public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } SecuritySystemUser user = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Administrator")); if (user == null) { user = ObjectSpace.CreateObject <SecuritySystemUser>(); user.UserName = "******"; user.SetPassword(""); user.Roles.Add(adminRole); } }
public static SecuritySystemRole AddMemberAccessPermissionFluent <T>(this SecuritySystemRole securityRole, string members, SecurityOperationsFluentExtension securityOperation, string criteria = null) { if (String.IsNullOrEmpty(members)) { throw new ArgumentNullException(String.Format("Members arguments (Role {0} Type {1} ) is null or empty", securityRole.Name, typeof(T).FullName)); } if (typeof(T).IsInterface) { foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType())) { if (String.IsNullOrEmpty(criteria)) { securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation)); } else { securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation), criteria); } } return(securityRole); } if (String.IsNullOrEmpty(criteria)) { securityRole.AddMemberAccessPermission <T>(members, GetDescriptionAttribute(securityOperation)); } else { securityRole.AddMemberAccessPermission <T>(members, GetDescriptionAttribute(securityOperation), criteria); } return(securityRole); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); if (ObjectSpace.GetObjects <Issue>().Count == 0) { Issue issue1 = ObjectSpace.CreateObject <Issue>(); issue1.Subject = "Processed issue"; issue1.Active = false; Issue issue2 = ObjectSpace.CreateObject <Issue>(); issue2.Subject = "Active issue"; issue2.Active = true; } if (ObjectSpace.GetObjects <XpoWorkflowDefinition>().Count == 0) { XpoWorkflowDefinition definition = ObjectSpace.CreateObject <XpoWorkflowDefinition>(); definition.Name = "Create Task for active Issue"; definition.Xaml = GetXaml("WorkflowExample.Module.DatabaseUpdate.CreateTaskForActiveIssue.xml"); definition.TargetObjectType = typeof(Issue); definition.AutoStartWhenObjectFitsCriteria = true; definition.Criteria = "[Active] = True"; definition.IsActive = true; } SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; adminRole.Save(); } SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Administrator")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.SetPassword(""); adminUser.Roles.Add(adminRole); } SecuritySystemUser workflowServiceUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "WorkflowService")); if (workflowServiceUser == null) { workflowServiceUser = ObjectSpace.CreateObject <SecuritySystemUser>(); workflowServiceUser.UserName = "******"; workflowServiceUser.SetPassword(""); workflowServiceUser.Roles.Add(adminRole); } ObjectSpace.CommitChanges(); }
private SecuritySystemRole CreateDefaultRole() { SecuritySystemRole defaultRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (defaultRole == null) { defaultRole = ObjectSpace.CreateObject <SecuritySystemRole>(); defaultRole.Name = "Users"; defaultRole.IsAdministrative = true; } return(defaultRole); }
private SecuritySystemRole RolAdmin() { SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } return(adminRole); }
//Administrators can do everything within the application. private SecuritySystemRole GetAdministratorRole() { SecuritySystemRole administratorRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (administratorRole == null) { administratorRole = ObjectSpace.CreateObject <SecuritySystemRole>(); administratorRole.Name = "Administrators"; //Can access everything. administratorRole.IsAdministrative = true; } return(administratorRole); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin")); if (userAdmin == null) { userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>(); userAdmin.UserName = "******"; // Set a password if the standard authentication type is used userAdmin.SetPassword(""); } // If a role with the Administrators name doesn't exist in the database, create this role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = "Administrators"; } adminRole.IsAdministrative = true; userAdmin.Roles.Add(adminRole); if (ObjectSpace.Database.Contains("DB1")) { SecuritySystemUser sampleUser1 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User1")); if (sampleUser1 == null) { sampleUser1 = ObjectSpace.CreateObject <SecuritySystemUser>(); sampleUser1.UserName = "******"; sampleUser1.SetPassword(""); } SecuritySystemRole defaultRole = CreateDefaultRole(); sampleUser1.Roles.Add(defaultRole); } if (ObjectSpace.Database.Contains("DB2")) { SecuritySystemUser sampleUser2 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User2")); if (sampleUser2 == null) { sampleUser2 = ObjectSpace.CreateObject <SecuritySystemUser>(); sampleUser2.UserName = "******"; sampleUser2.SetPassword(""); } SecuritySystemRole defaultRole = CreateDefaultRole(); sampleUser2.Roles.Add(defaultRole); } ObjectSpace.CommitChanges(); }
