/// <summary> /// Pre-fetches the can-read security for the list of entities. /// </summary> /// <param name="entityAccessControlService">The security service to use.</param> /// <param name="data">The data.</param> /// <returns> /// A predicate backed by a dictionary that can quickly return whether an entity is readable. /// </returns> public static Predicate <long> GetEntityReadability(IEntityAccessControlService entityAccessControlService, BulkRequestResult data) { if (entityAccessControlService == null) { throw new ArgumentNullException("entityAccessControlService"); } Predicate <long> predicate; if (SecurityBypassContext.IsActive) { predicate = (long entityId) => true; } else { // Get readable entities List <EntityRef> entitiesToExplicitlyCheck = data.AllEntities .Where(pair => !pair.Value.ImplicitlySecured) .Select(pair => CreateEntityRefForSecurityCheck(data, pair.Key)) // Stop! If you change .Check to take longs, then discuss with Pete first. .ToList(); IDictionary <long, bool> readableEntities = entityAccessControlService.Check(entitiesToExplicitlyCheck, new [] { Permissions.Read }); // Lookup predicate predicate = (long entityId) => { // Check if implicitly secured by relationship EntityValue ev; if (!data.AllEntities.TryGetValue(entityId, out ev)) { return(false); // assert false } if (ev.ImplicitlySecured) { return(true); } // Check if explicitly secured bool canRead; if (readableEntities.TryGetValue(entityId, out canRead)) { return(canRead); } return(false); }; } return(predicate); }
/// <summary> /// Constructor /// </summary> /// <param name="userRoleRepository"></param> public SecurityProcessor(IEntityRepository entityRepository, IEntityAccessControlService entityAccessControlService, IUserRoleRepository userRoleRepository, IUpgradeIdProvider upgradeIdProvider) { if (entityRepository == null) { throw new ArgumentNullException(nameof(entityRepository)); } if (entityAccessControlService == null) { throw new ArgumentNullException(nameof(entityAccessControlService)); } if (userRoleRepository == null) { throw new ArgumentNullException(nameof(userRoleRepository)); } if (upgradeIdProvider == null) { throw new ArgumentNullException(nameof(upgradeIdProvider)); } EntityRepository = entityRepository; EntityAccessControlService = entityAccessControlService; UserRoleRepository = userRoleRepository; UpgradeIdProvider = upgradeIdProvider; }
/// <summary> /// Create a new <see cref="SecurityActionMenuItemFilter"/>. /// </summary> /// <param name="entityAccessControlService"> /// The <see cref="IEntityAccessControlService"/> to perform security checks. /// If omitted or null, the default implementation is used. /// </param> /// <param name="userRoleRepository"> /// The <see cref="IUserRoleRepository"/> to perform security checks. /// If omitted or null, the default implementation is used. /// </param> public SecurityActionMenuItemFilter(IEntityAccessControlService entityAccessControlService = null, IUserRoleRepository userRoleRepository = null) { Service = entityAccessControlService ?? Factory.EntityAccessControlService; UserRoleRepository = userRoleRepository ?? Factory.Current.Resolve <IUserRoleRepository>( ); }
/// <summary> /// Constructor. /// </summary> /// <param name="tenantId">Tenant that the data applies to.</param> /// <param name="unsecuredGraphData">Underlying graph data.</param> /// <param name="entityAccessControlService">Security service.</param> internal SecuredGraphEntityDataRepository(long tenantId, BulkRequestResult unsecuredGraphData, IEntityAccessControlService entityAccessControlService) : base(tenantId, unsecuredGraphData) { _entityAccessControlService = entityAccessControlService; }