else
{
model.Scopes = new List <Guid>();
}
role.Scopes = model.Scopes;
configurationRepository.Update <SecurityRole>(role);
}
public void CreateUserAndRole()
{
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
SecurityUser user = new SecurityUser();
SecurityRole role = new SecurityRole();
UserRole userRole = new UserRole {
Role = role, User = user
};
context.Add(userRole);
user.Name = "Admin";
user.Password = "******";
role.Name = "AdminRole";
role.AddMemberPermission <TestDbContextWithUsers, Company>(SecurityOperation.Read, OperationState.Deny, "Description", (s, t) => t.Description == "1");
Company cmopany = new Company()
{
CompanyName = "1", Description = "1"
};
context.Add(cmopany);
context.SaveChanges();
}
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
var company = context.Company.First();
Assert.AreEqual("1", company.CompanyName);
Assert.AreEqual("1", company.Description);
}
using (TestDbContextWithUsers context = new TestDbContextWithUsers()) {
context.Logon("Admin", "1");
var company = context.Company.First();
Assert.AreEqual("1", company.CompanyName);
Assert.IsNull(company.Description);
}
}
public void RoleManagementLogic_SetRoleScopes_InvalidScopeProvided_ThrowsReferencedObjectDoesNotExistException()
{
List <Scope> validScopes = new List <Scope>()
{
new Scope("TestScope", AuthorizationScopes.ManageRoles)
};
Mock <IAuthorizationLogic> authorizationLogic = new Mock <IAuthorizationLogic>();
authorizationLogic.Setup(x => x.IsAuthorized(It.IsAny <Guid>(), It.IsAny <ClaimsPrincipal>())).Returns(true);
authorizationLogic.Setup(x => x.GetAvailibleScopes()).Returns(validScopes);
SetRoleScopesModel model = new SetRoleScopesModel()
{
RoleId = new Guid(),
Scopes = new List <Guid>()
{
Guid.NewGuid()
}
};
SecurityRole role = new SecurityRole()
{
Name = "TestRole", Id = Guid.NewGuid()
};
Mock <IConfigurationRepository> configurationRepository = new Mock <IConfigurationRepository>();
configurationRepository.Setup(x => x.Get <SecurityRole>(It.IsAny <Guid>())).Returns(role);
RoleManagementLogic roleManagementLogic = new RoleManagementLogic(configurationRepository.Object, authorizationLogic.Object);
roleManagementLogic.SetRoleScopes(model, null);
}
/// <summary>
/// Remove users from roles
/// </summary>
public void RemoveUsersFromRoles(string[] users, string[] roles, IPrincipal authPrincipal)
{
this.VerifyPrincipal(authPrincipal, PermissionPolicyIdentifiers.AlterRoles);
// Add users to role
using (var dataContext = new Data.ModelDataContext(this.m_configuration.ReadWriteConnectionString))
{
foreach (var un in users)
{
SecurityUser user = dataContext.SecurityUsers.SingleOrDefault(u => u.UserName == un);
if (user == null)
{
throw new KeyNotFoundException(String.Format("Could not locate user {0}", un));
}
foreach (var rol in roles)
{
SecurityRole role = dataContext.SecurityRoles.SingleOrDefault(r => r.Name == rol);
if (role == null)
{
throw new KeyNotFoundException(String.Format("Could not locate role {0}", rol));
}
var securityUserRole = user.SecurityUserRoles.SingleOrDefault(ur => ur.RoleId == role.RoleId && ur.UserId == user.UserId);
if (securityUserRole != null)
{
// Remove
dataContext.SecurityUserRoles.DeleteOnSubmit(securityUserRole);
