public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
Role myAddressPermissions = ObjectSpace.FindObject <Role>(new BinaryOperator("Name",
"AggregatedObjectPermissionsOnly"));
if (myAddressPermissions == null)
{
myAddressPermissions = ObjectSpace.CreateObject <Role>();
myAddressPermissions.Name = "AggregatedObjectPermissionsOnly";
myAddressPermissions.AddPermission(new ObjectAccessPermission(typeof(MyPerson),
ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
myAddressPermissions.AddPermission(new ObjectAccessPermission(typeof(MyAddress),
ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
myAddressPermissions.Save();
}
User userSam = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam"));
if (userSam == null)
{
userSam = ObjectSpace.CreateObject <User>();
userSam.UserName = "******";
userSam.FirstName = "Sam";
userSam.Roles.Add(myAddressPermissions);
userSam.Save();
}
}
private static void PopulateSystemRoles()
{
var authZRole = new Role(_authZRoleId);
authZRole.AddPermission(new Permission(IdentityAndAccessConstants.Context, nameof(GetUser)));
authZRole.AddPermission(new Permission(IdentityAndAccessConstants.Context, nameof(CreateUser)));
_systemRoleStore[_authZRoleId] = authZRole;
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
Employee userAdmin = Session.FindObject<Employee>(new BinaryOperator("UserName", "Admin"));
if (new XPCollection<Company>(Session).Count == 0)
{
using (Role administratorRole = new Role(Session) { Name = "Administrator role" })
{
administratorRole.AddPermission(new EditModelPermission());
administratorRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
administratorRole.Save();
using (Role userRole = new Role(Session) { Name = "User" })
{
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Navigate));
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Read));
userRole.Save();
}
userAdmin = new Employee(Session);
userAdmin.UserName = "******";
userAdmin.FirstName = "Admin";
userAdmin.LastName = "";
userAdmin.Roles.Add(administratorRole);
userAdmin.Save();
using (Branch branch1 = new Branch(Session) { Acronym = "WTPR", Branchname = "Roadmax Head Office" })
{
using (Company company1 = new Company(Session) { CompanyName = "Roadmax Marketing Inc.", Acronym = "WTPR" })
{
company1.Employees.Add(userAdmin);
company1.Branches.Add(branch1);
company1.Save();
ImportData(company1);
}
}
}
using (Currency curr = new Currency(Session) { CurrencyName = "Peso", CurrencyRate = 1 })
{
curr.Save();
}
using (VatCategory vat = new VatCategory(Session) { Acronym = "VAT", Description = "Vatable", Rate = 12 })
{
vat.Save();
}
}
//importReport("SOHeaderPrintOut");
}
public void AndRoleHasPermission(string roleKey, string permissionKey)
{
var role = new Role(new RoleId(roleKey));
role.AddPermission(_permissions[permissionKey]);
_rolesStore.Get(role.Id).Returns(role);
}
void LoadDefaultUsersAndRolesData()
{
Employee adminUser = ObjectSpace.FindObject <Employee>(new BinaryOperator("UserName", "Admin"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <Employee>();
adminUser.UserName = "******";
adminUser.SetPassword("");
}
Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrator"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <Role>();
adminRole.Name = "Administrator";
}
while (adminRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(adminRole.PersistentPermissions[0]);
}
adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
adminRole.Save();
adminUser.Roles.Add(adminRole);
adminUser.Save();
}
public HardcodedRolesStore()
{
var visitor = new Role(_visitor);
visitor.AddPermission(new Permission("contributors", "getall"));
_roles[_visitor] = visitor;
var sysadmin = new Role(_sysAdmin);
sysadmin.AddPermission(new Permission("contributors", "getall"));
sysadmin.AddPermission(new Permission("players", "create"));
sysadmin.AddPermission(new Permission("players", "getall"));
_roles[_sysAdmin] = sysadmin;
}
/// <summary>
/// Atualiza a base após um update do programa
/// </summary>
public override void UpdateDatabaseAfterUpdateSchema()
{
String userName = ADResources.AdminUser;
String fullName = ADResources.AdminName;
String passWord = ADResources.AdminPass;
// If a user doesn't exist in the database, create this user
User admin = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", userName));
if (admin == null)
{
admin = ObjectSpace.CreateObject <User>();
admin.UserName = userName;
