/// <summary>
/// Associates a per-type authorization rule with
/// the business type.
/// </summary>
/// <param name="objectType">Type of business object.</param>
/// <param name="rule">Rule object.</param>
/// <param name="ruleSet">Rule set name.</param>
public static void AddRule(Type objectType, IAuthorizationRule rule, string ruleSet)
{
var typeRules = AuthorizationRuleManager.GetRulesForType(objectType, ruleSet);
EnsureUniqueRule(typeRules, rule);
typeRules.Rules.Add(rule);
}
private static void InitializePerTypeRules(AuthorizationRuleManager mgr, Type type)
{
if (!mgr.InitializedPerType)
{
lock (mgr)
if (!mgr.InitializedPerType)
{
mgr.InitializedPerType = true;
// Only call AddObjectAuthorizationRules when there are no rules for this type
if (RulesExistForType(type))
{
return;
}
try
{
// invoke method to add auth roles
var flags = BindingFlags.Static | BindingFlags.Public | BindingFlags.NonPublic |
BindingFlags.FlattenHierarchy;
System.Reflection.MethodInfo method = type.GetMethod("AddObjectAuthorizationRules", flags);
if (method != null)
{
method.Invoke(null, null);
}
}
catch (Exception)
{
// remove all loaded rules for this type
CleanupRulesForType(type);
throw; // and rethrow the exception
}
}
}
}
internal static AuthorizationRuleManager GetRulesForType(Type type, string ruleSet)
{
// use null if RuleSet is "default"
if (ruleSet == ApplicationContext.DefaultRuleSet)
{
ruleSet = null;
}
AuthorizationRuleManager result = null;
var key = new RuleSetKey {
Type = type, RuleSet = ruleSet
};
if (!_perTypeRules.TryGetValue(key, out result))
{
lock (_perTypeRules)
{
if (!_perTypeRules.TryGetValue(key, out result))
{
result = new AuthorizationRuleManager();
_perTypeRules.Add(key, result);
}
}
}
InitializePerTypeRules(result, type);
return(result);
}
private static void EnsureUniqueRule(AuthorizationRuleManager mgr, IAuthorizationRule rule)
{
IAuthorizationRule oldRule = null;
if (rule.Element != null)
{
oldRule = mgr.Rules.FirstOrDefault(c => c.Element != null && c.Element.Name == rule.Element.Name && c.Action == rule.Action);
}
else
{
oldRule = mgr.Rules.FirstOrDefault(c => c.Element == null && c.Action == rule.Action);
}
if (oldRule != null)
{
throw new ArgumentException("rule");
}
}
private static void InitializePerTypeRules(AuthorizationRuleManager mgr, Type type)
{
if (!mgr.InitializedPerType)
{
lock (mgr)
if (!mgr.InitializedPerType && !mgr.InitializingPerType)
{
// Only call AddObjectAuthorizationRules when there are no rules for this type
if (RulesExistForType(type))
{
mgr.InitializedPerType = true;
return;
}
try
{
mgr.InitializingPerType = true;
// invoke method to add auth roles
System.Reflection.MethodInfo method = FindObjectAuthorizationRulesMethod(type);
if (method != null)
{
method.Invoke(null, null);
}
mgr.InitializedPerType = true;
}
catch (Exception)
{
// remove all loaded rules for this type
CleanupRulesForType(type);
throw; // and rethrow the exception
}
finally
{
mgr.InitializingPerType = false;
}
}
}
}
private static bool HasPermission(AuthorizationActions action, object obj, Type objType, string ruleSet)
{
if (action == AuthorizationActions.ReadProperty ||
action == AuthorizationActions.WriteProperty ||
action == AuthorizationActions.ExecuteMethod)
{
throw new ArgumentOutOfRangeException("action");
}
bool result = true;
var rule =
AuthorizationRuleManager.GetRulesForType(objType, ruleSet).Rules.FirstOrDefault(c => c.Element == null && c.Action == action);
if (rule != null)
{
var context = new AuthorizationContext {
Rule = rule, Target = obj, TargetType = objType
};
rule.Execute(context);
result = context.HasPermission;
}
return(result);
}
private static void InitializePerTypeRules(ApplicationContext applicationContext, AuthorizationRuleManager mgr, Type type)
{
if (!mgr.InitializedPerType)
{
lock (mgr)
if (!mgr.InitializedPerType && !mgr.InitializingPerType)
{
// Only call AddObjectAuthorizationRules when there are no rules for this type
if (RulesExistForType(type))
{
mgr.InitializedPerType = true;
return;
}
try
{
mgr.InitializingPerType = true;
// invoke method to add auth roles
System.Reflection.MethodInfo method = FindObjectAuthorizationRulesMethod(type);
if (method != null)
{
if (method.GetParameters().Length == 0)
{
method.Invoke(null, null);
}
else if (applicationContext != null)
{
method.Invoke(null, new object[] { new AddObjectAuthorizationRulesContext(applicationContext) });
}
else
{
throw new InvalidOperationException(
$"{nameof(InitializePerTypeRules)} {nameof(applicationContext)} == null");
}
}
mgr.InitializedPerType = true;
}
catch (Exception)
{
// remove all loaded rules for this type
CleanupRulesForType(type);
throw; // and rethrow the exception
}
finally
{
mgr.InitializingPerType = false;
}
}
}
}