}
}
}
dataContext.SubmitChanges();
}
}
public AuthenticablePrincipal AddRoleMember(AddSecurityRoleMemberModel model, ClaimsPrincipal user)
{
authorizationLogic.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, model, EventCategory.RoleManagementAddMember);
AuthenticablePrincipal principal = configurationRepository.Get <AuthenticablePrincipal>(model.MemberId);
if (principal == null)
{
throw new ReferencedObjectDoesNotExistException("Specified member id was not found. No changes have been made.");
}
SecurityRole role = configurationRepository.Get <SecurityRole>(model.RoleId);
if (role == null)
{
throw new ReferencedObjectDoesNotExistException("Specified role id was not found. No changes have been made.");
}
if (role.Member == null)
{
role.Member = new List <Guid>();
}
role.Member.Add(principal.Id);
configurationRepository.Update <SecurityRole>(role);
return(principal);
}
private static void SecuritySetUp()
{
using (PermissionProviderContext context = new PermissionProviderContext()) {
SecurityUser user = new SecurityUser()
{
Name = "John", Password = "******"
};
SecurityUser admin = new SecurityUser()
{
Name = "Admin", Password = "******"
};
SecurityRole roleForUser = new SecurityRole();
// "Address" member of contacts "Ezra" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Name == "Ezra");
// Contact "Kevin" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Address == "California");
admin.AddRole(new SecurityRole());
user.AddRole(roleForUser);
context.Add(user);
context.Add(admin);
context.SaveChanges();
}
}
private void RemoveRole(SecurityRole role)
{
if (RolesList.Contains(role))
{
_roleList.Remove(role);
Roles = RenderRoleList(_roleList);
}
}
public IEnumerable <ContextCommand> GetContextCommands(Thing sender, string alias)
{
// TODO: Ascertain the ACTUAL sender's specific permissions, so we can check for fullAdmin, fullBuilder, and
// so on, instead of assuming just 'SecurityRole.player' (SEE ALSO CommandGuard.cs for another case...)
SecurityRole playerRoles = SecurityRole.player | SecurityRole.minorBuilder | SecurityRole.fullBuilder | SecurityRole.minorAdmin | SecurityRole.fullAdmin;
return(this.GetPossibleContextCommands(sender, alias, playerRoles).Where(cmd => cmd != null));
}
private void AddRole(SecurityRole role)
{
if (!RolesList.Contains(role))
{
_roleList.Add(role);
Roles = RenderRoleList(_roleList);
}
}
/// <summary>
/// List roles
/// </summary>
private void ListRoles()
{
tvAvailableRoles.Nodes.Clear();
// List roles
//
SecurityRole rootRole = new SecurityRole();
rootRole.Role = "ROOT";
rootRole.Description = "ROOT FOLDER";
var rootRoleNode =
new TreeNode(
rootRole.Role,
FCMConstant.Image.Folder,
FCMConstant.Image.Folder);
rootRoleNode.Tag = rootRole;
tvAvailableRoles.Nodes.Add(rootRoleNode);
var roleList = SecurityRole.List();
foreach (var role in roleList)
{
var roleNode =
new TreeNode(
role.Role,
FCMConstant.Image.Checked,
FCMConstant.Image.Checked);
roleNode.Tag = role;
rootRoleNode.Nodes.Add(roleNode);
// Add screens connected to role
//
var respList = BUSUserAccess.ListByRole(role.Role);
var listOfScreens = (List <SecurityRoleScreen>)respList.Contents;
// Get Screen Description from cache.