public static SecuritySystemRole AddTypePermissionFluent <T>(this SecuritySystemRole securityRole, SecurityOperationsFluentExtension securityOperation) { if (typeof(T).IsInterface) { foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType())) { securityRole.SetTypePermissions(type, GetDescriptionAttribute(securityOperation), DevExpress.ExpressApp.Security.Strategy.SecuritySystemModifier.Allow); } return(securityRole); } securityRole.SetTypePermissions <T>(GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow); return(securityRole); }
public static SecuritySystemRole AddTypePermissionFluent(this SecuritySystemRole securityRole, List <Type> typeList, SecurityOperationsFluentExtension securityOperation) { foreach (var type in typeList) { if (type.IsInterface) { foreach (var classType in GetListTypesFromInterface(type, securityRole.GetType())) { securityRole.SetTypePermissions(classType, GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow); } continue; } securityRole.SetTypePermissions(type, GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow); } return(securityRole); }
public void Run() { SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; adminRole.Save(); } SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "admin")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.SetPassword(""); adminUser.Roles.Add(adminRole); } string name = "Bob"; DomainObject1 theObject = ObjectSpace.FindObject <DomainObject1>(CriteriaOperator.Parse("Name=?", name)); if (theObject == null) { theObject = ObjectSpace.CreateObject <DomainObject1>(); theObject.Name = name; theObject.Amount = 1000; theObject.Category1 = "Payments"; theObject.Category2 = "Other Payments"; theObject.TranDate = new DateTime(2014, 5, 6); } name = "Alice"; theObject = ObjectSpace.FindObject <DomainObject1>(CriteriaOperator.Parse("Name=?", name)); if (theObject == null) { theObject = ObjectSpace.CreateObject <DomainObject1>(); theObject.Name = name; theObject.Amount = 1000; theObject.Category1 = "Receipts"; theObject.Category2 = "Other Receipts"; theObject.TranDate = new DateTime(2014, 5, 5); } }
private SecuritySystemRole CreateDefaultRole() { SecuritySystemRole defaultRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Default")); if (defaultRole == null) { defaultRole = ObjectSpace.CreateObject <SecuritySystemRole>(); defaultRole.Name = "Default"; defaultRole.AddObjectAccessPermission <SecuritySystemUser>("[Oid] = CurrentUserId()", SecurityOperations.ReadOnlyAccess); defaultRole.AddMemberAccessPermission <SecuritySystemUser>("ChangePasswordOnFirstLogon", SecurityOperations.Write); defaultRole.AddMemberAccessPermission <SecuritySystemUser>("StoredPassword", SecurityOperations.Write); defaultRole.SetTypePermissionsRecursively <SecuritySystemRole>(SecurityOperations.Read, SecuritySystemModifier.Allow); defaultRole.SetTypePermissionsRecursively <AuditDataItemPersistent>(SecurityOperations.CRUDAccess, SecuritySystemModifier.Allow); } return(defaultRole); }
// Grant full access if permission object not found for the owner // note that if you want to grant full access, you need to delete the existing permissions object private void GrantFullAcccess(Type targetType, SecuritySystemRole role) { var opArArtfRecon = CriteriaOperator.Parse("TargetType = ? And Owner = ?", targetType, role); SecuritySystemTypePermissionObject typePermission = ObjectSpace.FindObject <SecuritySystemTypePermissionObject>(opArArtfRecon); if (typePermission == null) { typePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); typePermission.TargetType = targetType; typePermission.AllowCreate = true; typePermission.AllowDelete = true; typePermission.AllowNavigate = true; typePermission.AllowRead = true; typePermission.AllowWrite = true; role.TypePermissions.Add(typePermission); } }
private void PermisosTipos(List <Type> tipos, SecuritySystemRole rol, bool create, bool del, bool navigate, bool read, bool write) { foreach (Type tp in tipos) { SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = tp; userTypePermission.AllowCreate = create; userTypePermission.AllowDelete = del; userTypePermission.AllowNavigate = navigate; userTypePermission.AllowRead = read; userTypePermission.AllowWrite = write; rol.TypePermissions.Add(userTypePermission); } }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); string name = "MyName"; Contact theObject = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName=?", name)); if (theObject == null) { theObject = ObjectSpace.CreateObject <Contact>(); theObject.FirstName = name; } SecuritySystemUser sampleUser = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User")); if (sampleUser == null) { sampleUser = ObjectSpace.CreateObject <SecuritySystemUser>(); sampleUser.UserName = "******"; sampleUser.SetPassword(""); } SecuritySystemRole defaultRole = CreateDefaultRole(); sampleUser.Roles.Add(defaultRole); SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin")); if (userAdmin == null) { userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>(); userAdmin.UserName = "******"; // Set a password if the standard authentication type is used userAdmin.SetPassword(""); } // If a role with the Administrators name doesn't exist in the database, create this role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = "Administrators"; } adminRole.IsAdministrative = true; userAdmin.Roles.Add(adminRole); ObjectSpace.CommitChanges(); }
