private Authorization GetFromAuthorizationResource(RoleDefinitionDataProvider roleDP, ResourceAttribute resAttr)
        {
            Authorization auth = new Authorization()
            {
                ResourceName        = resAttr.Name,
                ResourceDescription = resAttr.Description,
            };

            auth.AllowedRoles.Add(new Role()
            {
                RoleId = RoleDefinitionDataProvider.SuperUserId
            });
            if (resAttr.Anonymous)
            {
                auth.AllowedRoles.Add(new Role()
                {
                    RoleId = roleDP.GetAnonymousRoleId()
                });
            }
            if (resAttr.User)
            {
                auth.AllowedRoles.Add(new Role()
                {
                    RoleId = roleDP.GetUserRoleId()
                });
            }
            if (resAttr.Editor)
            {
                auth.AllowedRoles.Add(new Role()
                {
                    RoleId = roleDP.GetEditorRoleId()
                });
            }
            if (resAttr.Administrator)
            {
                auth.AllowedRoles.Add(new Role()
                {
                    RoleId = roleDP.GetAdministratorRoleId()
                });
            }
            return(auth);
        }
        public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
        {
            // we need to check if this resource is protected

            if (string.IsNullOrEmpty(resourceName))
            {
                throw new InternalError("Missing resource name");
            }

            if (IsBackDoorWideOpen())
            {
                return(true);
            }
            if (YetaWFManager.IsDemo || Manager.IsDemoUser)
            {
                return(true);
            }

            // check if this is the superuser
            if (Manager.HasSuperUserRole)
            {
                return(true);
            }

            using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
                Authorization auth = await authDP.GetItemAsync(resourceName);

                if (auth == null)
                {
                    Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
                    throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
                    return(false);// not authorized, there is no such resource
#endif
                }
                RoleComparer roleComp = new RoleComparer();
                using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
                    if (!Manager.HaveUser)
                    {
                        // check if anonymous user allowed
                        if (auth.AllowedRoles.Contains(new Role {
                            RoleId = roleDP.GetAnonymousRoleId()
                        }, roleComp))
                        {
                            return(true);
                        }
                        return(false);
                    }
                    // authenticated user
                    // check if any authenticated user allowed
                    if (auth.AllowedRoles.Contains(new Role {
                        RoleId = roleDP.GetUserRoleId()
                    }, roleComp))
                    {
                        return(true);
                    }
                }

                string         userName = Manager.UserName;
                UserDefinition user     = (UserDefinition)Manager.UserObject;// get the saved user
                if (user == null)
                {
                    throw new InternalError("UserObject missing for authenticated user");
                }

                // check if this user is allowed
                if (auth.AllowedUsers.Contains(new User {
                    UserId = user.UserId
                }, new UserComparer()))
                {
                    return(true);
                }

                // check if this user is in a permitted role
                foreach (Role loginRole in user.RolesList)
                {
                    if (auth.AllowedRoles.Contains(new Role {
                        RoleId = loginRole.RoleId
                    }, roleComp))
                    {
                        return(true);
                    }
                }
            }            // simply not authorized
            return(false);
        }
 public int GetAnonymousRoleId()
 {
     using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
         return(roleDP.GetAnonymousRoleId());
     }
 }