public static Expression IsAllowedExpression(Expression entity, TypeAllowedBasic requested, bool inUserInterface)
{
Type type = entity.Type;
TypeAllowedAndConditions tac = GetAllowed(type);
Expression baseValue = Expression.Constant(tac.FallbackOrNone.Get(inUserInterface) >= requested);
var expression = tac.Conditions.Aggregate(baseValue, (acum, tacRule) =>
{
var lambda = TypeConditionLogic.GetCondition(type, tacRule.TypeCondition);
var exp = (Expression)Expression.Invoke(lambda, entity);
if (tacRule.Allowed.Get(inUserInterface) >= requested)
{
return(Expression.Or(exp, acum));
}
else
{
return(Expression.And(Expression.Not(exp), acum));
}
});
var cleaned = DbQueryProvider.Clean(expression, false, null) !;
var orsSimplified = AndOrSimplifierVisitor.SimplifyOrs(cleaned);
return(orsSimplified);
}
static MapColorProvider[] GetMapColors()
{
if (!BasicPermission.AdminRules.IsAuthorized())
{
return(new MapColorProvider[0]);
}
var roleRules = AuthLogic.RolesInOrder().ToDictionary(r => r,
r => TypeAuthLogic.GetTypeRules(r).Rules.ToDictionary(a => Navigator.ResolveWebTypeName(a.Resource.ToType()), a => a.Allowed));
return(roleRules.Keys.Select((r, i) => new MapColorProvider
{
Name = "role-" + r.Key(),
NiceName = "Role - " + r.ToString(),
GetJsProvider = ColorModule["authAdminColor"](MapClient.NodesConstant, "role-" + r.Key()),
AddExtra = t =>
{
TypeAllowedAndConditions tac = roleRules[r].TryGetC(t.webTypeName);
if (tac == null)
{
return;
}
t.extra["role-" + r.Key() + "-ui"] = GetName(ToStringList(tac, userInterface: true));
t.extra["role-" + r.Key() + "-db"] = GetName(ToStringList(tac, userInterface: false));
t.extra["role-" + r.Key() + "-tooltip"] = ToString(tac.Fallback) + "\n" + (tac.Conditions.IsNullOrEmpty() ? null :
tac.Conditions.ToString(a => a.TypeCondition.NiceToString() + ": " + ToString(a.Allowed), "\n") + "\n");
},
Defs = i == 0 ? GetAllGradients(roleRules) : null,
Order = 10,
}).ToArray());
}
static MapColorProvider[] GetMapColors()
{
if (!BasicPermission.AdminRules.IsAuthorized())
{
return(new MapColorProvider[0]);
}
var roleRules = AuthLogic.RolesInOrder().ToDictionary(r => r,
r => TypeAuthLogic.GetTypeRules(r).Rules.ToDictionary(a => a.Resource.CleanName, a => a.Allowed));
return(roleRules.Keys.Select((r, i) => new MapColorProvider
{
Name = "role-" + r.Key(),
NiceName = "Role - " + r.ToString(),
AddExtra = t =>
{
TypeAllowedAndConditions tac = roleRules[r].TryGetC(t.typeName);
if (tac == null)
{
return;
}
t.extra["role-" + r.Key() + "-ui"] = GetName(ToStringList(tac, userInterface: true));
t.extra["role-" + r.Key() + "-db"] = GetName(ToStringList(tac, userInterface: false));
t.extra["role-" + r.Key() + "-tooltip"] = ToString(tac.Fallback) + "\n" + (tac.Conditions.IsNullOrEmpty() ? null :
tac.Conditions.ToString(a => a.TypeCondition.NiceToString() + ": " + ToString(a.Allowed), "\n") + "\n");
},
Order = 10,
}).ToArray());
}
public static TypeAllowedAndConditions GetAllowed(Type type)
{
if (!typeof(Entity).IsAssignableFrom(type))
{
return(new TypeAllowedAndConditions(TypeAllowed.Create));
}
TypeAllowedAndConditions tac = typeRules.GetAllowed(type);
return(tac);
}
private static List <TypeAllowedBasic?> ToStringList(TypeAllowedAndConditions tac, bool userInterface)
{
List <TypeAllowedBasic?> result = new List <TypeAllowedBasic?>();
result.Add(tac.Fallback == null ? (TypeAllowedBasic?)null : tac.Fallback.Value.Get(userInterface));
foreach (var c in tac.Conditions)
{
result.Add(c.Allowed.Get(userInterface));
}
return(result);
}
public TypeRuleBuilder(TypeAllowedRule rule)
{
this.allowed = new TypeAllowedBuilder(rule.Allowed.Fallback);
this.conditions = rule.Allowed.Conditions.Select(c => new TypeConditionRuleBuilder(c.TypeCondition, c.Allowed)).ToMList();
this.availableConditions = rule.AvailableConditions;
this.allowedBase = rule.AllowedBase;
this.resource = rule.Resource;
this.properties = rule.Properties;
this.operations = rule.Operations;
this.queries = rule.Queries;
this.RebindEvents();
}
public static RuleTypeEntity ToRuleType(this TypeAllowedAndConditions allowed, Lite <RoleEntity> role, TypeEntity resource)
{
return(new RuleTypeEntity
{
Role = role,
Resource = resource,
Allowed = allowed.Fallback.Value,
