protected virtual void CompanyAuthorization(long entityCompanyId, long sessionCompanyId)
{
if (entityCompanyId != sessionCompanyId)
{
AuthorizationValidationException ex = new AuthorizationValidationException(string.Format("Account session for {0} has an active company different from that of the model been work on.", _LoginName));
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
protected void ValidateAuthorization(IAccountOwnedEntity entity)
{
if (!Thread.CurrentPrincipal.IsInRole(Security.CarRentalAdminRole))
{
if (_LoginName != string.Empty && entity.OwnerAccountId != _AuthorizationAccount.AccountId)
{
var ex = new AuthorizationValidationException("Attempt to access a secure record for another user.");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
protected override bool AllowAccessToOperation(string solutionName, List <string> groupNames)
{
systemCoreData.IUserRoleRepository accountRoleRepository = _DataRepositoryFactory.GetDataRepository <systemCoreData.IUserRoleRepository>();
var accountRoles = accountRoleRepository.GetUserRoleInfo(solutionName, _LoginName, groupNames);
if (accountRoles == null || accountRoles.Count() <= 0)
{
AuthorizationValidationException ex = new AuthorizationValidationException(string.Format("Access denied for {0}.", _LoginName));
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
return(true);
}
protected void ValidateAuthorization(IAccountOwnedEntity entity)
{
if (!Thread.CurrentPrincipal.IsInRole(SecurityValueObject.JonMtaaniAdminRole))
{
if (_AuthorizationAccount != null)
{
if (_LoginName != string.Empty && entity.OwnerAccountId != _AuthorizationAccount.Id)
{
AuthorizationValidationException ex = new AuthorizationValidationException("Attempt to access a secure record with improper user authorization validation.");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
protected void ValidateAutorization(IAccountOwnerEntity entity)
{
if (Thread.CurrentPrincipal.IsInRole(Security.CAR_RENTAL_ADMIN))
{
if (_AutarizationAccount != null)
{
if (_LoginName != string.Empty && entity.OwnerAccountId != _AutarizationAccount.AccountId)
{
AuthorizationValidationException ex = new AuthorizationValidationException("Attempt to access a secure record with improper user authorization validation.");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
protected void ValidateAuthorization(IAccountOwnedEntity account)
{
if (!Thread.CurrentPrincipal.IsInRole(Security.CarRentalAdmin))
{
if (_AuthorizationAccount != null)
{
if (_LoginName != string.Empty && account.OwnerAccountId != _AuthorizationAccount.AccountId)
{
AuthorizationValidationException ex = new AuthorizationValidationException("Attempt to access secure record");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
protected void ValidateAuthorization(IAccountOwnedEntity entity)
{
if (!Thread.CurrentPrincipal.IsInRole(Security.Car_Rental_Admin_Role))
{
if (this.authorizationAccount != null)
{
if (this.loginName != string.Empty &&
entity.OwnerAccountId != this.authorizationAccount.AccountId)
{
var ex = new AuthorizationValidationException(
"Attempt to access a secure record with improper user authorization validation.");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
protected void ValidationAuthorization(int accountId)
{
var isAdmin = Thread.CurrentPrincipal.IsInRole(Security.AlbumAppAdminRole);
//isAdmin = false; // for testing only
if (!isAdmin)
{
if (_authorizationAccountId != 0)
{
if (_loginName != string.Empty && accountId != _authorizationAccountId)
{
AuthorizationValidationException ex = new AuthorizationValidationException(
"Unauthorized attempt to access a secure resource");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
public void AuthorizationValidationExceptionTests()
{
var ex1 = new AuthorizationValidationException();
Assert.NotNull(ex1);
var ex2 = new AuthorizationValidationException("Run for you life!");
Assert.NotNull(ex2);
var ex3 = new AuthorizationValidationException("Run for you life!", new Exception());
Assert.NotNull(ex3);
//var fc = new Mock<IFormatterConverter>();
////var info = new Mock<SerializationInfo>();
//var info = new SerializationInfo(typeof(AuthorizationValidationException), fc.Object);
//var sc = new StreamingContext();
//var ex4 = new AuthorizationValidationException(null, sc);
//Assert.NotNull(ex4);
}
protected void ValidateAuthorization(ILoggedUser entity)
{
// admin rolünde ise kontrolü atlıyoruz. -> Admin rolünde değil ise gir
// Servis operasyonlarının (yada metotlarının) güvenliği için kullanılan PrincipalPermission attribute'u
// burada yaptığımızdan farklı bir şey yapmıyor: O da Thread.CurrentPrincipal.IsInRole("HerhangiBirRol") kullanıyor
if (!Thread.CurrentPrincipal.IsInRole(Roles.Admin))
{
if (_AuthorizationAccount != null)
{
if (LoginName != string.Empty && entity.LoggedAccountId != _AuthorizationAccount.Id)
{
/*
* Servis tarafında exception ile uğraşırken
* Önce fırlatılacak (lafın gelişi, normalde servis tarafında bir şey fırlatılmaz. Diğer nota bak) exception'ın
* örneği oluşturulur. Daha sonra FaultException<T> kullanılır. T Burada kullanılacak olan exception...
*/
AuthorizationValidationException ex =
new AuthorizationValidationException("Attempt to access a secure record with improper user authorization validation.");
throw new FaultException <AuthorizationValidationException>(ex, ex.Message);
}
}
}
}