admin.FirstName = fullName;
// Set a password if the standard authentication type is used
admin.SetPassword(passWord);
}
// If a role with the Administrators name doesn't exist in the database, create this role
Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administradores"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <Role>();
adminRole.Name = "Administradores";
}
// Delete all permissions assigned to the Administrators and Users roles
while (adminRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(adminRole.PersistentPermissions[0]);
}
// Allow full access to all objects to the Administrators role
adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
// Allow editing the Application Model to the Administrators role
adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow));
// Save the Administrators role to the database
adminRole.Save();
// Add the Administrators role to the user1
admin.Roles.Add(adminRole);
// Save the users to the database
admin.Save();
ObjectSpace.CommitChanges();
base.UpdateDatabaseAfterUpdateSchema();
}
public void GivenRoleHasPermission(string roleKey, string permissionKey)
{
var role = new Role(new RoleId(roleKey));
role.AddPermission(_permissions[permissionKey]);
_testFixture.SetupRole(role);
}
//增加权限
protected void AddPermissionButton_Click(object sender, System.EventArgs e)
{
if (this.CategoryList.SelectedIndex > -1)
{
int currentRole = Convert.ToInt32(Request["RoleID"]);
Role bizRole = new Role(currentRole);
bizRole.AddPermission(Convert.ToInt32(this.CategoryList.SelectedValue));
CategoryDownList_SelectedIndexChanged(sender, e);
}
}
/// <summary>
/// Update permissions associated with a role
/// </summary>
/// <remarks>Updates the permissions for a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="items"></param>
/// <response code="200">OK</response>
/// <response code="404">Role not found</response>
public virtual IActionResult RolesIdPermissionsPutAsync(int id, PermissionViewModel[] items)
{
using (IDbContextTransaction txn = _context.BeginTransaction())
{
Role role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// record not found
return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration))));
}
List <Permission> allPermissions = _context.Permissions.ToList();
List <int?> permissionIds = items.Select(x => x.Id).ToList();
List <int> existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList();
List <int?> permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains((int)x)).ToList();
// Permissions to add
foreach (int?permissionId in permissionIdsToAdd)
{
Permission permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId);
if (permToAdd == null)
{
throw new ArgumentException(string.Format("Invalid Permission Code {0}", permissionId));
}
role.AddPermission(permToAdd);
}
// Permissions to remove
List <RolePermission> permissionsToRemove = role.RolePermissions.Where(x => x.Permission != null && !permissionIds.Contains(x.Permission.Id)).ToList();
foreach (RolePermission perm in permissionsToRemove)
{
role.RemovePermission(perm.Permission);
_context.RolePermissions.Remove(perm);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
IEnumerable <Permission> dbPermissions = role.RolePermissions.Select(x => x.Permission);
// create DTO with serializable response
List <PermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(new HetsResponse(result)));
}
}
public void Execute(AddRolePermissionCommand command)
{
Role role = repository.GetRoleWithPermissions(command.RoleId);
if (!role.HasPermission(command.PermissionId))
{
Permission permission = repository.GetPermission(command.PermissionId);
role.AddPermission(permission);
repository.SaveChanges();
auditTrail.AddEntry(command.PermissionId, role.Name, permission.Description, "Lisätty käyttöoikeus roolille");
}
}
//增加权限
protected void AddPermissionButton_Click(object sender, System.EventArgs e)
{
int[] items = CategoryList.GetSelectedIndices();
if (items.Length > 0)
{
int currentRole = Convert.ToInt32(Request["RoleID"]);
Role bizRole = new Role(currentRole);
foreach (int i in items)
{
int permid = Convert.ToInt32(this.CategoryList.Items[i].Value);
bizRole.AddPermission(permid);
}
}
CategoryDownList_SelectedIndexChanged(sender, e);
}
/// <summary>
/// Add permissions to a role
/// </summary>
/// <remarks>Adds permissions to a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="items"></param>
