public async Task <IHttpActionResult> PostAsync(AccessObjectType objectType, int objectId, [FromBody] CreateAccessRuleDto model, CancellationToken cancellationToken) { if (model == null || !ModelState.IsValid) { return(BadRequest()); } await ApiSecurity.AuthorizeAsync(objectType, objectId, AccessPermission.IsOwner, cancellationToken); ValidationResult validationResult; if (model.Anyone) { validationResult = await _securityManager.SetAccessRuleAsync(objectType, objectId, new AccessRuleItem { Permission = model.Permission, Visibility = model.Visibility }, cancellationToken); } else { var user = await _userManager.FindByEmailAsync(model.Email, cancellationToken); if (user == null) { ModelState.AddModelError("", string.Format(SecurityApiResources.UserNotFound, model.Email)); return(BadRequest()); } validationResult = await _securityManager.SetAccessRuleAsync(objectType, objectId, new AccessRuleItem { User = user, Permission = model.Permission, Visibility = model.Visibility }, cancellationToken); } if (!validationResult.Succeeded) { return(this.ValidationContent(validationResult)); } return(Ok(model)); }
/// <summary> /// Inserts a list of <see cref="AccessRuleItem" />s to the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The ACEs (Access Control Entries) to set.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> /// <exception cref="System.ArgumentNullException"></exception> public virtual async Task <ValidationResult> SetAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } AccessRuleItem oldRule; if (rule.Anyone) { oldRule = await Store.GetAccessRuleAsync(objectType, objectId, cancellationToken); } else { oldRule = await Store.GetAccessRuleByUserAsync(objectType, objectId, rule.User.Id, cancellationToken); } if (oldRule == null) { return(await AddAccessRuleAsync(objectType, objectId, rule, cancellationToken)); } var validationResult = await ValidateAccessRuleAsync(objectType, objectId, rule, cancellationToken); if (!validationResult.Succeeded) { return(validationResult); } return(await Store.ReplaceAccessRuleAsync(objectType, objectId, oldRule, rule, cancellationToken)); }
/// <summary> /// Checks whether the specified user has the specified <paramref name="requiredPermission" /> for the specified object. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userEmail">The user email.</param> /// <param name="requiredPermission">The required permission.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <SecurityResult> CheckAccessAsync(AccessObjectType objectType, int objectId, string userEmail, AccessPermission requiredPermission, CancellationToken cancellationToken) { ThrowIfDisposed(); var user = await UserManager.FindByEmailAsync(userEmail, cancellationToken); return(await CheckAccessAsync(objectType, objectId, user?.Id, requiredPermission, cancellationToken)); }
/// <summary> /// Finds a collection of Access Control Entries (ACEs) with the given values. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ListResult <AccessRuleItem> > GetOwnersAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { ThrowIfDisposed(); var rules = await Store.GetAccessRulesAsync(objectType, objectId, cancellationToken); return(ListResult.Create(rules.Data.Where(ace => !ace.Anyone && ace.Permission == AccessPermission.IsOwner))); }
/// <summary> /// Finds a collection of Access Control Entries (ACEs) with the given values. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ListResult <AccessRuleItem> > GetAccessRulesAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); return(await ( from ace in AccessRules where ace.ObjectType == objectType && ace.ObjectId == objectId orderby ace.User.Email.Name select new AccessRuleItem { Permission = ace.Permission, Visibility = ace.Visibility, User = ace.User == null ? null : new AccountItem { Id = ace.User.Id, Email = ace.User.Email, FirstName = ace.User.FirstName, LastName = ace.User.LastName, Gender = ace.User.Gender, Birthday = ace.User.Birthday } } ).ToListResultAsync(cancellationToken)); }
/// <summary> /// Checks whether the specified user has the specified <paramref name="requiredPermission" /> for the specified object. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userId">The primary key of the user.</param> /// <param name="requiredPermission">The required permission.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <SecurityResult> CheckAccessAsync(AccessObjectType objectType, int objectId, int?userId, AccessPermission requiredPermission, CancellationToken cancellationToken) { ThrowIfDisposed(); var acl = await Store.GetAccessRulesAsync(objectType, objectId, cancellationToken); if (acl.Data.IsEmpty) { return(SecurityResult.AccessDenied); } var anyone = acl.Data.FirstOrDefault(rule => rule.Anyone); if (userId == null && (anyone == null || anyone.Permission < requiredPermission || anyone.Visibility == AccessVisibility.Private)) { return(SecurityResult.AccessDenied); } var userOrAnyone = acl.Data.FirstOrDefault(rule => rule.User?.Id == userId) ?? anyone; if (userOrAnyone == null || userOrAnyone.Permission < requiredPermission) { return(SecurityResult.AccessDenied); } return(new SecurityResult(true, anyone?.Visibility ?? AccessVisibility.Unknown)); }