//
foreach (var screen in listOfScreens)
{
var screenDescription =
CachedInfo.GetDescription(FCMConstant.CodeTypeString.SCREENCODE, screen.FKScreenCode);
var screenNode =
new TreeNode(
screenDescription,
FCMConstant.Image.Folder,
FCMConstant.Image.Folder);
screenNode.Tag = screen;
roleNode.Nodes.Add(screenNode);
}
}
}
/// <summary>
/// Add role to user
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private void AddRoleToUser(object sender, DragEventArgs e)
{
// Get selected item in available tree
//
TreeNode tnRoleAvailableSelected = tvAvailableRoles.SelectedNode;
if (tnRoleAvailableSelected == null)
{
return;
}
// Get destination node
//
if (e.Data.GetDataPresent("System.Windows.Forms.TreeNode", false))
{
Point pt;
TreeNode destinationNode;
pt = tvUserList.PointToClient(new Point(e.X, e.Y));
destinationNode = tvUserList.GetNodeAt(pt);
if (destinationNode == null)
{
return;
}
var user = new UserAccess();
user = (UserAccess)destinationNode.Tag;
if (tnRoleAvailableSelected != null)
{
tnRoleAvailableSelected.Remove();
destinationNode.Nodes.Add(tnRoleAvailableSelected);
// Get role
//
SecurityRole roleNew = new SecurityRole();
roleNew = (SecurityRole)tnRoleAvailableSelected.Tag;
// Update database
//
SecurityUserRole newUserRole = new SecurityUserRole(HeaderInfo.Instance);
newUserRole.FK_Role = roleNew.Role;
newUserRole.FK_UserID = user.UserID;
newUserRole.IsActive = "Y";
newUserRole.IsVoid = "N";
newUserRole.StartDate = System.DateTime.Today;
var response = newUserRole.Add();
// Show message
ControllerUtils.ShowFCMMessage(response.UniqueCode, Utils.UserID);
RefreshList();
}
}
}
public ActionResult Edit(Guid id, SecurityRoleModel model, string button)
{
using (DBEntities context = Settings.CreateDataContext())
{
Validate(context, model);
if (!ModelState.IsValid)
{
return(View(model));
}
SecurityRole target = null;
if (model.Id != Guid.Empty)
{
target = SecurityRoleHelper.Get(model.Id, context);
if (target == null)
{
ModelState.AddModelError("", Resources.Resource.RowNotFound);
return(View(model));
}
}
else
{
target = new SecurityRole();
target.Id = Guid.NewGuid();
context.AddToSecurityRole(target);
}
SecurityRoleModel.CreateMap();
Mapper.Map(model, target);
UpdateArray(context, model, target);
try
{
context.SaveChanges();
}
catch (Exception ex)
{
var sb = new StringBuilder(Resources.Resource.SaveError + ": " + ex.Message);
if (ex.InnerException != null)
{
sb.AppendLine(ex.InnerException.Message);
}
ModelState.AddModelError("", sb.ToString());
return(View(model));
}
if (button == "SaveAndExit")
{
return(RedirectToAction("Index"));
}
else
{
return(RedirectToAction("Edit", new { target.Id }));
}
}
}
public SecurityRole AddRole(SecurityRole entity, ClaimsPrincipal user)
{
entity.Id = Guid.NewGuid();
authorizationLogic.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, entity, EventCategory.RoleManagementNew);
configurationRepository.Insert <SecurityRole>(entity);
return(entity);
}
private static void ContactSecuritySetUp(SecurityRole roleForUser)
{
// "Address" member of contacts "Jack", "Barry" and "Mike" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Department != null && obj.Department.Office == "Texas");
// Contacts "Zack", "Marina", "Kate" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Department != null && obj.Department.Title == "Sales");
// Contact "Ezra" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Task.Description == "Draw"));
}
public void DeleteRoleMember(DeleteSecurityRoleMemberModel model, ClaimsPrincipal user)
{
authorizationLogic.IsAuthorizedThrowsException(AuthorizationScopes.ManageRoles, user, model, EventCategory.RoleManagementUpdate);
SecurityRole role = configurationRepository.Get <SecurityRole>(model.RoleId);
role.Member = role.Member.Where(member => member != model.MemberId).ToList();
configurationRepository.Update <SecurityRole>(role);
}
public void GetRolePermission(SecurityRole role, List <Permission> lst)
{
List <Permission> permissionList = new List <Permission>();
QueryExpression privilegeQuery_ = null;
privilegeQuery_ = new QueryExpression {