public static SecuritySystemRole AddObjectAccessPermissionFluent <T>(this SecuritySystemRole securityRole, SecurityOperationsFluentExtension securityOperation, string criteria) { if (String.IsNullOrEmpty(criteria)) { throw new ArgumentNullException("SecurityOperations or criteria arguments is null or empty"); } if (typeof(T).IsInterface) { foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType())) { securityRole.AddObjectAccessPermission(type, criteria, GetDescriptionAttribute(securityOperation)); } return(securityRole); } securityRole.AddObjectAccessPermission <T>(criteria, GetDescriptionAttribute(securityOperation)); return(securityRole); }
private void SetupSecurity() { // Administrative role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } // Administrator users SecuritySystemUser adminUser; adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "admin")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.Roles.Add(adminRole); } // Accounts Receivable role SecuritySystemRole arRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Accounts Receivable")); if (arRole == null) { arRole = ObjectSpace.CreateObject <SecuritySystemRole>(); arRole.Name = "Accounts Receivable"; arRole.IsAdministrative = false; } // Accounts Receivable Permissions // BankStmt GrantFullAcccess(typeof(Cash.BankStmt), arRole); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = "Administrators"; adminRole.IsAdministrative = true; } SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "Users"; userRole.SetTypePermissionsRecursively <object>(SecurityOperations.FullAccess, SecuritySystemModifier.Allow); } MyUser user1 = ObjectSpace.FindObject <MyUser>(new BinaryOperator("UserName", "Admin")); if (user1 == null) { user1 = ObjectSpace.CreateObject <MyUser>(); user1.UserName = "******"; user1.SetPassword(""); user1.Roles.Add(adminRole); } MyUser user2 = ObjectSpace.FindObject <MyUser>(new BinaryOperator("UserName", "User")); if (user2 == null) { user2 = ObjectSpace.CreateObject <MyUser>(); user2.UserName = "******"; user2.SetPassword(""); user2.Roles.Add(userRole); } }
public static SecuritySystemRole AddMemberAccessPermissionFluent(this SecuritySystemRole securityRole, List <Type> typeList, string members, SecurityOperationsFluentExtension securityOperation, string criteria = null) { if (String.IsNullOrEmpty(members)) { throw new ArgumentNullException(String.Format("Members arguments (EmployeeRole {0} list types ) is null or empty", securityRole.Name)); } foreach (var type in typeList) { if (type.IsInterface) { foreach (var classType in GetListTypesFromInterface(type, securityRole.GetType())) { if (String.IsNullOrEmpty(criteria)) { securityRole.AddMemberAccessPermission(classType, members, GetDescriptionAttribute(securityOperation)); } else { securityRole.AddMemberAccessPermission(classType, members, GetDescriptionAttribute(securityOperation), criteria); } } continue; } if (String.IsNullOrEmpty(criteria)) { securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation)); } else { securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation), criteria); } } return(securityRole); }
void CreateMemberLevelSecurityObjectPermissions(SecuritySystemRole securityDemoRole) { //We want to selectively assign Read/Write permission to members of MemberLevelSecurityObject class, so first we create a type permission that allows everything except Read/Write var memberLevelTypePermission = securityDemoRole.CreateTypePermission<MemberLevelSecurityObject>(o => { o.AllowCreate = true; o.AllowDelete = true; o.AllowNavigate = true; }, false); //Only for ReadWriteProperty,Name members we overwrite the Read/Write permissions we got from the TypePermission. All other members members will inherit permissions from the TypePermission Read/Write ==false memberLevelTypePermission.CreateMemberPermission(o => { o.AllowRead = true; o.AllowWrite = true; o.Members = "ReadWriteProperty; Name"; }, false); //Maybe this is not needed memberLevelTypePermission.CreateMemberPermission(o => o.Members = "ProtectedContentProperty; ProtectedContentCollection", false); //Only for ReadWriteProperty,Name members we overwrite the Read/Write permissions we got from the TypePermission. All other members members will inherit permissions from the TypePermission Read ==false memberLevelTypePermission.CreateMemberPermission(o => { o.AllowRead = true; o.Members = "ReadOnlyProperty; ReadOnlyCollection"; }, false); }