public async Task <IHttpActionResult> DeleteAsync(AccessObjectType objectType, int objectId, [FromBody] string email, CancellationToken cancellationToken) { await ApiSecurity.AuthorizeAsync(objectType, objectId, AccessPermission.IsOwner, cancellationToken); AccessRuleItem trustee; if (email == null) { trustee = await _securityManager.GetAccessRuleAsync(objectType, objectId, cancellationToken); } else { trustee = await _securityManager.GetAccessRuleByUserEmailAsync(objectType, objectId, email, cancellationToken); } if (trustee == null) { ModelState.AddModelError("", string.Format(SecurityApiResources.UserNotFound, email ?? "Anyone")); return(BadRequest()); } var validationResult = await _securityManager.RemoveAccessRuleAsync(objectType, objectId, trustee, cancellationToken); if (!validationResult.Succeeded) { return(this.ValidationContent(validationResult)); } return(StatusCode(HttpStatusCode.NoContent)); }
/// <summary> /// Replaces the given <paramref name="rule" /> on the specified object with the <paramref name="newTrustee" />. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key for the shared object to be found.</param> /// <param name="rule">The ACE (Access Control Entry) to replace.</param> /// <param name="newTrustee">The new ACE (Access Control Entry) to set.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> ReplaceAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, AccessRuleItem newTrustee, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } if (newTrustee == null) { throw new ArgumentNullException(nameof(newTrustee)); } var userId = rule.User?.Id; var aceEntity = await AccessRules.SingleOrDefaultAsync(p => p.ObjectType == objectType && p.ObjectId == objectId && p.UserId == userId, cancellationToken); if (aceEntity == null) { throw new InvalidOperationException("ACE does not exist."); } aceEntity.Permission = newTrustee.Permission; aceEntity.Visibility = newTrustee.Visibility; await SaveChangesAsync(cancellationToken); return(ValidationResult.Success); }
/// <summary> /// Inserts a list of <see cref="AccessRuleItem" />s to the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be inserted.</param> /// <param name="objectId">The primary key for the shared object to be inserted.</param> /// <param name="rule">The ACEs (Access Control Entries) to insert.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> AddAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } if (await AccessRules.Where(objectType, objectId, rule.User?.Id).AnyAsync(cancellationToken)) { return(ValidationResult.Failed("Duplicated ACE entry.")); } AccessRules.Add(new SecurityAccessRule { ObjectType = objectType, ObjectId = objectId, UserId = rule.User?.Id, Permission = rule.Permission, Visibility = rule.Visibility }); await SaveChangesAsync(cancellationToken); return(ValidationResult.Success); }
/// <summary> /// Throws a <see cref="HttpResponseException" /> at run time if the security requirement is not met. /// </summary> /// <param name="objectType">The type of the object to protect.</param> /// <param name="objectId">The primary key for the object to protect.</param> /// <param name="requiredPermission">The required permission.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public static async Task AuthorizeAsync(AccessObjectType objectType, int objectId, AccessPermission requiredPermission, CancellationToken cancellationToken) { if (objectType == AccessObjectType.Unknown) { throw new HttpResponseException(HttpStatusCode.Forbidden); } var securityResult = await Manager.CheckAccessAsync(objectType, objectId, WebSecurity.IsAuthenticated?CurrentUserName : null, requiredPermission, cancellationToken); if (!securityResult.AccessGranted) { throw new HttpResponseException(HttpStatusCode.Forbidden); } }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual Task <AccessRuleItem> GetAccessRuleAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); return(AccessRules .Where(objectType, objectId, null) .Select(ace => new AccessRuleItem { Permission = ace.Permission, Visibility = ace.Visibility }) .SingleOrDefaultAsync(cancellationToken)); }
/// <summary> /// Deletes all <see cref="AccessRuleItem" />s from the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key for the shared object to be found.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> RemoveAccessRulesAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); await Context.Database.ExecuteSqlCommandAsync( $"{DbSchema.Security}.DeleteAccessRules @ObjectTypeId, @ObjectId", cancellationToken, DbParameters.Value("ObjectTypeId", objectType), DbParameters.Value("ObjectId", objectId)); return(ValidationResult.Success); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userEmail">The email address of the user to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual async Task <AccessRuleItem> GetAccessRuleByUserEmailAsync(AccessObjectType objectType, int objectId, string userEmail, CancellationToken cancellationToken) { ThrowIfDisposed(); // If the specified user does not exist, do not try to return a 'Anyone'. // This method should be straight and unambiguous. var user = await UserManager.FindByEmailAsync(userEmail, cancellationToken); if (user == null) { return(null); } return(await Store.GetAccessRuleByUserAsync(objectType, objectId, user.Id, cancellationToken)); }
