private static ICriterion GetPermissionQueryInternal(User user, string operation, string securityKeyProperty) { var operationNames = Strings.GetHierarchicalOperationNames(operation); var criteria = DetachedCriteria.For <Permission>("permission") .CreateAlias("Operation", "op") .CreateAlias("EntitiesGroup", "entityGroup", JoinType.LeftOuterJoin) .CreateAlias("entityGroup.Entities", "entityKey", JoinType.LeftOuterJoin) .SetProjection(Projections.Property("Allow")) .Add(Restrictions.In("op.Name", operationNames)) .Add(Restrictions.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add( Property.ForName(securityKeyProperty).EqProperty("permission.EntitySecurityKey") || Property.ForName(securityKeyProperty).EqProperty("entityKey.EntitySecurityKey") || ( Restrictions.IsNull("permission.EntitySecurityKey") && Restrictions.IsNull("permission.EntitiesGroup") ) ) .SetMaxResults(1) .AddOrder(Order.Desc("Level")) .AddOrder(Order.Asc("Allow")); return(Subqueries.Eq(true, criteria)); }
public Permission[] GetPermissionsFor(UsersGroup usersGroup, bool eager = false) { var criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("UsersGroup", usersGroup) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllUsersGroupParents(usersGroup).SetProjection(Projections.Id()))); return(FindResults(criteria, eager)); }
public virtual EntitiesGroup[] GetAssociatedEntitiesGroupsFor <TEntity>(TEntity entity) where TEntity : IEntityInformationExtractor <TEntity> { var entitiesGroups = SecurityCriterions.AllGroups(entity) .GetExecutableCriteria(_session) .AddOrder(Order.Asc("Name")) .SetCacheable(true) .List <EntitiesGroup>(); return(entitiesGroups.ToArray()); }
public virtual UsersGroup[] GetAssociatedUsersGroupFor(User user) { var usersGroups = SecurityCriterions.AllGroups(user) .GetExecutableCriteria(_session) .AddOrder(Order.Asc("Name")) .SetCacheable(true) .List <UsersGroup>(); return(usersGroups.ToArray()); }
public Permission[] GetPermissionsFor <TEntity>(User user, TEntity entity) where TEntity : IEntityInformationExtractor <TEntity> { var key = entity.SecurityKey; var entitiesGroups = GetAssociatedEntitiesGroupsFor(entity); var criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(Expression.Eq("EntitySecurityKey", key) || Expression.In("EntitiesGroup", entitiesGroups)); return(FindResults(criteria)); }
public Permission[] GetGlobalPermissionsFor(User user, string operationName) { var operationNames = Strings.GetHierarchicalOperationNames(operationName); var criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(Expression.IsNull("EntitiesGroup")) .Add(Expression.IsNull("EntitySecurityKey")) .CreateAlias("Operation", "op") .Add(Expression.In("op.Name", operationNames)); return(FindResults(criteria)); }
public void RemoveUser(User user) { ICollection <UsersGroup> groups = SecurityCriterions.DirectUsersGroups((user)) .GetExecutableCriteria(_session) .SetCacheable(true) .List <UsersGroup>(); foreach (UsersGroup group in groups) { group.Users.Remove(user); } _session.CreateQuery("delete Permission p where p.User = :user") .SetEntity("user", user) .ExecuteUpdate(); }
public virtual UsersGroup[] GetAncestryAssociation(User user, string usersGroupName) { var desiredGroup = GetUsersGroupByName(usersGroupName); ICollection <UsersGroup> directGroups = SecurityCriterions.DirectUsersGroups((user)) .GetExecutableCriteria(_session) .SetCacheable(true) .List <UsersGroup>(); if (directGroups.Contains(desiredGroup)) { return(new[] { desiredGroup }); } var associatedGroups = GetAssociatedUsersGroupFor(user); if (!associatedGroups.Contains(desiredGroup)) { return(new UsersGroup[0]); } var shortest = new List <UsersGroup>(); foreach (var usersGroup in associatedGroups) { var path = new List <UsersGroup>(); var current = usersGroup; while (current != null && current != desiredGroup) { path.Add(current); current = current.Parent; } if (current != null) { path.Add(current); } if (path.Contains(desiredGroup) && directGroups.Contains(path[0])) { shortest = Min(shortest, path); } } return(shortest.ToArray()); }
public virtual EntitiesGroup[] GetAncestryAssociationOfEntity <TEntity>(TEntity entity, string entityGroupName) where TEntity : IEntityInformationExtractor <TEntity> { var desiredGroup = GetEntitiesGroupByName(entityGroupName); ICollection <EntitiesGroup> directGroups = SecurityCriterions.DirectEntitiesGroups(entity) .GetExecutableCriteria(_session) .SetCacheable(true) .List <EntitiesGroup>(); if (directGroups.Contains(desiredGroup)) { return(new[] { desiredGroup }); } var associatedGroups = GetAssociatedEntitiesGroupsFor(entity); if (!associatedGroups.Contains(desiredGroup)) { return(new EntitiesGroup[0]); } var shortest = new List <EntitiesGroup>(); foreach (var entitiesGroup in associatedGroups) { var path = new List <EntitiesGroup>(); var current = entitiesGroup; while (current != null && current != desiredGroup) { path.Add(current); current = current.Parent; } if (current != null) { path.Add(current); } if (path.Contains(desiredGroup) && directGroups.Contains(path[0])) { shortest = Min(shortest, path); } } return(shortest.ToArray()); }
public Permission[] GetPermissionsFor <TEntity>(User user, TEntity entity, string operationName) where TEntity : IEntityInformationExtractor <TEntity> { var key = entity.SecurityKey; var operationNames = Strings.GetHierarchicalOperationNames(operationName); var entitiesGroups = GetAssociatedEntitiesGroupsFor(entity); //var usersGroups = GetAssociatedUsersGroupFor(user); var onCriteria = (Restrictions.Eq("EntitySecurityKey", key) || Restrictions.In("EntitiesGroup", entitiesGroups)) || (Restrictions.IsNull("EntitiesGroup") && Restrictions.IsNull("EntitySecurityKey")); var criteria = DetachedCriteria.For <Permission>() .Add(Restrictions.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(onCriteria) .CreateAlias("Operation", "op") .Add(Restrictions.In("op.Name", operationNames)); return(FindResults(criteria)); }