/// <summary>
/// Initializes a new instance of the <see cref="OperationDescriptionAttribute"/> class.
/// </summary>
/// <param name="area">The area.</param>
/// <param name="operationLevel">The operation level.</param>
public OperationDescriptionAttribute(PermissionArea area, PermissionOperationLevel operationLevel)
{
Area = area;
OperationLevel = operationLevel;
}
/// <summary>
/// Determines whether the specified operation is allowed.
/// </summary>
/// <param name="operation">The operation.</param>
/// <param name="user">The user.</param>
/// <param name="entityType">Type of the entity.</param>
/// <param name="entityId">The entity id.</param>
/// <param name="isOwner">if set to <c>true</c> [is owner].</param>
/// <param name="level">The level.</param>
/// <returns>
/// <c>true</c> if the specified operation is allowed; otherwise, <c>false</c>.
/// </returns>
public bool IsAllowed(int operation, ICorePrincipal user, Type entityType, long?entityId, bool isOwner, PermissionOperationLevel level)
{
//check if user is administrator
if (user != null && user.IsInRole(SystemRole.Administrator.ToString()))
{
return(true);
}
bool isAllowed = false;
var criteria = Session.CreateCriteria <Permission>();
if (user != null)
{
var rolesSubQuery = DetachedCriteria.For <Role>()
.CreateAlias("Users", "user")
.Add(Restrictions.Eq("user.id", user.PrincipalId))
.SetProjection(Projections.Id());
var userUserGroupsSubQuery = DetachedCriteria.For <UserGroup>()
.CreateAlias("Users", "userGroupUser", JoinType.LeftOuterJoin)
.Add(Restrictions.Eq("userGroupUser.id", user.PrincipalId))
.SetProjection(Projections.Id());
var userGroupsRolesSubQuery = DetachedCriteria.For <Role>()
.CreateAlias("UserGroups", "userGroup", JoinType.LeftOuterJoin)
.Add(Subqueries.PropertyIn("userGroup.id", userUserGroupsSubQuery))
.SetProjection(Projections.Id());
criteria.Add(Restrictions.Or(
Restrictions.Or(Subqueries.PropertyIn("Role.Id", rolesSubQuery), Subqueries.PropertyIn("Role.Id", userGroupsRolesSubQuery)), !isOwner ?
Restrictions.Eq("Role.Id", (Int64)SystemRole.User) :
Restrictions.In("Role.Id", new List <SystemRole> {
SystemRole.User, SystemRole.Owner
})));
}
else
{
criteria.Add(Restrictions.Eq("Role.Id", (Int64)SystemRole.Guest));
}
criteria.CreateAlias("EntityType", "et").Add(Restrictions.Eq("et.Name", PermissionsHelper.GetEntityType(entityType)));
switch (level)
{
case PermissionOperationLevel.Type:
criteria.Add(Restrictions.IsNull("EntityId"));
break;
case PermissionOperationLevel.Object:
criteria.Add(Restrictions.Eq("EntityId", entityId));
break;
case PermissionOperationLevel.ObjectType:
criteria.Add(Restrictions.Or(Restrictions.IsNull("EntityId"), Restrictions.Eq("EntityId", entityId)));
break;
}
var rules = criteria.SetCacheable(true).List <Permission>();
foreach (var rule in rules.Where(rule => !isAllowed))
{
isAllowed = (rule.Permissions & operation) == operation;
}
return(isAllowed);
}
/// <summary>
/// Initializes a new instance of the <see cref="OperationDescriptionAttribute"/> class.
/// </summary>
/// <param name="area">The area.</param>
/// <param name="operationLevel">The operation level.</param>
public OperationDescriptionAttribute(PermissionArea area, PermissionOperationLevel operationLevel)
{
Area = area;
OperationLevel = operationLevel;
}
public bool IsAllowed(int operation, ICorePrincipal user, Type entityType, long?entityId, PermissionOperationLevel level)
{
return(IsAllowed(operation, user, entityType, entityId, false, level));
}
