private bool IsGrantedByOperation(SecurityOperation operation) { bool result; IEnumerable <IPolicyPermission> operationPermissions = permissionsProvider.GetPermissions().OfType <IPolicyPermission>(); if (operationPermissions.Count() != 0) { result = operationPermissions.Any(p => p.Operations.HasFlag(operation)); } else { result = DefaultOperationsAllow.HasFlag(operation); } return(result); }
protected PermissionManagerBase(IPermissionsProvider permissionProvider) { _definitions = permissionProvider.GetPermissions(); }
public EFCoreDemoDbContext(IPermissionsProvider permissionsProvider) { PermissionsContainer.AddPermissions(permissionsProvider.GetPermissions()); }
public WindowsPermissionManager(IPermissionsProvider permissionProvider) : base(permissionProvider) { _definitions = permissionProvider.GetPermissions(); }
public Expression GetDatabaseReadExpressionFromSecurity(Expression sourceExpression, Type type) { Expression loadExpression = null; if (permissionsProvider.GetPermissions().Count() > 0) { ParameterExpression parameterExpression = Expression.Parameter(type, "p"); bool allowReadLevelType = permissionProcessor.IsGranted(type, SecurityOperation.Read); if (allowReadLevelType) { IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); if (objectsDenyExpression.Count() > 0) { IEnumerable <Expression> originalExpressions = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria)); IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(originalExpressions); loadExpression = GetAndMergedExpression(invertedExpressions); } } else { IEnumerable <IObjectPermission> objectsAllowExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read)); if (objectsAllowExpression.Count() > 0) { IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(objectsAllowExpression.Select(p => p.Criteria)); loadExpression = GetOrMergedExpression(nativeExpression); IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); nativeExpression = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria)); IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(nativeExpression); Expression denyObjectExpression = GetAndMergedExpression(invertedExpressions); if (denyObjectExpression != null) { loadExpression = Expression.AndAlso(loadExpression, denyObjectExpression); } } IEnumerable <IMemberPermission> memberAllowExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read)); if (memberAllowExpression.Count() > 0) { Expression membersExpression = null; IEnumerable <IMemberPermission> memberDenyExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); IEnumerable <string> memberNames = memberAllowExpression.GroupBy(x => x.MemberName).Select(g => g.First().MemberName); foreach (string memberName in memberNames) { Expression memberExpression; IEnumerable <IMemberPermission> currentMemberAllowExpressions = memberAllowExpression.Where(p => p.MemberName == memberName); IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(currentMemberAllowExpressions.Select(p => p.Criteria)); memberExpression = GetOrMergedExpression(nativeExpression); IEnumerable <IMemberPermission> currentMemberDenyExpressions = memberDenyExpression.Where(p => p.MemberName == memberName); if (currentMemberDenyExpressions.Count() > 0) { nativeExpression = GetBodiesOfLambdaExpressions(currentMemberDenyExpressions.Select(p => p.Criteria)); IEnumerable <Expression> inversionExpression = GetInvertedExpressions(nativeExpression); Expression denyLoadObjectExpression = GetAndMergedExpression(inversionExpression); if (denyLoadObjectExpression != null) { memberExpression = Expression.AndAlso(memberExpression, denyLoadObjectExpression); } } if (membersExpression == null) { membersExpression = memberExpression; } else { membersExpression = Expression.OrElse(membersExpression, memberExpression); } } if (membersExpression != null) { if (loadExpression == null) { loadExpression = membersExpression; } else { loadExpression = Expression.OrElse(loadExpression, membersExpression); } } } if (loadExpression == null) { loadExpression = Expression.Constant(false); } } if (loadExpression != null) { UpdateParameterVisitor updateParameterVisitor = new UpdateParameterVisitor(realDbContext, parameterExpression); loadExpression = updateParameterVisitor.Visit(loadExpression); //loadExpression = Expression.Condition( // loadExpression, // Expression.Constant(true, typeof(bool)), // Expression.Constant(false, typeof(bool))); MethodInfo whereMethodInfo = UtilityHelper.GetMethods("Where", type, 1).First().MakeGenericMethod(type); Expression whereLambda = Expression.Lambda(loadExpression, parameterExpression); loadExpression = Expression.Call(whereMethodInfo, new[] { sourceExpression, whereLambda }); } else { loadExpression = sourceExpression; } } else { loadExpression = sourceExpression; } return(loadExpression); }