private void Usuarios() { SecuritySystemRole rolServs = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Servicios")); if (rolServs == null) { rolServs = ObjectSpace.CreateObject <SecuritySystemRole>(); rolServs.Name = "Servicios"; } if (rolServs.FindTypePermissionObject <Cliente>() == null) { List <Type> tipos = new List <Type>(); tipos.Clear(); tipos.Add(typeof(Cliente)); PermisosTipos(tipos, rolServs, true, true, true, true, true); } /* * SecuritySystemRole rolAlma = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Almacen")); * * if (rolAlma == null) * { * List<Type> tipos = new List<Type>(); * * * rolAlma = ObjectSpace.CreateObject<SecuritySystemRole>(); * rolAlma.Name = "Almacen"; * * / * * SecuritySystemTypePermissionObject userTypePermission = * ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>(); * userTypePermission.TargetType = typeof(SecuritySystemUser); * * SecuritySystemObjectPermissionsObject currentUserObjectPermission = * ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>(); * currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; * currentUserObjectPermission.AllowNavigate = true; * currentUserObjectPermission.AllowRead = true; * userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* / * * tipos.Clear(); * tipos.Add(typeof(MovimientoI)); * tipos.Add(typeof(Producto)); * tipos.Add(typeof(Marca)); * tipos.Add(typeof(Linea)); * tipos.Add(typeof(Unidad)); * tipos.Add(typeof(EsquemaImpuesto)); * tipos.Add(typeof(Moneda)); * tipos.Add(typeof(ConceptoMI)); * PermisosTipos(tipos, rolAlma, true, true, true, true, true); * * tipos.Clear(); * tipos.Add(typeof(Cliente)); * tipos.Add(typeof(Proveedor)); * tipos.Add(typeof(Direccion)); * PermisosTipos(tipos, rolAlma, false, false, true, true, true); * * tipos.Clear(); * tipos.Add(typeof(ExportaInvFis)); * PermisosTipos(tipos, rolAlma, true, false, true, true, true); * * tipos.Clear(); * tipos.Add(typeof(MyFileData)); * tipos.Add(typeof(FileData)); * PermisosTipos(tipos, rolAlma, true, true, false, true, true); * }*/ /* * SecuritySystemRole rolContab = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Contabilidad")); * * if (rolContab == null) * { * List<Type> tipos = new List<Type>(); * * * rolContab = ObjectSpace.CreateObject<SecuritySystemRole>(); * rolContab.Name = "Contabilidad"; * * / * * SecuritySystemTypePermissionObject userTypePermission = * ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>(); * userTypePermission.TargetType = typeof(SecuritySystemUser); * * SecuritySystemObjectPermissionsObject currentUserObjectPermission = * ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>(); * currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; * currentUserObjectPermission.AllowNavigate = true; * currentUserObjectPermission.AllowRead = true; * userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* / * * tipos.Clear(); * tipos.Add(typeof(Producto)); * tipos.Add(typeof(Cliente)); * tipos.Add(typeof(Documento)); * tipos.Add(typeof(DocumentoSalida)); * * PermisosTipos(tipos, rolContab, false, false, true, true, false); * }*/ /* * SecuritySystemRole rolAdmin = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Admin")); * * if (rolAdmin == null) * { * List<Type> tipos = new List<Type>(); * * * rolAdmin = ObjectSpace.CreateObject<SecuritySystemRole>(); * rolAdmin.Name = "Admin"; * * / * * SecuritySystemTypePermissionObject userTypePermission = * ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>(); * userTypePermission.TargetType = typeof(SecuritySystemUser); * * SecuritySystemObjectPermissionsObject currentUserObjectPermission = * ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>(); * currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; * currentUserObjectPermission.AllowNavigate = true; * currentUserObjectPermission.AllowRead = true; * userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* / * * tipos.Clear(); * tipos.Add(typeof(Direccion)); * tipos.Add(typeof(Compania)); * tipos.Add(typeof(ItemFormaP)); * tipos.Add(typeof(Documento)); * PermisosTipos(tipos, rolAdmin, true, true, false, true, true); * * tipos.Clear(); * tipos.Add(typeof(Clasificacion)); * tipos.Add(typeof(Cliente)); * tipos.Add(typeof(ConceptoCxc)); * tipos.Add(typeof(Cxc)); * tipos.Add(typeof(Vendedor)); * tipos.Add(typeof(Zona)); * * tipos.Add(typeof(LCap.Module.BusinessObjects.Empresa.Empresa)); * tipos.Add(typeof(Moneda)); * tipos.Add(typeof(POFolio)); * tipos.Add(typeof(POCertificado)); * tipos.Add(typeof(POCorreo)); * tipos.Add(typeof(POCompra)); * tipos.Add(typeof(Administracion)); * * tipos.Add(typeof(ConceptoMI)); * tipos.Add(typeof(Producto)); * tipos.Add(typeof(EsquemaImpuesto)); * tipos.Add(typeof(MovimientoI)); * tipos.Add(typeof(Linea)); * tipos.Add(typeof(Unidad)); * tipos.Add(typeof(Marca)); * tipos.Add(typeof(ExportaInvFis)); * * tipos.Add(typeof(Proveedor)); * tipos.Add(typeof(Cxp)); * tipos.Add(typeof(ConceptoCxp)); * * tipos.Add(typeof(DocumentoSalida)); * * tipos.Add(typeof(Analysis)); * * PermisosTipos(tipos, rolAdmin, true, true, true, true, true); * }*/ SecuritySystemUser userR = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "root")); if (userR == null) { userR = ObjectSpace.CreateObject <SecuritySystemUser>(); userR.UserName = "******"; // Set a password if the standard authentication type is used userR.SetPassword(""); } /* * SecuritySystemUser userS = ObjectSpace.FindObject<SecuritySystemUser>( * new BinaryOperator("UserName", "servicio")); * * if (userS == null) * { * userS = ObjectSpace.CreateObject<SecuritySystemUser>(); * userS.UserName = "******"; * // userS.SetPassword("servicio"); * }*/ /* * SecuritySystemUser userA = ObjectSpace.FindObject<SecuritySystemUser>( * new BinaryOperator("UserName", "almacen")); * * if (userA == null) * { * userA = ObjectSpace.CreateObject<SecuritySystemUser>(); * userA.UserName = "******"; * // Set a password if the standard authentication type is used * userA.SetPassword(""); * }*/ /* * SecuritySystemUser userCont = ObjectSpace.FindObject<SecuritySystemUser>( * new BinaryOperator("UserName", "contab")); * * if (userCont == null) * { * userCont = ObjectSpace.CreateObject<SecuritySystemUser>(); * userCont.UserName = "******"; * // Set a password if the standard authentication type is used * userCont.SetPassword(""); * }*/ /* * SecuritySystemUser userAdmin = ObjectSpace.FindObject<SecuritySystemUser>( * new BinaryOperator("UserName", "admin")); * * if (userAdmin == null) * { * userAdmin = ObjectSpace.CreateObject<SecuritySystemUser>(); * userAdmin.UserName = "******"; * // Set a password if the standard authentication type is used * userAdmin.SetPassword(""); * }*/ // ... // Add the "Administrators" Role to the user1 userR.Roles.Add(RolAdmin()); // userS.Roles.Add(rolServs); /* * userA.Roles.Add(rolAlma); * userCont.Roles.Add(rolContab); * userAdmin.Roles.Add(rolAdmin);*/ }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); UpdateAnalysisCriteriaColumn(); SecuritySystemRole defaultRole = CreateDefaultRole(); Position developerPosition = ObjectSpace.FindObject <Position>(CriteriaOperator.Parse("Title == 'Developer'")); if (developerPosition == null) { developerPosition = ObjectSpace.CreateObject <Position>(); developerPosition.Title = "Developer"; } Position managerPosition = ObjectSpace.FindObject <Position>(CriteriaOperator.Parse("Title == 'Manager'")); if (managerPosition == null) { managerPosition = ObjectSpace.CreateObject <Position>(); managerPosition.Title = "Manager"; } Department devDepartment = ObjectSpace.FindObject <Department>(CriteriaOperator.Parse("Title == 'Development Department'")); if (devDepartment == null) { devDepartment = ObjectSpace.CreateObject <Department>(); devDepartment.Title = "Development Department"; devDepartment.Office = "205"; devDepartment.Positions.Add(developerPosition); devDepartment.Positions.Add(managerPosition); } Contact contactMary = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName == 'Mary' && LastName == 'Tellitson'")); if (contactMary == null) { contactMary = ObjectSpace.CreateObject <Contact>(); contactMary.FirstName = "Mary"; contactMary.LastName = "Tellitson"; contactMary.Email = "*****@*****.**"; contactMary.Birthday = new DateTime(1980, 11, 27); contactMary.Department = devDepartment; contactMary.Position = managerPosition; } Contact contactJohn = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName == 'John' && LastName == 'Nilsen'")); if (contactJohn == null) { contactJohn = ObjectSpace.CreateObject <Contact>(); contactJohn.FirstName = "John"; contactJohn.LastName = "Nilsen"; contactJohn.Email = "*****@*****.**"; contactJohn.Birthday = new DateTime(1981, 10, 3); contactJohn.Department = devDepartment; contactJohn.Position = developerPosition; } if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Review reports'")) == null) { DemoTask task = ObjectSpace.CreateObject <DemoTask>(); task.Subject = "Review reports"; task.AssignedTo = contactJohn; task.StartDate = DateTime.Parse("May 03, 2008"); task.DueDate = DateTime.Parse("September 06, 2008"); task.Status = DevExpress.Persistent.Base.General.TaskStatus.InProgress; task.Priority = Priority.High; task.EstimatedWork = 60; task.Description = "Analyse the reports and assign new tasks to employees."; } if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Fix breakfast'")) == null) { DemoTask task = ObjectSpace.CreateObject <DemoTask>(); task.Subject = "Fix breakfast"; task.AssignedTo = contactMary; task.StartDate = DateTime.Parse("May 03, 2008"); task.DueDate = DateTime.Parse("May 04, 2008"); task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed; task.Priority = Priority.Low; task.EstimatedWork = 1; task.ActualWork = 3; task.Description = "The Development Department - by 9 a.m.