private bool UserHasRightToDownload(EntityToken file) { var userToken = UserValidationFacade.GetUserToken(); var userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username); var userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username); var requiredPermissions = DownloadFileActionToken.RequiredPermissionTypes; return(SecurityResolver.Resolve(userToken, requiredPermissions, file, userPermissionDefinitions, userGroupPermissionDefinitions) == SecurityResult.Allowed); }
public static IEnumerable <Element> FilterActions(this IEnumerable <Element> elements) { if (elements == null) { throw new ArgumentNullException("elements"); } #if NO_SECURITY return(elements); #else UserToken userToken = UserValidationFacade.GetUserToken(); IEnumerable <UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username); IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinition = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username); foreach (Element element in elements) { if (PermissionTypeFacade.IsSubBrachContainingPermissionTypes(userToken, element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition)) { List <ElementAction> actionsToRemove = new List <ElementAction>(); foreach (ElementAction elementAction in element.Actions) { if (SecurityResolver.Resolve(userToken, elementAction.ActionHandle.ActionToken, element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed) { actionsToRemove.Add(elementAction); } } foreach (ElementAction elementAction in actionsToRemove) { element.RemoveAction(elementAction); } // Drag & drop security if (element.MovabilityInfo != null) { if (SecurityResolver.Resolve(userToken, new DragAndDropActionToken(), element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed) { element.RemoveMovabilityInfo(); } } yield return(element); } } #endif }
internal static IEnumerable <Element> FilterActions(this IEnumerable <Element> elements, UserToken userToken, ICollection <UserPermissionDefinition> userPermissionDefinitions, ICollection <UserGroupPermissionDefinition> userGroupPermissionDefinition) { Verify.ArgumentNotNull(elements, nameof(elements)); #if NO_SECURITY return(elements); #else foreach (var element in elements) { var actionsToRemove = new List <ElementAction>(); foreach (ElementAction elementAction in element.Actions) { if (SecurityResolver.Resolve(userToken, elementAction.ActionHandle.ActionToken, element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed) { actionsToRemove.Add(elementAction); } } foreach (ElementAction elementAction in actionsToRemove) { element.RemoveAction(elementAction); } // Drag & drop security if (element.MovabilityInfo != null) { if (SecurityResolver.Resolve(userToken, new DragAndDropActionToken(), element.ElementHandle.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition) == SecurityResult.Disallowed) { element.RemoveMovabilityInfo(); } } yield return(element); } #endif }
/// <exclude /> public static FlowToken Execute(EntityToken entityToken, ActionToken actionToken, FlowControllerServicesContainer flowControllerServicesContainer, TaskManagerEvent taskManagerEvent) { if (entityToken == null) { throw new ArgumentNullException("entityToken"); } if (actionToken == null) { throw new ArgumentNullException("actionToken"); } string username = UserValidationFacade.GetUsername(); #if NO_SECURITY #else HookingFacade.EnsureInitialization(); IEnumerable <UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(username); IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(username); SecurityResult securityResult = SecurityResolver.Resolve(UserValidationFacade.GetUserToken(), actionToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions); if (securityResult != SecurityResult.Allowed && !(entityToken is SecurityViolationWorkflowEntityToken)) { return(ExecuteSecurityViolation(actionToken, entityToken, flowControllerServicesContainer)); } #endif bool ignoreLocking = actionToken.IsIgnoreEntityTokenLocking(); if (!ignoreLocking && ActionLockingFacade.IsLocked(entityToken)) { return(ExecuteEntityTokenLocked(actionToken, entityToken, flowControllerServicesContainer)); } IActionExecutor actionExecutor = ActionExecutorCache.GetActionExecutor(actionToken); ActionEventSystemFacade.FireOnBeforeActionExecution(entityToken, actionToken); FlowToken flowToken; using (TaskContainer taskContainer = TaskManagerFacade.CreateNewTasks(entityToken, actionToken, taskManagerEvent)) { ITaskManagerFlowControllerService taskManagerService = null; if (flowControllerServicesContainer.GetService(typeof(ITaskManagerFlowControllerService)) == null) { taskManagerService = new TaskManagerFlowControllerService(taskContainer); flowControllerServicesContainer.AddService(taskManagerService); } try { if (actionExecutor is IActionExecutorSerializedParameters) { string serializedEntityToken = EntityTokenSerializer.Serialize(entityToken); string serializedActionToken = ActionTokenSerializer.Serialize(actionToken); flowToken = Execute(actionExecutor as IActionExecutorSerializedParameters, serializedEntityToken, serializedActionToken, actionToken, flowControllerServicesContainer); } else { flowToken = Execute(actionExecutor, entityToken, actionToken, flowControllerServicesContainer); } } finally { if (taskManagerService != null) { flowControllerServicesContainer.RemoveService(taskManagerService); } } taskContainer.SetOnIdleTaskManagerEvent(new FlowTaskManagerEvent(flowToken)); taskContainer.UpdateTasksWithFlowToken(flowToken); taskContainer.SaveTasks(); } ActionEventSystemFacade.FireOnAfterActionExecution(entityToken, actionToken, flowToken); IManagementConsoleMessageService managementConsoleMessageService = flowControllerServicesContainer .GetService <IManagementConsoleMessageService>(); if (managementConsoleMessageService != null) { FlowControllerFacade.RegisterNewFlowInformation(flowToken, entityToken, actionToken, managementConsoleMessageService.CurrentConsoleId); } else { Log.LogWarning(nameof(ActionExecutorFacade), "Missing ManagementConsoleMessageService, can not register the flow"); } return(flowToken); }