private bool UserHasRightToDownload(EntityToken file)
{
var userToken = UserValidationFacade.GetUserToken();
var userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username);
var userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username);
var requiredPermissions = DownloadFileActionToken.RequiredPermissionTypes;
return(SecurityResolver.Resolve(userToken, requiredPermissions, file, userPermissionDefinitions, userGroupPermissionDefinitions)
== SecurityResult.Allowed);
}
public static IEnumerable <Element> FilterActions(this IEnumerable <Element> elements)
{
if (elements == null)
{
throw new ArgumentNullException("elements");
}
#if NO_SECURITY
return(elements);
#else
UserToken userToken = UserValidationFacade.GetUserToken();
IEnumerable <UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username);
IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinition = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username);
foreach (Element element in elements)
{
if (PermissionTypeFacade.IsSubBrachContainingPermissionTypes(userToken, element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition))
{
List <ElementAction> actionsToRemove = new List <ElementAction>();
foreach (ElementAction elementAction in element.Actions)
{
if (SecurityResolver.Resolve(userToken, elementAction.ActionHandle.ActionToken, element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed)
{
actionsToRemove.Add(elementAction);
}
}
foreach (ElementAction elementAction in actionsToRemove)
{
element.RemoveAction(elementAction);
}
// Drag & drop security
if (element.MovabilityInfo != null)
{
if (SecurityResolver.Resolve(userToken, new DragAndDropActionToken(), element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed)
{
element.RemoveMovabilityInfo();
}
}
yield return(element);
}
}
#endif
}
internal static IEnumerable <Element> FilterActions(this IEnumerable <Element> elements,
UserToken userToken,
ICollection <UserPermissionDefinition> userPermissionDefinitions,
ICollection <UserGroupPermissionDefinition> userGroupPermissionDefinition)
{
Verify.ArgumentNotNull(elements, nameof(elements));
#if NO_SECURITY
return(elements);
#else
foreach (var element in elements)
{
var actionsToRemove = new List <ElementAction>();
foreach (ElementAction elementAction in element.Actions)
{
if (SecurityResolver.Resolve(userToken, elementAction.ActionHandle.ActionToken,
element.ElementHandle.EntityToken, userPermissionDefinitions,
userGroupPermissionDefinition) == SecurityResult.Disallowed)
{
actionsToRemove.Add(elementAction);
}
}
foreach (ElementAction elementAction in actionsToRemove)
{
element.RemoveAction(elementAction);
}
// Drag & drop security
if (element.MovabilityInfo != null)
{
if (SecurityResolver.Resolve(userToken, new DragAndDropActionToken(),
element.ElementHandle.EntityToken, userPermissionDefinitions,
userGroupPermissionDefinition) == SecurityResult.Disallowed)
{
element.RemoveMovabilityInfo();
}
}
yield return(element);
}
#endif
}
/// <exclude />
public static FlowToken Execute(EntityToken entityToken, ActionToken actionToken, FlowControllerServicesContainer flowControllerServicesContainer, TaskManagerEvent taskManagerEvent)
{
if (entityToken == null)
{
throw new ArgumentNullException("entityToken");
}
if (actionToken == null)
{
throw new ArgumentNullException("actionToken");
}
string username = UserValidationFacade.GetUsername();
#if NO_SECURITY
#else
HookingFacade.EnsureInitialization();
IEnumerable <UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(username);
IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(username);
SecurityResult securityResult = SecurityResolver.Resolve(UserValidationFacade.GetUserToken(), actionToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions);
if (securityResult != SecurityResult.Allowed && !(entityToken is SecurityViolationWorkflowEntityToken))
{
return(ExecuteSecurityViolation(actionToken, entityToken, flowControllerServicesContainer));
}
#endif
bool ignoreLocking = actionToken.IsIgnoreEntityTokenLocking();
if (!ignoreLocking && ActionLockingFacade.IsLocked(entityToken))
{
return(ExecuteEntityTokenLocked(actionToken, entityToken, flowControllerServicesContainer));
}
IActionExecutor actionExecutor = ActionExecutorCache.GetActionExecutor(actionToken);
ActionEventSystemFacade.FireOnBeforeActionExecution(entityToken, actionToken);
FlowToken flowToken;
using (TaskContainer taskContainer = TaskManagerFacade.CreateNewTasks(entityToken, actionToken, taskManagerEvent))
{
ITaskManagerFlowControllerService taskManagerService = null;
if (flowControllerServicesContainer.GetService(typeof(ITaskManagerFlowControllerService)) == null)
{
taskManagerService = new TaskManagerFlowControllerService(taskContainer);
flowControllerServicesContainer.AddService(taskManagerService);
}
try
{
if (actionExecutor is IActionExecutorSerializedParameters)
{
string serializedEntityToken = EntityTokenSerializer.Serialize(entityToken);
string serializedActionToken = ActionTokenSerializer.Serialize(actionToken);
flowToken = Execute(actionExecutor as IActionExecutorSerializedParameters,
serializedEntityToken, serializedActionToken, actionToken,
flowControllerServicesContainer);
}
else
{
flowToken = Execute(actionExecutor, entityToken, actionToken,
flowControllerServicesContainer);
}
}
finally
{
if (taskManagerService != null)
{
flowControllerServicesContainer.RemoveService(taskManagerService);
}
}
taskContainer.SetOnIdleTaskManagerEvent(new FlowTaskManagerEvent(flowToken));
taskContainer.UpdateTasksWithFlowToken(flowToken);
taskContainer.SaveTasks();
}
ActionEventSystemFacade.FireOnAfterActionExecution(entityToken, actionToken, flowToken);
IManagementConsoleMessageService managementConsoleMessageService = flowControllerServicesContainer
.GetService <IManagementConsoleMessageService>();
if (managementConsoleMessageService != null)
{
FlowControllerFacade.RegisterNewFlowInformation(flowToken, entityToken, actionToken,
managementConsoleMessageService.CurrentConsoleId);
}
else
{
Log.LogWarning(nameof(ActionExecutorFacade), "Missing ManagementConsoleMessageService, can not register the flow");
}
return(flowToken);
}