/// <summary> /// Inserts a <see cref="AccessRuleItem" /> to the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The ACEs (Access Control Entries) to set.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> /// <exception cref="System.ArgumentNullException"></exception> public virtual async Task <ValidationResult> AddAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } var validationResult = await ValidateAccessRuleAsync(objectType, objectId, rule, cancellationToken); if (!validationResult.Succeeded) { return(validationResult); } return(await Store.AddAccessRuleAsync(objectType, objectId, rule, cancellationToken)); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userId">The primary key of the user to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual Task <AccessRuleItem> GetAccessRuleByUserAsync(AccessObjectType objectType, int objectId, int userId, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); return(AccessRules.Where(objectType, objectId, userId).Select(ace => new AccessRuleItem { Permission = ace.Permission, Visibility = ace.Visibility, User = new AccountItem { Id = ace.User.Id, Email = ace.User.Email, FirstName = ace.User.FirstName, LastName = ace.User.LastName, Gender = ace.User.Gender, Birthday = ace.User.Birthday } }).SingleOrDefaultAsync(cancellationToken)); }
/// <summary> /// Deletes a list of <see cref="AccessRuleItem" />s from the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be removed.</param> /// <param name="objectId">The primary key for the shared object to be removed.</param> /// <param name="rule">The ACEs (Access Control Entries) to delete.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> RemoveAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } var aceEntity = await AccessRules.Where(objectType, objectId, rule.User?.Id).SingleOrDefaultAsync(cancellationToken); if (aceEntity == null) { throw new InvalidOperationException("ACE does not exist."); } Context.Remove(aceEntity); await SaveChangesAsync(cancellationToken); return(ValidationResult.Success); }
/// <summary> /// Deletes a list of <see cref="AccessRuleItem" />s from the specified <paramref name="item" />. /// </summary> /// <param name="item">The shared to be unshared.</param> /// <param name="rule">The ACEs (Access Control Entries) to delete.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual async Task <ValidationResult> RemoveAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { ThrowIfDisposed(); if (rule == null) { throw new ArgumentNullException(nameof(rule)); } // At least one specific user is required as owner of the specified object. if (!rule.Anyone && rule.Permission == AccessPermission.IsOwner) { var owners = await Store.GetAccessRulesAsync(objectType, objectId, cancellationToken); if (owners.Data.Count(o => !o.Anyone && o.Permission == AccessPermission.IsOwner) < 2) { return(ValidationResult.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.OwnerRequired))); } } return(await Store.RemoveAccessRuleAsync(objectType, objectId, rule, cancellationToken)); }
/// <summary> /// Filters a sequences of items based on predicates. /// </summary> public static IQueryable <SecurityAccessRule> Where(this IQueryable <SecurityAccessRule> query, AccessObjectType objectType, int objectId, int?userId) { return(query.Where(ace => ace.ObjectType == objectType && ace.ObjectId == objectId && ace.UserId == userId)); }
/// <summary> /// Finds a collection of Access Control Entries (ACEs) with the given values. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual Task <ListResult <AccessRuleItem> > GetAccessRulesAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { ThrowIfDisposed(); return(Store.GetAccessRulesAsync(objectType, objectId, cancellationToken)); }
public async Task <IHttpActionResult> GetAllAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { return(Ok(await _securityManager.GetAccessRulesAsync(objectType, objectId, cancellationToken))); }
/// <summary> /// Validates the specified <paramref name="rule" /> as an asynchronous operation. /// </summary> /// <param name="manager">The <see cref="SecurityManager" /> that can be used to retrieve user properties.</param> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The rule to validate.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> that represents the asynchronous operation, containing the <see cref="ValidationResult" /> of the validation operation. /// </returns> protected virtual Task <ValidationResult> ValidateUserAsync(SecurityManager manager, AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { if (rule.Permission == AccessPermission.Unknown) { return(ValidationResultTask.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.UserPermissionRequired))); } if (rule.Visibility != AccessVisibility.Unknown) { return(ValidationResultTask.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.AccessVisibilityNotSupported))); } return(AtLeastOneOwnerRequired(manager, objectType, objectId, rule, cancellationToken)); }
