public void Delete(string fileOrFolder) { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; WindowsIdentity winID = principal.Identity as WindowsIdentity; try { using (winID.Impersonate()) { Console.WriteLine("Impersonifikacija klijenta {0}", WindowsIdentity.GetCurrent().Name); if (!Thread.CurrentPrincipal.IsInRole("Delete")) { string username = Parser.Parse(Thread.CurrentPrincipal.Identity.Name); try { Audit.AuthorizationFailed(principal.Identity.Name, OperationContext.Current.IncomingMessageHeaders.Action, "Nemam dozvolu za Delete."); } catch (ArgumentException e) { Console.WriteLine(e.Message); } throw new FaultException(username + " je pokušao da pozove Delete, za šta mu treba dozvola."); } else { FilesAndFolders.Delete(fileOrFolder); try { Audit.AuthorizationSuccess(principal.Identity.Name, OperationContext.Current.IncomingMessageHeaders.Action); } catch (ArgumentException e) { Console.WriteLine(e.Message); } } } } catch (Exception e) { Console.WriteLine("Error: {0}", e.Message); } }
public int GetBill() { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; // if (principal.IsInRole(Permissions.Read.ToString())) // { Console.WriteLine("Read() successfully executed by {0}.", principal.Identity.Name); return(value); // } /* else * { * Console.WriteLine("GetBill() failed for user {0}.", principal.Identity.Name); * } * return -1; */ }
public void ModifyPerformance(int id, string name, DateTime date, int room, double ticketPrice) { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (principal.IsInRole("Admin")) { Console.WriteLine("\nModifying performance..."); for (int i = 0; i < Database.performances.Count(); ++i) { if (id.Equals(Database.performances[i].Id)) { Database.performances[i].Name = name; Database.performances[i].Date = date; Database.performances[i].Room = room; Database.performances[i].TicketPrice = ticketPrice; } } try { Audit.ChangeSuccess(GetClientUserName(), "performance."); } catch (Exception e) { Console.WriteLine(e.Message); } Database.WritePerformances(); } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Modify Performance", $"Modify Performance can be used only by user in the Admin group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Admin", "Modify Performance"); } }
public bool DeleteDB() { bool deleted = false; CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; var permission = Permissions.DeleteAll.ToString().ToLower(); /// audit both successfull and failed authorization checks if (principal.IsInRole(permission)) { value = 0; Console.WriteLine("DeleteDB() passed for user {0}.", principal.Identity.Name); deleted = true; } else { Console.WriteLine("DeleteDB() failed for user {0}.", principal.Identity.Name); } return(deleted); }
public bool ModifyDB(int newValue) { bool modified = false; CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; var permission = Permissions.Modify.ToString().ToLower(); /// audit both successfull and failed authorization checks if (principal.IsInRole(permission)) { value = newValue; Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name); modified = true; } else { Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name); } return(modified); }
public bool DeleteEntityDB(int id) { bool deleted = false; CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; var permission = Permissions.Delete.ToString().ToLower(); /// audit both successfull and failed authorization checks if (principal.IsInRole(permission)) { Console.WriteLine("DeleteEntityDB() passed for user {0}.", principal.Identity.Name); DataBase.DeleteEntity(id); deleted = true; logger.Log(principal.Identity.Name, "DeleteEntityDB", "", EventType.AuthorizationSuccess); } else { logger.Log(principal.Identity.Name, "DeleteEntityDB", permission, EventType.AuthorizationFailure); Console.WriteLine("DeleteEntityDB() failed for user {0}.", principal.Identity.Name); } return(deleted); }
public bool ModifyReading(double newValue, int id) { bool modified = false; CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; var permission = Permissions.Modify.ToString().ToLower(); /// audit both successfull and failed authorization checks if (principal.IsInRole(permission)) { Console.WriteLine("ModifyDB() passed for user {0}.", principal.Identity.Name); DataBase.ModifyReading(id, newValue); modified = true; logger.Log(principal.Identity.Name, "ModifyReading", "", EventType.AuthorizationSuccess); } else { logger.Log(principal.Identity.Name, "ModifyReading", permission, EventType.AuthorizationFailure); Console.WriteLine("ModifyDB() failed for user {0}.", principal.Identity.Name); } return(modified); }
