private PermissionPolicyRole CreateDefaultRole()
        {
            PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(role => role.Name == "Default");

            if (defaultRole == null)
            {
                defaultRole      = ObjectSpace.CreateObject <PermissionPolicyRole>();
                defaultRole.Name = "Default";

                defaultRole.AddObjectPermissionFromLambda <ApplicationUser>(SecurityOperations.Read, cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
                defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "StoredPassword", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
                defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);

                defaultRole.AddTypePermission(ObjectSpace.TypesInfo.FindTypeInfo("ClassLibrary1.PersistentClass1").Type, "Create;Read;Write", SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/PersistentClass1_ListView", SecurityPermissionState.Allow);
                defaultRole.AddTypePermission(ObjectSpace.TypesInfo.FindTypeInfo("ClassLibrary2.PersistentClass2").Type, SecurityOperations.Read, SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/PersistentClass2_ListView", SecurityPermissionState.Allow);
            }
            return(defaultRole);
        }
Exemple #2
0
        private PermissionPolicyRole CreateDefaultRole()
        {
            PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(role => role.Name == "Default");

            if (defaultRole == null)
            {
                defaultRole      = ObjectSpace.CreateObject <PermissionPolicyRole>();
                defaultRole.Name = "Default";
                defaultRole.AddObjectPermissionFromLambda <ApplicationUser>(SecurityOperations.Read, cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Department_ListView", SecurityPermissionState.Allow);
                defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Employee_ListView", SecurityPermissionState.Allow);
                defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "StoredPassword", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
                defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <Department>(SecurityOperations.Read, SecurityPermissionState.Deny);
                defaultRole.AddObjectPermissionFromLambda <Department>(SecurityOperations.Read, d => d.Title.Contains("Development"), SecurityPermissionState.Allow);
                defaultRole.AddTypePermissionsRecursively <Employee>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
                defaultRole.AddObjectPermissionFromLambda <Employee>(SecurityOperations.Delete, e => e.Department.Title.Contains("Development"), SecurityPermissionState.Allow);
                defaultRole.AddMemberPermissionFromLambda <Employee>(SecurityOperations.Write, "LastName", e => !e.Department.Title.Contains("Development"), SecurityPermissionState.Deny);
                defaultRole.AddActionPermission("RoleGeneratorAction");
            }
            return(defaultRole);
        }
Exemple #3
0
        private PermissionPolicyRole GetUserRole()
        {
            PermissionPolicyRole userRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(u => u.Name == DefaultUserRoleName);

            if (userRole == null)
            {
                userRole      = ObjectSpace.CreateObject <PermissionPolicyRole>();
                userRole.Name = DefaultUserRoleName;
                // Allow users to read departments only if their title contains 'Development'.
                const string protectedDepartment = "Development";
                userRole.AddObjectPermissionFromLambda <Department>(SecurityOperations.Read, t => !t.Title.Contains(protectedDepartment), SecurityPermissionState.Deny);
                // Allow users to read and modify employee records and their fields by criteria.
                userRole.AddTypePermissionsRecursively <Employee>(SecurityOperations.Read, SecurityPermissionState.Allow);
                userRole.AddTypePermissionsRecursively <Employee>(SecurityOperations.Write, SecurityPermissionState.Allow);

                userRole.AddObjectPermissionFromLambda <Employee>(SecurityOperations.Delete, t => t.Department.Title.Contains(protectedDepartment), SecurityPermissionState.Allow);
                userRole.AddMemberPermissionFromLambda <Employee>(SecurityOperations.Write, nameof(Employee.LastName), t => !t.Department.Title.Contains(protectedDepartment), SecurityPermissionState.Deny);
                // For more information on criteria language syntax (both string and strongly-typed formats), see https://docs.devexpress.com/CoreLibraries/4928/.
            }
            return(userRole);
        }