/// <response code="200">OK</response>
/// <response code="404">Role not found</response>
public virtual IActionResult RolesIdPermissionsPostAsync(int id, Permission[] items)
{
using (IDbContextTransaction txn = _context.BeginTransaction())
{
Role role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// Not Found
return(new StatusCodeResult(404));
}
var allPermissions = _context.Permissions.ToList();
var permissionIds = items.Select(x => x.Id).ToList();
var existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList();
var permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains(x)).ToList();
// Permissions to add
foreach (int permissionId in permissionIdsToAdd)
{
Permission permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId);
if (permToAdd == null)
{
throw new ArgumentException(string.Format("Invalid Permission Code {0}", permissionId));
}
role.AddPermission(permToAdd);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
IEnumerable <Permission> dbPermissions = role.RolePermissions.Select(x => x.Permission);
// Create DTO with serializable response
List <PermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(result));
}
}
/// <summary>
/// Add permission to a role
/// </summary>
/// <remarks>Adds permissions to a role</remarks>
/// <param name="id">id of Role to update</param>
/// <param name="item"></param>
/// <response code="200">OK</response>
/// <response code="404">Role not found</response>
public virtual IActionResult RolesIdPermissionsPostAsync(int id, PermissionViewModel item)
{
using (IDbContextTransaction txn = _context.BeginTransaction())
{
Role role = _context.Roles
.Where(x => x.Id == id)
.Include(x => x.RolePermissions)
.ThenInclude(rolePerm => rolePerm.Permission)
.FirstOrDefault();
if (role == null)
{
// record not found
return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration))));
}
List <Permission> allPermissions = _context.Permissions.ToList();
List <string> existingPermissionCodes = role.RolePermissions.Select(x => x.Permission.Code).ToList();
if (!existingPermissionCodes.Contains(item.Code))
{
Permission permToAdd = allPermissions.FirstOrDefault(x => x.Code == item.Code);
if (permToAdd == null)
{
throw new ArgumentException(string.Format("Invalid Permission Code {0}", item.Code));
}
role.AddPermission(permToAdd);
}
_context.Roles.Update(role);
_context.SaveChanges();
txn.Commit();
List <RolePermission> dbPermissions = _context.RolePermissions.ToList();
// Create DTO with serializable response
List <RolePermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList();
return(new ObjectResult(new HetsResponse(result)));
}
}
public void btnSave_Click(object sender, System.EventArgs e)
{
Role bllRole = new Role();
bllRole.RoleID = Convert.ToInt32(lblRoleID.Text);
foreach (ListItem item in chkPermissions.Items)
{
if (item.Selected)
{
bllRole.AddPermission(Convert.ToInt32(item.Value));
}
else
{
bllRole.RemovePermission(Convert.ToInt32(item.Value));
}
}
LogHelp.AddUserLog(CurrentUser.UserName, CurrentUser.UserType, "编辑角色权限", this);
YSWL.Common.MessageBox.ShowSuccessTip(this, Resources.Site.TooltipSaveOK);
}
public void ProcessMessage(IHandlerContext <SetRolePermissionCommand> context)
{
var message = context.Message;
using (_databaseContextFactory.Create())
{
var role = new Role(message.RoleId);
var stream = _eventStore.Get(message.RoleId);
stream.Apply(role);
if (message.Active && !role.HasPermission(message.Permission))
{
stream.AddEvent(role.AddPermission(message.Permission));
}
if (!message.Active && role.HasPermission(message.Permission))
{
stream.AddEvent(role.RemovePermission(message.Permission));
}
_eventStore.Save(stream);
}
}
private void CreateDemoObjects()
{
User user = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam"));
if (user == null)
{
user = ObjectSpace.CreateObject <User>();
user.UserName = "******";
user.FirstName = "Sam";
}
User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John"));
if (user2 == null)
{
user2 = ObjectSpace.CreateObject <User>();
user2.UserName = "******";
user2.FirstName = "John";
}
User workflowServiceUser = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "WorkflowService"));
if (workflowServiceUser == null)
{
workflowServiceUser = ObjectSpace.CreateObject <User>();
workflowServiceUser.UserName = "******";
workflowServiceUser.FirstName = "WorkflowService";
}
Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <Role>();
