Example #1
0
        internal void CheckPermission(string userTableName, bool isUtilityTableCommand, bool shouldCheckGet, UpdateKind commandKind)
        {
            PermissionLevel permissionLevel;

            if (this.SignedAccountIdentifier != null)
            {
                IStringDataEventStream verboseDebug = Logger <IRestProtocolHeadLogger> .Instance.VerboseDebug;
                object[] tableName = new object[] { this.SignedAccountIdentifier.TableName, this.SignedAccountIdentifier.StartingPartitionKey, this.SignedAccountIdentifier.StartingRowKey, this.SignedAccountIdentifier.EndingPartitionKey, this.SignedAccountIdentifier.EndingRowKey };
                verboseDebug.Log("Sas tn={0} spk={1} srk={2} epk={3} erk={4}", tableName);
            }
            List <SASPermission> sASPermissions = new List <SASPermission>();

            if (!shouldCheckGet)
            {
                switch (commandKind)
                {
                case UpdateKind.Insert:
                {
                    if (!isUtilityTableCommand)
                    {
                        sASPermissions.Add(SASPermission.Add);
                    }
                    else
                    {
                        sASPermissions.Add(SASPermission.Create);
                        sASPermissions.Add(SASPermission.Write);
                    }
                    permissionLevel = PermissionLevel.Write;
                    this.CheckAnalyticsPermissions(userTableName, null);
                    goto Label0;
                }

                case UpdateKind.Delete:
                {
                    sASPermissions.Add(SASPermission.Delete);
                    permissionLevel = PermissionLevel.Delete;
                    this.CheckAnalyticsPermissions(userTableName, new bool?(isUtilityTableCommand));
                    goto Label0;
                }

                case UpdateKind.Replace:
                case UpdateKind.Merge:
                {
                    sASPermissions.Add(SASPermission.Update);
                    permissionLevel = PermissionLevel.Write;
                    this.CheckAnalyticsPermissions(userTableName, null);
                    goto Label0;
                }

                case UpdateKind.InsertOrMerge:
                case UpdateKind.InsertOrReplace:
                {
                    sASPermissions.Add(SASPermission.Add | SASPermission.Update);
                    permissionLevel = PermissionLevel.Write;
                    this.CheckAnalyticsPermissions(userTableName, null);
                    goto Label0;
                }
                }
                CultureInfo invariantCulture = CultureInfo.InvariantCulture;
                object[]    accountName      = new object[] { this.AccountName, commandKind, this.m_currentResourceContainer.Name };
                throw new NephosUnauthorizedAccessException(string.Format(invariantCulture, "Account {0} is not authorized to perform operation {1} on table {2}.", accountName));
            }
            else
            {
                if (!isUtilityTableCommand)
                {
                    sASPermissions.Add(SASPermission.Read);
                }
                else
                {
                    sASPermissions.Add(SASPermission.List);
                }
                permissionLevel = PermissionLevel.Read;
            }
Label0:
            this.CheckPermissionCallback(permissionLevel);
            if (this.SignedAccountIdentifier != null)
            {
                SASPermission item = SASPermission.None;
                if (sASPermissions.Count > 0)
                {
                    item = sASPermissions[0];
                }
                XfeTableSASAuthorizationManager.AuthorizeSASRequest(this.SignedAccountIdentifier, PermissionLevel.Write, item, userTableName, isUtilityTableCommand);
                return;
            }
            if (this.AccountIdentifier is AccountSasAccessIdentifier)
            {
                string lower = userTableName.ToLower();
                if (isUtilityTableCommand)
                {
                    lower = "Tables";
                }
                if (!string.Equals(this.m_currentResourceContainer.Name, lower, StringComparison.OrdinalIgnoreCase))
                {
                    throw new NephosUnauthorizedAccessException("Signed access not supported for this request as table name did not match", AuthorizationFailureReason.InvalidOperationSAS);
                }
                AccountSasAccessIdentifier accountIdentifier         = this.AccountIdentifier as AccountSasAccessIdentifier;
                AuthorizationResult        authorizationResult       = new AuthorizationResult(false, AuthorizationFailureReason.UnauthorizedAccountSasRequest);
                SASAuthorizationParameters sASAuthorizationParameter = new SASAuthorizationParameters()
                {
                    SignedResourceType = (isUtilityTableCommand ? SasResourceType.Container : SasResourceType.Object),
                    SupportedSasTypes  = SasType.AccountSas
                };
                SASAuthorizationParameters item1 = sASAuthorizationParameter;
                for (int i = 0; !authorizationResult.Authorized && i < sASPermissions.Count; i++)
                {
                    item1.SignedPermission = sASPermissions[i];
                    authorizationResult    = AuthorizationManager.AuthorizeAccountSignedAccessRequest(accountIdentifier, this.AccountName, item1);
                }
                if (!authorizationResult.Authorized)
                {
                    throw new NephosUnauthorizedAccessException("Signed access insufficient permission", authorizationResult.FailureReason);
                }
            }
        }