private bool IsGrantedByOperation(SecurityOperation operation)
{
bool result;
IEnumerable <IPolicyPermission> operationPermissions = permissionsProvider.GetPermissions().OfType <IPolicyPermission>();
if (operationPermissions.Count() != 0)
{
result = operationPermissions.Any(p => p.Operations.HasFlag(operation));
}
else
{
result = DefaultOperationsAllow.HasFlag(operation);
}
return(result);
}
protected PermissionManagerBase(IPermissionsProvider permissionProvider)
{
_definitions = permissionProvider.GetPermissions();
}
public EFCoreDemoDbContext(IPermissionsProvider permissionsProvider)
{
PermissionsContainer.AddPermissions(permissionsProvider.GetPermissions());
}
public WindowsPermissionManager(IPermissionsProvider permissionProvider) : base(permissionProvider)
{
_definitions = permissionProvider.GetPermissions();
}
public Expression GetDatabaseReadExpressionFromSecurity(Expression sourceExpression, Type type)
{
Expression loadExpression = null;
if (permissionsProvider.GetPermissions().Count() > 0)
{
ParameterExpression parameterExpression = Expression.Parameter(type, "p");
bool allowReadLevelType = permissionProcessor.IsGranted(type, SecurityOperation.Read);
if (allowReadLevelType)
{
IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
if (objectsDenyExpression.Count() > 0)
{
IEnumerable <Expression> originalExpressions = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria));
IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(originalExpressions);
loadExpression = GetAndMergedExpression(invertedExpressions);
}
}
else
{
IEnumerable <IObjectPermission> objectsAllowExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read));
if (objectsAllowExpression.Count() > 0)
{
IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(objectsAllowExpression.Select(p => p.Criteria));
loadExpression = GetOrMergedExpression(nativeExpression);
IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
nativeExpression = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria));
IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(nativeExpression);
Expression denyObjectExpression = GetAndMergedExpression(invertedExpressions);
if (denyObjectExpression != null)
{
loadExpression = Expression.AndAlso(loadExpression, denyObjectExpression);
}
}
IEnumerable <IMemberPermission> memberAllowExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read));
if (memberAllowExpression.Count() > 0)
{
Expression membersExpression = null;
IEnumerable <IMemberPermission> memberDenyExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read));
IEnumerable <string> memberNames = memberAllowExpression.GroupBy(x => x.MemberName).Select(g => g.First().MemberName);
foreach (string memberName in memberNames)
{
Expression memberExpression;
IEnumerable <IMemberPermission> currentMemberAllowExpressions = memberAllowExpression.Where(p => p.MemberName == memberName);
IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(currentMemberAllowExpressions.Select(p => p.Criteria));
memberExpression = GetOrMergedExpression(nativeExpression);
IEnumerable <IMemberPermission> currentMemberDenyExpressions = memberDenyExpression.Where(p => p.MemberName == memberName);
if (currentMemberDenyExpressions.Count() > 0)
{
nativeExpression = GetBodiesOfLambdaExpressions(currentMemberDenyExpressions.Select(p => p.Criteria));
IEnumerable <Expression> inversionExpression = GetInvertedExpressions(nativeExpression);
Expression denyLoadObjectExpression = GetAndMergedExpression(inversionExpression);
if (denyLoadObjectExpression != null)
{
memberExpression = Expression.AndAlso(memberExpression, denyLoadObjectExpression);
}
}
if (membersExpression == null)
{
membersExpression = memberExpression;
}
else
{
membersExpression = Expression.OrElse(membersExpression, memberExpression);
}
}
if (membersExpression != null)
{
if (loadExpression == null)
{
loadExpression = membersExpression;
}
else
{
loadExpression = Expression.OrElse(loadExpression, membersExpression);
}
}
}
if (loadExpression == null)
{
loadExpression = Expression.Constant(false);
}
}
if (loadExpression != null)
{
UpdateParameterVisitor updateParameterVisitor = new UpdateParameterVisitor(realDbContext, parameterExpression);
loadExpression = updateParameterVisitor.Visit(loadExpression);
//loadExpression = Expression.Condition(
// loadExpression,
// Expression.Constant(true, typeof(bool)),
// Expression.Constant(false, typeof(bool)));
MethodInfo whereMethodInfo = UtilityHelper.GetMethods("Where", type, 1).First().MakeGenericMethod(type);
Expression whereLambda = Expression.Lambda(loadExpression, parameterExpression);
loadExpression = Expression.Call(whereMethodInfo, new[] { sourceExpression, whereLambda });
}
else
{
loadExpression = sourceExpression;
}
}
else
{
loadExpression = sourceExpression;
}
return(loadExpression);
}