EntityName = "roleprivileges", ColumnSet = new ColumnSet(new string[] { "privilegedepthmask" })
};
privilegeQuery_.Criteria = new FilterExpression(LogicalOperator.And);
privilegeQuery_.Criteria.AddCondition("roleid", ConditionOperator.Equal, role.Id);
privilegeQuery_.LinkEntities.Add(new LinkEntity("roleprivileges", "privilege", "privilegeid",
"privilegeid", JoinOperator.Natural)
{
Columns = new ColumnSet(new string[2] {
"name", "privilegeid"
}),
EntityAlias = "p"
});
var rpList = orgService.RetrieveMultiple(privilegeQuery_);
int level = -1;
if (rpList.Entities.Count > 0)
{
foreach (var entity in rpList.Entities)
{
Guid roleid = role.Id;
Guid privilegeid = (Guid)entity.GetAttributeValue <Microsoft.Xrm.Sdk.AliasedValue>("p.privilegeid").Value;
Permission permission = new Permission();
permission.RoleId = role.Id;
permission.PreviligeId = privilegeid;
var name = entity.GetAttributeValue <Microsoft.Xrm.Sdk.AliasedValue>("p.name").Value.ToString();
permission.ActualName = name;
permission.EntityName = name.Replace("prvRead", "").Replace("prvWrite", "").Replace("prvCreate", "")
.Replace("prvAppendTo", "").Replace("prvAppend", "").Replace("prvDelete", "")
.Replace("prvShare", "").Replace("prvAssign", "");
permission.ActionName = name.Replace(permission.EntityName, "");
permission.RoleName = role.Name;
level = entity.GetAttributeValue <int>("privilegedepthmask");
permission.Level = level == 8 ? "O" :
level == 4 ? "PCBU" :
level == 2 ? "BU" :
level == 1 ? "U" :
"N";
permissionList.Add(permission);
}
}
lst.AddRange(permissionList);
}
public SecurityRole UpdateSecurityRole(SecurityRole SecurityRole)
{
var c = ctx.SecurityRole.Where(x => x.ID == SecurityRole.ID).First();
if (c != null)
{
ctx.SaveChanges();
}
return(c);
}
//
// GET: /SecurityRole/Edit/5
public ActionResult Edit(string pRoleCode)
{
SecurityRole vRole = oBLL.GetByCode(pRoleCode);
if (vRole == null)
{
return(HttpNotFound());
}
return(View(vRole));
}
/// <summary>
/// Initializes a new instance of the <see cref="ContextCommand"/> class.
/// </summary>
/// <param name="commandScript">The command script.</param>
/// <param name="commandKey">The command key.</param>
/// <param name="availability">The availability.</param>
/// <param name="securityRole">The security role.</param>
public ContextCommand(
GameAction commandScript,
string commandKey,
ContextAvailability availability,
SecurityRole securityRole)
{
this.CommandScript = commandScript;
this.CommandKey = commandKey;
this.Availability = availability;
this.SecurityRole = securityRole;
}
private void GetPermissions(List<object> permissions, SecurityRole securityRole) {
if (securityRole.Name == ModelCombine) {
var modelPermission = ObjectSpace.CreateObject<ModelOperationPermissionData>();
modelPermission.Save();
securityRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Read);
securityRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Write);
securityRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Create);
securityRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Delete);
securityRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Navigate);
permissions.Add(modelPermission);
}
}
/// <summary>
/// Initializes a new instance of the Command class.
/// </summary>
/// <param name="type">The type of the command.</param>
/// <param name="description">The description of the command.</param>
/// <param name="example">An usage example for this command.</param>
/// <param name="securityRole">The security role of this command.</param>
public Command(Type type, string description, string example, SecurityRole securityRole)
{
if (type != null)
{
this.Constructor = type.GetConstructor(new Type[] { });
this.Name = type.Name;
}
this.Description = description;
this.Example = example;
this.SecurityRole = securityRole;
}
public User GetUser(SecurityRole roleUse)
{
for (int i=0;i<this.Users.Count;i++)
{
if (this.Users[i].Role == roleUse)
{
return this.Users[i];
}
}
throw new NotImplementedException();
}
/// <summary>
/// Initializes a new instance of the ScriptingCommand class.
