/// <summary>
/// Determines if a user has a specific permission irrespective of the data
/// </summary>
/// <param name="db"></param>
/// <param name="permission"></param>
/// <param name="identity"></param>
/// <returns></returns>
public Task <bool> HasPermissions(TDataContext db, ApiIdentity identity, params TPermission[] permissions)
{
return(this.HasPermissions(db, identity, new Guid[] { }, permissions));
}
public DnsPrincipal(User user)
{
_user = user;
ApiIdentity = new Lpp.Utilities.Security.ApiIdentity(user.ID, user.UserName, user.FullName, user.OrganizationID.Value);
}
public virtual Task <IEnumerable <TPermission> > HasGrantedPermissions(TDataContext db, ApiIdentity identity, Guid[] objID, params TPermission[] permissions)
{
throw new NotImplementedException("HasPermissions has not be implemented on this class");
}
/// <summary>
/// Returns if a security configuration and objects passed has ALL of the permissions passed
/// </summary>
/// <param name="db"></param>
/// <param name="identity"></param>
/// <param name="objID"></param>
/// <param name="permissions"></param>
/// <returns></returns>
public virtual async Task <bool> HasPermissions(TDataContext db, ApiIdentity identity, Guid[] objID, params TPermission[] permissions)
{
var perms = await this.HasGrantedPermissions(db, identity, objID, permissions);
return(perms.Count() == permissions.Count());
}
public abstract Task <bool> CanUpdate(TDataContext db, ApiIdentity identity, params Guid[] keys);
public Task <IEnumerable <TPermission> > HasGrantedPermissions(TDataContext db, ApiIdentity identity, Guid objID, params TPermission[] permissions)
{
return(HasGrantedPermissions(db, identity, new Guid[] { objID }, permissions));
}
public abstract IQueryable <TEntity> SecureList(TDataContext db, IQueryable <TEntity> query, ApiIdentity identity,
params TPermission[] permissions);
public abstract Task <bool> CanInsert(TDataContext db, ApiIdentity identity, params TEntity[] objs);
public Auth(User u)
{
_user = u;
_apiIdentity = new Utilities.Security.ApiIdentity(u.ID, u.UserName, u.FullName, u.OrganizationID.Value);
}
/// <summary>
/// Returns if the current user can insert a specific type of record or not
/// </summary>
/// <typeparam name="TDataContext"></typeparam>
/// <typeparam name="TEntity"></typeparam>
/// <typeparam name="TPermission"></typeparam>
/// <param name="dataContext"></param>
/// <param name="identity"></param>
/// <returns></returns>
public static async Task <bool> CanInsert <TDataContext, TEntity, TPermission>(this TDataContext dataContext, ApiIdentity identity, params TEntity[] objs)
where TDataContext : DbContext, ISecurityContextProvider <TPermission>
where TEntity : class
{
var sec = (EntitySecurityConfiguration <TDataContext, TEntity, TPermission>)dataContext.Security.FirstOrDefault(s => s is EntitySecurityConfiguration <TDataContext, TEntity, TPermission>);
if (sec == null)
{
throw new ArgumentNullException("sec", "The entity of type " + typeof(TEntity).Name + " does not have a security configuration");
}
var result = await sec.CanInsert(dataContext, identity, objs);
return(result);
}
/// <summary>
/// /// Returns a secured list of entities based on the security information, user passed and permission requested
/// </summary>
/// <typeparam name="TDataContext"></typeparam>
/// <typeparam name="TEntity"></typeparam>
/// <typeparam name="TPermission"></typeparam>
/// <param name="dataContext"></param>
/// <param name="identity"></param>
/// <param name="permissions"></param>
/// <returns></returns>
public static IQueryable <TEntity> Secure <TDataContext, TEntity, TPermission>(this TDataContext dataContext, ApiIdentity identity, params TPermission[] permissions)
where TDataContext : DbContext, ISecurityContextProvider <TPermission>
where TEntity : class
{
DbSet <TEntity> dbSet = dataContext.Set <TEntity>();
var sec = (EntitySecurityConfiguration <TDataContext, TEntity, TPermission>)dataContext.Security.FirstOrDefault(s => s is EntitySecurityConfiguration <TDataContext, TEntity, TPermission>);
if (sec == null)
{
throw new ArgumentNullException("sec", "The entity of type " + typeof(TEntity).Name + " does not have a security configuration");
}
return(sec.SecureList(dataContext, dbSet, identity, permissions));
}
/// <summary>
/// Returns permission for the specific entity type based on the specified user
/// </summary>
/// <typeparam name="TDataContext"></typeparam>
/// <typeparam name="TEntity"></typeparam>
/// <typeparam name="TPermission"></typeparam>
/// <param name="dataContext"></param>
/// <param name="permissions"></param>
/// <param name="identity"></param>
/// <returns></returns>
public static async Task <bool> HasPermissions <TDataContext, TEntity, TPermission>(this TDataContext dataContext, ApiIdentity identity, params TPermission[] permissions)
where TDataContext : DbContext, ISecurityContextProvider <TPermission>
where TEntity : class
{
return(await HasPermissions <TDataContext, TEntity, TPermission>(dataContext, identity, new Guid[] { }, permissions));
}
/// <summary>
/// Returns if a specific user has permission on a specific permission type for the speicfied objs.
/// </summary>
/// <typeparam name="TDataContext"></typeparam>
/// <typeparam name="TEntity"></typeparam>
/// <typeparam name="TPermission"></typeparam>
/// <param name="dataContext"></param>
/// <param name="permissions"></param>
/// <param name="identity"></param>
/// <param name="objs"></param>
/// <returns></returns>
public static async Task <bool> HasPermissions <TDataContext, TEntity, TPermission>(this TDataContext dataContext, ApiIdentity identity, Guid[] objIDs, params TPermission[] permissions)
where TDataContext : DbContext, ISecurityContextProvider <TPermission>
where TEntity : class
{
var sec = (EntitySecurityConfiguration <TDataContext, TEntity, TPermission>)dataContext.Security.FirstOrDefault(s => s is EntitySecurityConfiguration <TDataContext, TEntity, TPermission>);
if (sec == null)
{
throw new ArgumentNullException("sec", "The entity of type " + typeof(TEntity).Name + " does not have a security configuration");
}
return(await sec.HasPermissions(dataContext, identity, objIDs, permissions));
}