public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation readOperation,
TransactionInformation transactionInformation)
{
if (AuthorizationContext.IsInAuthorizationContext)
{
return(ReadVetoResult.Allowed);
}
using (AuthorizationContext.Enter())
{
var user = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationUser];
var operation = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationOperation];
if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
{
return(ReadVetoResult.Allowed);
}
var sw = new StringWriter();
var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine);
if (isAllowed)
{
return(ReadVetoResult.Allowed);
}
return(readOperation == ReadOperation.Query ?
ReadVetoResult.Ignore :
ReadVetoResult.Deny(sw.GetStringBuilder().ToString()));
}
}
public override VetoResult AllowDelete(string key, TransactionInformation transactionInformation)
{
if (AuthorizationContext.IsInAuthorizationContext)
{
return(VetoResult.Allowed);
}
using (AuthorizationContext.Enter())
{
var user = CurrentOperationContext.Headers.Value[Constants.RavenAuthorizationUser];
var operation = CurrentOperationContext.Headers.Value[Constants.RavenAuthorizationOperation];
if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
{
return(VetoResult.Allowed);
}
var previousDocument = Database.Get(key, transactionInformation);
if (previousDocument == null)
{
return(VetoResult.Allowed);
}
var sw = new StringWriter();
var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, previousDocument.Metadata, sw.WriteLine);
return(isAllowed ?
VetoResult.Allowed :
VetoResult.Deny(sw.GetStringBuilder().ToString()));
}
}
public override void Respond(IHttpContext context)
{
var match = urlMatcher.Match(context.GetRequestUrl());
var userId = match.Groups[1].Value;
var docIds = context.Request.QueryString.GetValues("id");
var operation = context.Request.QueryString["operation"];
var transactionInformation = GetRequestTransaction(context);
if (docIds == null || string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(userId))
{
context.SetStatusToBadRequest();
return;
}
var list = new List <OperationAllowedResult>();
// we don't want security to take hold when we are trying to ask about security
using (AuthorizationContext.Enter())
{
foreach (var docId in docIds)
{
var document = Database.GetDocumentMetadata(docId, transactionInformation);
if (document == null)
{
list.Add(new OperationAllowedResult
{
IsAllowed = false,
Reasons = new List <string>
{
"Document " + docId + " does not exists"
}
});
continue;
}
var reasons = new List <string>();
var authorizationDecisions = new AuthorizationDecisions(Database);
var isAllowed = authorizationDecisions.IsAllowed(userId, operation, docId, document.Metadata, reasons.Add);
list.Add(new OperationAllowedResult {
IsAllowed = isAllowed, Reasons = reasons
});
}
}
context.WriteJson(list);
}