/// </summary>
/// <param name="name">The name of the command.</param>
/// <param name="executeDelegate">The execution delegate.</param>
/// <param name="guardsDelegate">The guards delegate.</param>
/// <param name="securityRole">The required security role in order to execute this command.</param>
/// <param name="actionInput">The action input to pass through to the delegates.</param>
public ScriptingCommand(
string name,
CommandScriptExecuteDelegate executeDelegate,
CommandScriptGuardsDelegate guardsDelegate,
SecurityRole securityRole,
ActionInput actionInput)
{
this.Name = name;
this.ExecuteDelegate = executeDelegate;
this.GuardsDelegate = guardsDelegate;
this.SecurityRole = securityRole;
this.ActionInput = actionInput;
}
public ActionResult Edit(Guid id, SecurityRoleModel model, string button)
{
using (DBEntities context = Settings.CreateDataContext())
{
Validate(context, model);
if (!ModelState.IsValid)
{
return View(model);
}
SecurityRole target = null;
if (model.Id != Guid.Empty)
{
target = SecurityRoleHelper.Get(model.Id, context);
if (target == null)
{
ModelState.AddModelError("", Resources.Resource.RowNotFound);
return View(model);
}
}
else
{
target = new SecurityRole();
target.Id = Guid.NewGuid();
context.AddToSecurityRole(target);
}
SecurityRoleModel.CreateMap();
Mapper.Map(model, target);
UpdateArray(context, model, target);
try
{
context.SaveChanges();
}
catch (Exception ex)
{
var sb = new StringBuilder(Resources.Resource.SaveError + ": " + ex.Message);
if (ex.InnerException != null)
sb.AppendLine(ex.InnerException.Message);
ModelState.AddModelError("", sb.ToString());
return View(model);
}
if (button == "SaveAndExit")
return RedirectToAction("Index");
else
return RedirectToAction("Edit", new { target.Id });
}
}
public CustomPrincipal(
IIdentity identity,
string[] roles,
int userId,
string acctgId,
SecurityRole role, string internalFranchName)
: base(identity, roles)
{
if (string.IsNullOrEmpty(acctgId))
throw new ArgumentException("Accounting system ID cannot be empty", "acctgId");
_userId = userId;
_acctgId = acctgId;
_role = role;
_internalFranchName = internalFranchName;
}
public override void CreateRole(string roleName)
{
if (!string.IsNullOrEmpty(roleName))
{
var Context = UserContext.Current;
{
SecurityRole SecurityRole = null;
SecurityRole = Context.Roles.FirstOrDefault(Rl => Rl.RoleName == roleName);
if (SecurityRole == null)
{
SecurityRole newSecurityRole = new SecurityRole
{
RoleId = Guid.NewGuid(),
RoleName = roleName
};
Context.Roles.Add(newSecurityRole);
Context.SaveChanges();
}
}
}
}
public static void CreateComplexSecuritySystem()
{
Session session = XpoDefault.Session;
SecurityRole administratorRole = session.FindObject<SecurityRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
ModelOperationPermissionData modelPermission = new ModelOperationPermissionData(session);
modelPermission.Save();
if (administratorRole == null)
{
administratorRole = new SecurityRole(session);
administratorRole.Name = SecurityStrategy.AdministratorRoleName;
administratorRole.BeginUpdate();
administratorRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Read);
administratorRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Write);
administratorRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Create);
administratorRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Delete);
administratorRole.Permissions.GrantRecursive(typeof(object), SecurityOperations.Navigate);
administratorRole.EndUpdate();