/// <summary> /// Validates the specified <paramref name="rule" /> as an asynchronous operation. /// </summary> /// <param name="manager">The <see cref="SecurityManager" /> that can be used to retrieve user properties.</param> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The rule to validate.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> that represents the asynchronous operation, containing the <see cref="ValidationResult" /> of the validation operation. /// </returns> protected virtual Task <ValidationResult> ValidateAnyoneAsync(SecurityManager manager, AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { if (rule.Permission != AccessPermission.CanView) { return(ValidationResultTask.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.AccessPermissionNotSupported))); } if (rule.Visibility == AccessVisibility.Unknown) { return(ValidationResultTask.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.AnyoneVisibilityRequired))); } return(ValidationResultTask.Success); }
/// <summary> /// Validates the specified <paramref name="rule" /> as an asynchronous operation. /// </summary> /// <param name="manager">The <see cref="SecurityManager" /> that can be used to retrieve user properties.</param> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The rule to validate.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> that represents the asynchronous operation, containing the <see cref="ValidationResult" /> of the validation operation. /// </returns> /// <exception cref="System.ArgumentNullException"></exception> public virtual async Task <ValidationResult> ValidateAsync(SecurityManager manager, AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { if (manager == null) { throw new ArgumentNullException(nameof(manager)); } if (rule == null) { return(ValidationResult.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.UserPermissionRequired))); } if (rule.Anyone) { return(await ValidateAnyoneAsync(manager, objectType, objectId, rule, cancellationToken)); } return(await ValidateUserAsync(manager, objectType, objectId, rule, cancellationToken)); }
/// <summary> /// Checks whether at least one owner exists on the specified <paramref name="objectType" />. /// </summary> /// <param name="manager">The <see cref="SecurityManager" /> that can be used to retrieve user properties.</param> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="rule">The rule to validate.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> that represents the asynchronous operation, containing the <see cref="ValidationResult" /> of the validation operation. /// </returns> protected async Task <ValidationResult> AtLeastOneOwnerRequired(SecurityManager manager, AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { Debug.Assert(manager != null); Debug.Assert(rule != null); if (rule.Anyone || rule.Permission == AccessPermission.IsOwner) { // No need to check access rules if this operation does not have an effect on owner rights. return(ValidationResult.Success); } var owners = await manager.GetOwnersAsync(objectType, objectId, cancellationToken); if (owners.Data.Count(ace => ace.User.Id != rule.User.Id) == 0) { return(ValidationResult.Failed(string.Format(CultureInfo.CurrentCulture, SecurityResources.OwnerRequired))); } return(ValidationResult.Success); }
/// <summary> /// Validates access rule. Called by other <see cref="SecurityManager" /> methods. /// </summary> /// <param name="rule">The rule to validate.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> private Task <ValidationResult> ValidateAccessRuleAsync(AccessObjectType objectType, int objectId, AccessRuleItem rule, CancellationToken cancellationToken) { return((Validator == null) ? Task.FromResult(ValidationResult.Success) : Validator.ValidateAsync(this, objectType, objectId, rule, cancellationToken)); }
/// <summary> /// Deletes all <see cref="AccessRuleItem" />s from the specified <paramref name="item" />. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key for the shared object to be found.</param> /// <param name="cancellationToken">A token to observe while waiting for the task to complete.</param> /// <returns> /// A task that represents the asynchronous operation. /// </returns> public virtual Task <ValidationResult> RemoveAccessRulesAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { ThrowIfDisposed(); return(Store.RemoveAccessRulesAsync(objectType, objectId, cancellationToken)); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual async Task <AccessRuleItem> GetAccessRuleAsync(AccessObjectType objectType, int objectId, CancellationToken cancellationToken) { ThrowIfDisposed(); return(await Store.GetAccessRuleAsync(objectType, objectId, cancellationToken)); }
/// <summary> /// Retrieves the <see cref="AccessRuleItem" /> associated with the key, as an asynchronous operation. /// </summary> /// <param name="objectType">The type of the shared object to be found.</param> /// <param name="objectId">The primary key of the shared object to be found.</param> /// <param name="userId">The primary key of the user to be found.</param> /// <param name="cancellationToken">The <see cref="CancellationToken" /> used to propagate notifications that the operation should be canceled.</param> /// <returns> /// The <see cref="Task" /> for the asynchronous operation, containing the contact, if any which matched the specified key. /// </returns> public virtual Task <AccessRuleItem> GetAccessRuleByUserIdAsync(AccessObjectType objectType, int objectId, int userId, CancellationToken cancellationToken) { ThrowIfDisposed(); return(Store.GetAccessRuleByUserAsync(objectType, objectId, userId, cancellationToken)); }