\r\nThe R&QA Department - by 10 a.m."; } if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Task1'")) == null) { DemoTask task = ObjectSpace.CreateObject <DemoTask>(); task.Subject = "Task1"; task.AssignedTo = contactJohn; task.StartDate = DateTime.Parse("June 03, 2008"); task.DueDate = DateTime.Parse("June 06, 2008"); task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed; task.Priority = Priority.High; task.EstimatedWork = 10; task.ActualWork = 15; task.Description = "A task designed specially to demonstrate the PivotChart module. Switch to the Reports navigation group to view the generated analysis."; } if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Task2'")) == null) { DemoTask task = ObjectSpace.CreateObject <DemoTask>(); task.Subject = "Task2"; task.AssignedTo = contactJohn; task.StartDate = DateTime.Parse("July 03, 2008"); task.DueDate = DateTime.Parse("July 06, 2008"); task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed; task.Priority = Priority.Low; task.EstimatedWork = 8; task.ActualWork = 16; task.Description = "A task designed specially to demonstrate the PivotChart module. Switch to the Reports navigation group to view the generated analysis."; } UpdateStatus("CreateAnalysis", "", "Creating analysis reports in the database..."); CreateDataToBeAnalysed(); UpdateStatus("CreateSecurityData", "", "Creating users and roles in the database..."); #region Create a User for the Simple Security Strategy //// If a simple user named 'Sam' doesn't exist in the database, create this simple user //SecuritySimpleUser adminUser = ObjectSpace.FindObject<SecuritySimpleUser>(new BinaryOperator("UserName", "Sam")); //if(adminUser == null) { // adminUser = ObjectSpace.CreateObject<SecuritySimpleUser>(); // adminUser.UserName = "******"; //} //// Make the user an administrator //adminUser.IsAdministrator = true; //// Set a password if the standard authentication type is used //adminUser.SetPassword(""); #endregion #region Create Users for the Complex Security Strategy // If a user named 'Sam' doesn't exist in the database, create this user SecuritySystemUser user1 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Sam")); if (user1 == null) { user1 = ObjectSpace.CreateObject <SecuritySystemUser>(); user1.UserName = "******"; // Set a password if the standard authentication type is used user1.SetPassword(""); } // If a user named 'John' doesn't exist in the database, create this user SecuritySystemUser user2 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "John")); if (user2 == null) { user2 = ObjectSpace.CreateObject <SecuritySystemUser>(); user2.UserName = "******"; // Set a password if the standard authentication type is used user2.SetPassword(""); } // If a role with the Administrators name doesn't exist in the database, create this role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = "Administrators"; } adminRole.IsAdministrative = true; // If a role with the Users name doesn't exist in the database, create this role SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "Users"; } userRole.SetTypePermissionsRecursively <object>(SecurityOperations.FullAccess, SecuritySystemModifier.Allow); userRole.SetTypePermissionsRecursively <SecuritySystemUser>(SecurityOperations.FullAccess, SecuritySystemModifier.Deny); userRole.SetTypePermissionsRecursively <SecuritySystemRole>(SecurityOperations.FullAccess, SecuritySystemModifier.Deny); // Add the Administrators role to the user1 user1.Roles.Add(adminRole); // Add the Users role to the user2 user2.Roles.Add(userRole); user2.Roles.Add(defaultRole); #endregion ObjectSpace.CommitChanges(); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); if (ObjectSpace.CreateCollection(typeof(Company)).Count == 0) { SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "User")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); userRole.TypePermissions.Add(userTypePermission); SecuritySystemTypePermissionObject validatedObjectTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); validatedObjectTypePermission.TargetType = typeof(ValidatedObject); validatedObjectTypePermission.AllowWrite = true; validatedObjectTypePermission.AllowNavigate = true; validatedObjectTypePermission.AllowCreate = true; validatedObjectTypePermission.AllowDelete = true; validatedObjectTypePermission.AllowRead = true; userRole.TypePermissions.Add(validatedObjectTypePermission); SecuritySystemTypePermissionObject companyTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); companyTypePermission.TargetType = typeof(Company); companyTypePermission.AllowRead = true; userRole.TypePermissions.Add(companyTypePermission); } Employee admin = ObjectSpace.CreateObject <Employee>(); admin.UserName = "******"; admin.SetPassword(""); admin.Roles.Add(adminRole); admin.Save(); Company company1 = ObjectSpace.CreateObject <Company>(); company1.Name = "Company 1"; company1.Employees.Add(admin); company1.Save(); Employee user = ObjectSpace.CreateObject <Employee>(); user.UserName = "******"; user.SetPassword(""); user.Roles.Add(userRole); user.Save(); Employee user2 = ObjectSpace.CreateObject <Employee>(); user2.UserName = "******"; user2.SetPassword(""); user2.Roles.Add(userRole); user2.Save(); Company company2 = ObjectSpace.CreateObject <Company>(); company2.Name = "Company 2"; company2.Employees.Add(user); company2.Employees.Add(user2); company2.Save(); } }