public void ModifyDiscount(int discount) { string clientUsername = GetClientUserName(); CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (principal.IsInRole("Admin")) { Console.WriteLine("\nModifying discount..."); Database.Discount = discount; Database.WriteDiscount(); try { Audit.ChangeSuccess(clientUsername, "discount."); } catch (Exception e) { Console.WriteLine(e.Message); } } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Modify Discount", $"Modify Discount can be used only by user in the Admin group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Admin", "Modify Discount"); } }
bool HasPermission(Permission perm) { CustomPrincipal currUser = new CustomPrincipal(ServiceSecurityContext.Current.WindowsIdentity); return(currUser.HasPermission(perm.ToString())); }
public bool CheckIfReservationCanBePaied(int reservationsId) { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik")) { string clientUsername = GetClientUserName(); string clientRole = GetClientRole(); foreach (User u in Database.users) { if (u.Username.Equals(clientUsername)) { foreach (Reservation r in u.Reservations) { if (r.Id.Equals(reservationsId)) { foreach (Performance p in Database.performances) { if (p.Id.Equals(r.PerformanceId)) { if (r.State.Equals(ReservationState.UNPAID)) { if (clientRole.Equals("Korisnik")) { if (u.Balance >= r.TicketQuantity * p.TicketPrice) { return(true); } } else { if (u.Balance >= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100)) { return(true); } } } } } } } } } try { Audit.MethodCallFailed(GetClientUserName(), "Pay Reservation", $"User did not enter a valid id of reservation."); } catch (Exception e) { Console.WriteLine(e.Message); } return(false); } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation", $"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation"); return(false); } }
public void PayReservation(int reservationsId) { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik")) { string clientUsername = GetClientUserName(); string clientRole = GetClientRole(); Console.WriteLine("\nPaying reservation..."); foreach (User u in Database.users) { if (u.Username.Equals(clientUsername)) { foreach (Reservation r in u.Reservations) { foreach (Performance p in Database.performances) { if (p.Id.Equals(r.PerformanceId)) { if (r.Id.Equals(reservationsId)) { if (clientRole.Equals("Korisnik")) { u.Balance -= r.TicketQuantity * p.TicketPrice; try { Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance."); } catch (Exception e) { Console.WriteLine(e.Message); } } else { u.Balance -= r.TicketQuantity * p.TicketPrice - (r.TicketQuantity * p.TicketPrice) * (Database.Discount / 100); try { Audit.ChangeSuccess(Formatter.ParseName(WindowsIdentity.GetCurrent().Name), "balance."); } catch (Exception e) { Console.WriteLine(e.Message); } } for (int i = 0; i < u.Reservations.Count(); i++) { if (u.Reservations[i].Id.Equals(reservationsId)) { u.Reservations[i].State = ReservationState.PAID; try { Audit.PayReservationSuccess(clientUsername, ReservationState.UNPAID.ToString(), ReservationState.PAID.ToString()); } catch (Exception e) { Console.WriteLine(e.Message); } Database.WriteReservations(); Database.WriteUsers(); } } } } } } } } } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Pay Reservation", $"Pay Reservation can be used only by user in the Korisnik or SuperKorisnik group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Korisnik or SuperKorisnik", "Pay Reservation"); } }
public bool CheckIfPerformanceExists(int id, int methodID) { CustomPrincipal principal = Thread.CurrentPrincipal as CustomPrincipal; if (methodID == 2) { if (principal.IsInRole("Admin")) { foreach (Performance p in Database.performances) { if (p.Id.Equals(id)) { return(true); } } try { Audit.MethodCallFailed(GetClientUserName(), "Modify Performance", $"User did not enter a valid id of perfrormance."); } catch (Exception e) { Console.WriteLine(e.Message); } return(false); } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Modify Performance", $"Modify performance can be used only by user in the Admin group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Admin", "Modify Performance"); return(false); } } else { if (principal.IsInRole("Korisnik") || principal.IsInRole("SuperKorisnik")) { foreach (Performance p in Database.performances) { if (p.Id.Equals(id)) { return(true); } } try { Audit.MethodCallFailed(GetClientUserName(), "Make Reservation", $"User did not enter a valid id of perfrormance."); } catch (Exception e) { Console.WriteLine(e.Message); } return(false); } else { try { Audit.AuthorizationFailed(GetClientUserName(), "Make Reservation", $"Make Reservation can be used only by user in the Korisnik or SuperKorisnik group."); } catch (Exception e) { Console.WriteLine(e.Message); } ErrorMessage("Korisnik or SuperKorisnik", "Make Reservation"); return(false); } } }