adminRole.Name = "Administrators";
adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow));
adminRole.Users.Add(user);
adminRole.Users.Add(workflowServiceUser);
}
if (ObjectSpace.GetObjects <Issue>().Count == 0)
{
Issue issue = ObjectSpace.CreateObject <Issue>();
issue.Subject = "Processed issue";
issue.Active = false;
issue.SetCreatedBy(user);
Issue issue2 = ObjectSpace.CreateObject <Issue>();
issue2.Subject = "Active issue";
issue2.Active = true;
issue2.SetCreatedBy(user);
}
if (ObjectSpace.GetObjects <XpoWorkflowDefinition>().Count == 0)
{
XpoWorkflowDefinition definition = ObjectSpace.CreateObject <XpoWorkflowDefinition>();
definition.Name = "Create Task for active Issue";
definition.Xaml = CreateTaskForActiveIssueWorkflowXaml;
definition.TargetObjectType = typeof(Issue);
definition.AutoStartWhenObjectFitsCriteria = true;
definition.Criteria = "[Active] = True";
definition.IsActive = true;
XpoWorkflowDefinition codeActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>();
codeActivityDefinition.Name = "Create Task for active Issue (Code Activity)";
codeActivityDefinition.Xaml = CodeActivityCreateTaskForActiveIssueWorkflowXaml;
codeActivityDefinition.TargetObjectType = typeof(Issue);
codeActivityDefinition.AutoStartWhenObjectIsCreated = true;
codeActivityDefinition.IsActive = false;
XpoWorkflowDefinition customStartWorkflowActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>();
customStartWorkflowActivityDefinition.Name = "Custom start workflow";
customStartWorkflowActivityDefinition.Xaml = StartWorkflowViaReceiveAndCustomContractXaml;
customStartWorkflowActivityDefinition.TargetObjectType = typeof(WorkflowDemo.Module.Objects.Task);
customStartWorkflowActivityDefinition.IsActive = true;
XpoWorkflowDefinition receiveCorrelationsActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>();
receiveCorrelationsActivityDefinition.Name = "Start/stop (correlations) demo";
receiveCorrelationsActivityDefinition.Xaml = ReceiveCorrelationsXaml;
receiveCorrelationsActivityDefinition.TargetObjectType = typeof(WorkflowDemo.Module.Objects.Task);
receiveCorrelationsActivityDefinition.IsActive = true;
}
ObjectSpace.CommitChanges();
}
private void AddRoleToUser(Role userRole)
{
//userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess));
//userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
#region Create Users for the Complex Security Strategy
// If a user named 'Sam' doesn't exist in the database, create this user
User user1 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam"));
if (user1 == null)
{
user1 = ObjectSpace.CreateObject <User>();
user1.UserName = "******";
user1.FirstName = "Sam";
// Set a password if the standard authentication type is used
user1.SetPassword("");
}
// If a user named 'John' doesn't exist in the database, create this user
User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John"));
if (user2 == null)
{
user2 = ObjectSpace.CreateObject <User>();
user2.UserName = "******";
user2.FirstName = "John";
// Set a password if the standard authentication type is used
user2.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <Role>();
adminRole.Name = "Administrators";
}
// If a role with the Users name doesn't exist in the database, create this role
Role userRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <Role>();
userRole.Name = "Users";
}
// Delete all permissions assigned to the Administrators and Users roles
while (adminRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(adminRole.PersistentPermissions[0]);
}
while (userRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(userRole.PersistentPermissions[0]);
}
// Allow full access to all objects to the Administrators role
adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
// Deny editing access to the AuditDataItemPersistent type objects to the Administrators role
adminRole.AddPermission(new ObjectAccessPermission(typeof(AuditDataItemPersistent), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
// Allow editing the application model to the Administrators role
adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow));
// Save the Administrators role to the database
adminRole.Save();
// Allow full access to all objects to the Users role
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
// Deny editing access to the User type objects to the Users role
userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
// Deny full access to the Role type objects to the Users role
userRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
// Deny editing the application model to the Users role
userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
// Save the Users role to the database
userRole.Save();
// Add the Administrators role to the user1
user1.Roles.Add(adminRole);
// Add the Users role to the user2
user2.Roles.Add(userRole);
// Save the users to the database
user1.Save();
user2.Save();
ObjectSpace.CommitChanges();
#endregion
}
public static void CreatePermission(Session sess)
{
Role roleBasic = sess.FindObject<Role>(new BinaryOperator("Name", "基本"));
if (roleBasic == null)
{
roleBasic = new Role(sess);
roleBasic.Name = "基本";
roleBasic.AddPermission(new ObjectAccessPermission(typeof(Barcode), ObjectAccess.Read));
roleBasic.AddPermission(new ObjectAccessPermission(typeof(FileDataEx), ObjectAccess.AllAccess));
roleBasic.AddPermission(new ObjectAccessPermission(typeof(SystemSetting), ObjectAccess.Read));
roleBasic.AddPermission(new ObjectAccessPermission(typeof(Unit), ObjectAccess.Read & ObjectAccess.Navigate));
roleBasic.AddPermission(new ObjectAccessPermission(typeof(UnitConvert), ObjectAccess.Read & ObjectAccess.Navigate));
roleBasic.Save();
}
Role roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-只读"));
if (roleItem == null)
{
roleItem = new Role(sess);
roleItem.Name = "产品-只读";
roleItem.AddPermission(new ObjectAccessPermission(typeof(Item), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(BomLine), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.Read & ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(PriceCategory), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(RouteLine), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(WorkCenter), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(WorkOper), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.Save();
}
roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-修改"));
if (roleItem == null)
{
roleItem = new Role(sess);
roleItem.Name = "产品-修改";
roleItem.AddPermission(new ObjectAccessPermission(typeof(Item), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(BomLine), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(RouteLine), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(PriceCategory), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.Read & ObjectAccess.Navigate));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.Read ^ ObjectAccess.Navigate));
roleItem.Save();
}
roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-设定"));
if (roleItem == null)
{
roleItem = new Role(sess);
roleItem.Name = "产品-设定";
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.AllAccess));
roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.AllAccess ));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.AllAccess ));
roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.AllAccess ));
roleItem.Save();
}
}
public static void CreateUser(Session sess)
{
Role role = sess.FindObject<Role>(new BinaryOperator("Name", "administrator"));
User user = sess.FindObject<User>(new BinaryOperator("UserName", "Kenneth"));
if (role == null)
{
role = new Role(sess);
role.Name = "administrator";
role.AddPermission(new ObjectAccessPermission(typeof(Object), ObjectAccess.AllAccess));
}
if (user == null)
{
user = new User(sess);
user.UserName = "******";
user.Roles.Add(role);
user.Save();
// DevExpress.XtraEditors.XtraMessageBox.Show("User Kenneth created");
}
User userAdmin = sess.FindObject<User>(new BinaryOperator("UserName", "admin"));
if (userAdmin != null)
{
userAdmin.Roles.Add(role);
userAdmin.Save();
// DevExpress.XtraEditors.XtraMessageBox.Show("User admin created");
}
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
Employee userAdmin = Session.FindObject <Employee>(new BinaryOperator("UserName", "Admin"));
if (new XPCollection <Company>(Session).Count == 0)
{
using (Role administratorRole = new Role(Session)
{
Name = "Administrator role"
})
{
administratorRole.AddPermission(new EditModelPermission());
administratorRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
administratorRole.Save();
using (Role userRole = new Role(Session)
{
Name = "User"
})
{
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Navigate));
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Read));
userRole.Save();