//Users can access and partially edit data (no create and delete capabilities) from their own department. private SecuritySystemRole GetUserRole() { SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "Users"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(Employee); userRole.TypePermissions.Add(userTypePermission); SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true; canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;"; canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()"; canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString(); canEditOwnUserMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission); SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;"; canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission); SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); roleTypePermission.TargetType = typeof(SecuritySystemRole); roleTypePermission.AllowRead = true; userRole.TypePermissions.Add(roleTypePermission); SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); taskTypePermission.TargetType = typeof(EmployeeTask); taskTypePermission.AllowNavigate = true; userRole.TypePermissions.Add(taskTypePermission); SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditTaskAssociationsMemberPermission.Members = "AssignedTo;"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditTaskAssociationsMemberPermission.AllowWrite = true; taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission); SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true; taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); departmentTypePermission.TargetType = typeof(Department); userRole.TypePermissions.Add(departmentTypePermission); SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewOwnDepartmentObjectPermission.AllowNavigate = true; canViewOwnDepartmentObjectPermission.AllowRead = true; canViewOwnDepartmentObjectPermission.Save(); departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditAssociationsMemberPermission.Members = "Employees;"; canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditAssociationsMemberPermission.AllowWrite = true; departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission); } return(userRole); }
//Managers can access and fully edit (including create and delete capabilities) data from their own department. However, they cannot access data from other departments. private SecuritySystemRole GetManagerRole() { SecuritySystemRole managerRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Managers")); if (managerRole == null) { managerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); managerRole.Name = "Managers"; managerRole.ChildRoles.Add(GetUserRole()); SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); departmentTypePermission.TargetType = typeof(Department); departmentTypePermission.AllowNavigate = true; managerRole.TypePermissions.Add(departmentTypePermission); SecuritySystemObjectPermissionsObject canEditOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canEditOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditOwnDepartmentObjectPermission.AllowNavigate = true; canEditOwnDepartmentObjectPermission.AllowRead = true; canEditOwnDepartmentObjectPermission.AllowWrite = true; canEditOwnDepartmentObjectPermission.AllowDelete = true; canEditOwnDepartmentObjectPermission.Save(); departmentTypePermission.ObjectPermissions.Add(canEditOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject employeeTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); employeeTypePermission.TargetType = typeof(Employee); employeeTypePermission.AllowNavigate = true; employeeTypePermission.AllowCreate = true; managerRole.TypePermissions.Add(employeeTypePermission); SecuritySystemObjectPermissionsObject canEditEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Employees[Oid=CurrentUserId()]"; //canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("Department")) | new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString(); canEditEmployeesFromOwnDepartmentObjectPermission.AllowWrite = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowDelete = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowRead = true; canEditEmployeesFromOwnDepartmentObjectPermission.Save(); employeeTypePermission.ObjectPermissions.Add(canEditEmployeesFromOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); taskTypePermission.TargetType = typeof(EmployeeTask); taskTypePermission.AllowNavigate = true; taskTypePermission.AllowCreate = true; managerRole.TypePermissions.Add(taskTypePermission); SecuritySystemObjectPermissionsObject canEditTasksOnlyFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Employees[Oid=CurrentUserId()]"; //canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("AssignedTo")) | new NullOperator(new