Conditions = allowed.Conditions.Select(a => new RuleTypeConditionEmbedded
{
Allowed = a.Allowed,
Condition = a.TypeCondition
}).ToMList()
});
}
public static bool IsAllowedFor(this Lite <IEntity> lite, TypeAllowedBasic requested)
{
TypeAllowedAndConditions tac = GetAllowed(lite.EntityType);
if (requested <= tac.MinUI())
{
return(true);
}
if (tac.MaxUI() < requested)
{
return(false);
}
return(Server.Return((ITypeAuthServer s) => s.IsAllowedForInUserInterface(lite, requested)));
}
public static bool IsAllowedFor(this Entity entity, TypeAllowedBasic requested)
{
TypeAllowedAndConditions tac = GetAllowed(entity.GetType());
if (requested <= tac.MinUI())
{
return(true);
}
if (tac.MaxUI() < requested)
{
return(false);
}
return(Server.Return((ITypeAuthServer s) => s.IsAllowedForInUserInterface(entity.ToLite(), requested)));
}
public override Func <Lite <RoleEntity>, PropertyAllowed, PropertyAllowed> GetCoerceValueManual(PropertyRoute pr)
{
return((role, a) =>
{
if (!TypeLogic.TypeToEntity.ContainsKey(pr.RootType))
{
return PropertyAllowed.Write;
}
TypeAllowedAndConditions aac = TypeAuthLogic.Manual.GetAllowed(role, pr.RootType);
TypeAllowedBasic ta = aac.MaxUI();
PropertyAllowed pa = ta.ToPropertyAllowed();
return a < pa ? a : pa;
});
}
private static Func <T, bool>?IsAllowedInMemory <T>(TypeAllowedAndConditions tac, TypeAllowedBasic allowed, bool inUserInterface) where T : Entity
{
if (tac.Conditions.Any(c => TypeConditionLogic.GetInMemoryCondition <T>(c.TypeCondition) == null))
{
return(null);
}
return(entity =>
{
foreach (var cond in tac.Conditions.Reverse())
{
var func = TypeConditionLogic.GetInMemoryCondition <T>(cond.TypeCondition) !;
if (func(entity))
{
return cond.Allowed.Get(inUserInterface) >= allowed;
}
}
return tac.FallbackOrNone.Get(inUserInterface) >= allowed;
});
}
static void Schema_Saving(Entity ident)
{
if (ident.IsGraphModified && !inSave.Value)
{
TypeAllowedAndConditions access = GetAllowed(ident.GetType());
var requested = TypeAllowedBasic.Write;
var min = access.MinDB();
var max = access.MaxDB();
if (requested <= min)
{
return;
}
if (max < requested)
{
throw new UnauthorizedAccessException(AuthMessage.NotAuthorizedTo0The1WithId2.NiceToString().FormatWith(requested.NiceToString(), ident.GetType().NiceName(), ident.IdOrNull));
}
Schema_Saving_Instance(ident);
}
}
internal static Expression IsAllowedExpressionDebug(Expression entity, TypeAllowedBasic requested, bool inUserInterface)
{
Type type = entity.Type;
TypeAllowedAndConditions tac = GetAllowed(type);
Expression baseValue = Expression.Constant(tac.FallbackOrNone.Get(inUserInterface) >= requested);
var list = (from line in tac.Conditions
select Expression.New(ciGroupDebugData, Expression.Constant(line.TypeCondition, typeof(TypeConditionSymbol)),
Expression.Invoke(TypeConditionLogic.GetCondition(type, line.TypeCondition), entity),
Expression.Constant(line.Allowed))).ToArray();
Expression newList = Expression.ListInit(Expression.New(typeof(List <ConditionDebugData>)), list);
Expression liteEntity = Expression.Call(null, miToLite.MakeGenericMethod(entity.Type), entity);
return(Expression.New(ciDebugData, liteEntity,
Expression.Constant(requested),
Expression.Constant(inUserInterface),
Expression.Constant(tac.Fallback),
newList));
}
public ConstantFunctionButEnums(TypeAllowedAndConditions allowed)
{
this.Allowed = allowed;
}
public TypeRuleBuilder(TypeAllowedRule rule)
{
this.allowed = new TypeAllowedBuilder(rule.Allowed.Fallback);
this.conditions = rule.Allowed.Conditions.Select(c => new TypeConditionRuleBuilder(c.TypeCondition, c.Allowed)).ToMList();
this.availableConditions = rule.AvailableConditions;
this.allowedBase = rule.AllowedBase;
this.Resource = rule.Resource;
this.Properties = rule.Properties;
this.Operations = rule.Operations;
this.Queries = rule.Queries;
this.RebindEvents();
}
static List<TypeAllowedBasic?> ToStringList(TypeAllowedAndConditions tac, bool userInterface)
{
List<TypeAllowedBasic?> result = new List<TypeAllowedBasic?>();
result.Add(tac.Fallback == null ? (TypeAllowedBasic?)null : tac.Fallback.Value.Get(userInterface));
foreach (var c in tac.Conditions)
result.Add(c.Allowed.Get(userInterface));
return result;
}