}
userAdmin = new Employee(Session);
userAdmin.UserName = "******";
userAdmin.FirstName = "Admin";
userAdmin.LastName = "";
userAdmin.Roles.Add(administratorRole);
userAdmin.Save();
using (Branch branch1 = new Branch(Session)
{
Acronym = "WTPR", Branchname = "Roadmax Head Office"
})
{
using (Company company1 = new Company(Session)
{
CompanyName = "Roadmax Marketing Inc.", Acronym = "WTPR"
})
{
company1.Employees.Add(userAdmin);
company1.Branches.Add(branch1);
company1.Save();
ImportData(company1);
}
}
}
using (Currency curr = new Currency(Session)
{
CurrencyName = "Peso", CurrencyRate = 1
})
{
curr.Save();
}
using (VatCategory vat = new VatCategory(Session)
{
Acronym = "VAT", Description = "Vatable", Rate = 12
})
{
vat.Save();
}
}
//importReport("SOHeaderPrintOut");
}
private void AddRoleToUser(Role userRole)
{
//userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess, ObjectAccessModifier.Allow));
userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess));
userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess));
//userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
}
private void AddRoleToStudent(Role studentRole)
{
studentRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetailReportParametersObject), ObjectAccess.AllAccess));
studentRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
}
static void Main()
{
var storage = new Dictionary <Guid, List <object> >();
Func <Guid, Tuple <Int32, IEnumerable <object> > > reader = id => {
List <object> events;
if (storage.TryGetValue(id, out events))
{
return(new Tuple <int, IEnumerable <object> >(events.Count, events));
}
return(null);
};
var unitOfWork = new UnitOfWork();
var roleRepository = new Repository <Role>(Role.Factory, unitOfWork, reader);
var roleGroupRepository = new Repository <RoleGroup>(RoleGroup.Factory, unitOfWork, reader);
var userAccountRepository = new Repository <UserAccount>(UserAccount.Factory, unitOfWork, reader);
// Setting up security (accounts, roles and authorization)
var administratorRoleId = new RoleId(Guid.NewGuid());
var administratorRole = new Role(administratorRoleId, new Name("Administrator"));
administratorRole.AddPermissions(SecurityPermissions.All);
administratorRole.AllowPermissions(SecurityPermissions.All);
roleRepository.Add(administratorRole.Id, administratorRole);
var subRole1Id = new RoleId(Guid.NewGuid());
var subRole1 = new Role(subRole1Id, new Name("SubRole1"));
subRole1.AddPermission(SecurityPermissions.AddRole);
subRole1.DenyPermission(SecurityPermissions.AddRole);
roleRepository.Add(subRole1.Id, subRole1);
var subRole2Id = new RoleId(Guid.NewGuid());
var subRole2 = new Role(subRole2Id, new Name("SubRole2"));
subRole2.AddPermission(SecurityPermissions.AddRole);
subRole2.AllowPermission(SecurityPermissions.AddRole);
roleRepository.Add(subRole2.Id, subRole2);
var group1Id = new RoleGroupId(Guid.NewGuid());
var group1 = new RoleGroup(group1Id, new Name("SubRole 1 & 2"));
group1.AddRole(subRole1);
group1.AddRole(subRole2);
roleGroupRepository.Add(group1.Id, group1);
var administratorId = new UserAccountId(Guid.NewGuid());
var administrator = new UserAccount(administratorId, new UserAccountName("Administrator"));
administrator.GrantRole(administratorRole);
administrator.GrantRoleGroup(group1);
userAccountRepository.Add(administrator.Id, administrator);
// Using security - in domain layer code
var combinator = new AccessDecisionCombinator();
administrator.CombineDecisions(combinator, roleRepository, roleGroupRepository);
var decider = combinator.BuildDecider();
Console.WriteLine(decider.IsAllowed(SecurityPermissions.AddUserAccount));
// Using security - in application layer code
var command = new AddUserAccount(
new Guid("735A259F-996B-4174-9899-3D40242BF6B1"),
"Pierke Pol");
var resolver = new PermissionResolver();
var service =
new UserAccountApplicationService(
userAccountRepository,
roleRepository,
roleGroupRepository);
var authorizer =
new MessageAuthorizer(
resolver,
userAccountRepository,
roleRepository,
roleGroupRepository);
var commandHandler = service.Secure <AddUserAccount>(authorizer);
commandHandler.Handle(new SecurityContext <AddUserAccount>(administratorId, command));
// Using security - in projection code
var builder = new SqlConnectionStringBuilder("Data Source=.\\SQLEXPRESS;Initial Catalog=<YourStoreHere>;Integrated Security=SSPI;");
// What that table could look like ...
