private PermissionPolicyRole CreateDefaultRole()
{
PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(role => role.Name == "Default");
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <PermissionPolicyRole>();
defaultRole.Name = "Default";
defaultRole.AddObjectPermissionFromLambda <ApplicationUser>(SecurityOperations.Read, cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Department_ListView", SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Employee_ListView", SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "StoredPassword", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <Department>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddObjectPermissionFromLambda <Department>(SecurityOperations.Read, d => d.Title.Contains("Development"), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <Employee>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddObjectPermissionFromLambda <Employee>(SecurityOperations.Delete, e => e.Department.Title.Contains("Development"), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <Employee>(SecurityOperations.Write, "LastName", e => !e.Department.Title.Contains("Development"), SecurityPermissionState.Deny);
defaultRole.AddActionPermission("RoleGeneratorAction");
}
return(defaultRole);
}
private PermissionPolicyRole CreateDefaultRole()
{
PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(role => role.Name == "Default");
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <PermissionPolicyRole>();
defaultRole.Name = "Default";
defaultRole.AddObjectPermissionFromLambda <ApplicationUser>(SecurityOperations.Read, cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "StoredPassword", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermission(ObjectSpace.TypesInfo.FindTypeInfo("ClassLibrary1.PersistentClass1").Type, "Create;Read;Write", SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/PersistentClass1_ListView", SecurityPermissionState.Allow);
defaultRole.AddTypePermission(ObjectSpace.TypesInfo.FindTypeInfo("ClassLibrary2.PersistentClass2").Type, SecurityOperations.Read, SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/PersistentClass2_ListView", SecurityPermissionState.Allow);
}
return(defaultRole);
}