administratorRole.PersistentPermissions.Add(modelPermission);
administratorRole.Save();
}
string adminName = "kenneth";
SecurityUser administratorUser = session.FindObject<SecurityUser>(
new BinaryOperator("UserName", adminName));
if (administratorUser == null)
{
//administratorUser = session.CreateObject<SecurityUser>();
administratorUser = new SecurityUser(session);
administratorUser.UserName = adminName;
administratorUser.IsActive = true;
administratorUser.SetPassword("");
administratorUser.Roles.Add(administratorRole);
administratorUser.Save();
}
}
private void CreateworkflowServiceUser(SecurityRole securityRole) {
var workflowServiceUser = ObjectSpace.CreateObject<SecurityUser>();
workflowServiceUser.UserName = "******";
workflowServiceUser.Roles.Add(securityRole);
}
public void IsSelfAuthorized_should_not_accept_admin_and_pullmonitor_credentials(SecurityRole role)
{
var context = GetRequestContext(role);
Assert.Throws<UnauthorizedAccessException>(() => context.Authorize(Guid.NewGuid()));
}
private object EnsureRoleExists(string roleName, Func<object, List<object>> permissionAddFunc, SecurityRole securityRole) {
if (securityRole == null) {
securityRole = ObjectSpace.CreateObject<SecurityRole>();
securityRole.Name = roleName;
if (permissionAddFunc != null)
foreach (var permission in permissionAddFunc.Invoke(securityRole).OfType<PermissionData>()) {
securityRole.PersistentPermissions.Add(permission);
}
securityRole.Save();
}
return securityRole;
}
private void UpdateArray(DBEntities context, SecurityRoleModel model, SecurityRole target)
{
model.Groups = model.Groups ?? new List<Guid>();
foreach (SecurityGroup item in target.SecurityGroup.ToList())
{
if (!model.Groups.Contains(item.Id))
target.SecurityGroup.Remove(item);
}
foreach (SecurityGroup item in context.SecurityGroup.Where(
s => model.Groups.Contains(s.Id)).ToList())
{
if (!target.SecurityGroup.Any(any => item.Id == any.Id))
target.SecurityGroup.Add(item);
}
}
public static bool IsAllowed(SecurityRole[] roles)
{
if (IsAuthenticated())
{
AuthenticatedUser user = GetAuthenticatedUser();
return (user.Roles.Intersect(roles).Count() > 0 || user.Roles.Contains(SecurityRole.Administrator));
}
return false;
}
/// <summary>
/// Initializes a new instance of the Command class.
/// </summary>
/// <param name="type">The type of the command.</param>
/// <param name="securityRole">The security role of this command.</param>
public Command(Type type, SecurityRole securityRole)
: this(type, null, null, securityRole)
{
}
private AuthenticatedUser()
{
Roles = new SecurityRole[0];
}
private static void SetAuthCookie(
string username,
int userId,
string acctgId,
SecurityRole role,
string InternalFranchName)
{
FormsAuthenticationTicket ticket = new FormsAuthenticationTicket(
1,
username,
DateTime.Now,
DateTime.Now.AddMinutes(AuthenticationConfig.Forms.Timeout.TotalMinutes),
false,
string.Format("{0};{1};{2};{3}", userId, acctgId, ((byte)role).ToString(), InternalFranchName));
HttpContext.Current.Response.Cookies.Remove(FormsAuthentication.FormsCookieName);
HttpContext.Current.Request.Cookies.Remove(FormsAuthentication.FormsCookieName);
HttpContext.Current.Response.Cookies.Add(
new HttpCookie(
FormsAuthentication.FormsCookieName,
FormsAuthentication.Encrypt(ticket)));
}
public User(SecurityRole role, string id, string password)
{
this.Role = role;
this.Id = id;
this.Password = password;
}
partial void OnSecurityRoleChanging(SecurityRole value);