//CREATE TABLE [UserAccountEffectiveRoles](
// [UserAccountId] [uniqueidentifier] NOT NULL,
// [RoleId] [uniqueidentifier] NULL,
// [RoleGroupId] [uniqueidentifier] NULL,
// [Id] [int] IDENTITY(1,1) NOT NULL,
// CONSTRAINT [PK_UserAccountEffectiveRoles] PRIMARY KEY CLUSTERED ( [Id] ASC )
//)
var observer = new SqlStatementObserver();
// var lookup = new MemoryRoleGroupLookup(new Dictionary<Guid, HashSet<Guid>>());
var lookupInitializer = new SqlBasedLookupRolesOfRoleGroupInitializer(builder);
var lookup = lookupInitializer.Initialize();
var projectionHandler = new UserAccountEffectiveRolesProjectionHandler(observer, lookup);
var compositeProjectionHandler = new CompositeHandler(
new IHandle <object>[] {
new HandlerAdapter <AddedRoleToRoleGroup>(lookup),
new HandlerAdapter <RemovedRoleFromRoleGroup>(lookup),
new HandlerAdapter <DisabledUserAccount>(projectionHandler),
new HandlerAdapter <RoleGrantedToUserAccount>(projectionHandler),
new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
new HandlerAdapter <RoleGroupGrantedToUserAccount>(projectionHandler),
new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
new HandlerAdapter <AddedRoleToRoleGroup>(projectionHandler),
new HandlerAdapter <RemovedRoleFromRoleGroup>(projectionHandler)
});
foreach (var change in unitOfWork.GetChanges())
{
compositeProjectionHandler.Handle(change);
}
new BatchedSqlStatementFlusher(
builder).
Flush(observer.Statements);
Console.ReadLine();
}
public HardcodedRolesStore()
{
var visitor = new Role(_visitor);
visitor.AddPermission(new Permission("contributors", "getall"));
}
public void WhenIAddPermission(string permissionKey)
{
_role.AddPermission(_permissionStore[permissionKey]);
}
public void SetTestUserPermission(string context, string action)
{
_testUserRole.AddPermission(new Permission(context, action));
}
private void AddRoleToStudent(Role studentRole)
{
studentRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess));
studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate));
//studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny));
studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetailReportParametersObject), ObjectAccess.AllAccess));
studentRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
User user1 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam"));
if (user1 == null)
{
user1 = ObjectSpace.CreateObject <User>();
user1.UserName = "******";
user1.FirstName = "Sam";
// Set a password if the standard authentication type is used
user1.SetPassword("");
}
// If a user named 'John' doesn't exist in the database, create this user
User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John"));
if (user2 == null)
{
user2 = ObjectSpace.CreateObject <User>();
user2.UserName = "******";
user2.FirstName = "John";
// Set a password if the standard authentication type is used
user2.SetPassword("");
}
BasicUser adminUser = ObjectSpace.FindObject <BasicUser>(new BinaryOperator("UserName", "Sam"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <BasicUser>();
adminUser.UserName = "******";
adminUser.FullName = "Sam";
}
// Make the user an administrator
adminUser.IsAdministrator = true;
// Set a password if the standard authentication type is used
adminUser.SetPassword("");
// Save the user to the database
adminUser.Save();
// If a role with the Administrators name doesn't exist in the database, create this role
Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <Role>();
adminRole.Name = "Administrators";
}
// If a role with the Users name doesn't exist in the database, create this role
Role userRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <Role>();
userRole.Name = "Users";
}
// Delete all permissions assigned to the Administrators and Users roles
while (adminRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(adminRole.PersistentPermissions[0]);
}
while (userRole.PersistentPermissions.Count > 0)
{
ObjectSpace.Delete(userRole.PersistentPermissions[0]);
}
// Allow full access to all objects to the Administrators role
adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
// Allow editing the application model to the Administrators role
adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow));
// Save the Administrators role to the database
adminRole.Save();
// Allow full access to all objects to the Users role
userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess));
//// Deny full access to the User type objects to the Users role
//userRole.AddPermission(new ObjectAccessPermission(typeof(UserDetail), ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
// Deny full access to the Role type objects to the Users role
userRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess, ObjectAccessModifier.Deny));
//userRole.AddPermission(new ObjectAccessPermission(typeof(), ObjectAccess.Read, ObjectAccessModifier.Deny));
// Deny editing the application model to the Users role
userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny));
// Save the Users role to the database
userRole.Save();
// Add the Administrators role to the user1
user1.Roles.Add(adminRole);
// Add the Users role to the user2
user2.Roles.Add(userRole);
// Save the users to the database
user1.Save();
user2.Save();
}