OperandProperty("AssignedTo.Department")) | new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString(); canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowNavigate = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowRead = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowWrite = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowDelete = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.Save(); taskTypePermission.ObjectPermissions.Add(canEditTasksOnlyFromOwnDepartmentObjectPermission); } return(managerRole); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); // Administrative role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } // Administrator user SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Administrator")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.SetPassword(""); adminUser.Roles.Add(adminRole); } // A role whith type-level permissions SecuritySystemRole contactsManagerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contacts Manager")); if (contactsManagerRole == null) { contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactsManagerRole.Name = "Contacts Manager"; SecuritySystemTypePermissionObject contactTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactTypePermission.TargetType = typeof(Contact); contactTypePermission.AllowCreate = true; contactTypePermission.AllowDelete = true; contactTypePermission.AllowNavigate = true; contactTypePermission.AllowRead = true; contactTypePermission.AllowWrite = true; contactsManagerRole.TypePermissions.Add(contactTypePermission); } SecuritySystemUser userSam = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Sam")); if (userSam == null) { userSam = ObjectSpace.CreateObject <SecuritySystemUser>(); userSam.UserName = "******"; userSam.SetPassword(""); userSam.Roles.Add(contactsManagerRole); } // A role with object-level permissions SecuritySystemRole basicUserRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Basic User")); if (basicUserRole == null) { basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>(); basicUserRole.Name = "Basic User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); basicUserRole.TypePermissions.Add(userTypePermission); } SecuritySystemUser userJohn = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "John")); if (userJohn == null) { userJohn = ObjectSpace.CreateObject <SecuritySystemUser>(); userJohn.UserName = "******"; userJohn.SetPassword(""); userJohn.Roles.Add(basicUserRole); } // A role with member-level permissions SecuritySystemRole contactViewerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contact Viewer")); if (contactViewerRole == null) { contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactViewerRole.Name = "Contact Viewer"; SecuritySystemTypePermissionObject contactLimitedTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactLimitedTypePermission.TargetType = typeof(Contact); contactLimitedTypePermission.AllowNavigate = true; SecuritySystemMemberPermissionsObject contactMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); contactMemberPermission.Members = "Name"; contactMemberPermission.AllowRead = true; contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission); contactViewerRole.TypePermissions.Add(contactLimitedTypePermission); } SecuritySystemUser userBill = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Bill")); if (userBill == null) { userBill = ObjectSpace.CreateObject <SecuritySystemUser>(); userBill.UserName = "******"; userBill.SetPassword(""); userBill.Roles.Add(contactViewerRole); } // Contact objects are created for demo purposes Contact contactMary = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "Mary Tellitson")); if (contactMary == null) { contactMary = ObjectSpace.CreateObject <Contact>(); contactMary.Name = "Mary Tellitson"; contactMary.Email = "*****@*****.**"; } Contact contactJohn = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "John Nilsen")); if (contactJohn == null) { contactJohn = ObjectSpace.CreateObject <Contact>(); contactJohn.Name = "John Nilsen"; contactJohn.Email = "*****@*****.**"; } ObjectSpace.CommitChanges(); }
void SetPermissions(SecuritySystemRole employersRole) { employersRole.SetTypePermissions<ReportData>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow); employersRole.CreatePermissionBehaviour(PermissionBehavior.ReadOnlyAccess, (role, info) => role.SetTypePermissions(info.Type, SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow)); }
void CreateNavigateObjectLevelSecurityObjectPermissions(SecuritySystemRole securityDemoRole) { //We want to allow operations for objects that fit in a criterion, so first we create a TypePermission that allows no operation except Navigate var navigateObjectLevelSecurityObjectTypePermission = securityDemoRole.CreateTypePermission<ObjectLevelSecurityObject>(o => { o.AllowNavigate = true; }, false); //We create an ObjectPermission that allows all operations for ObjectLevelSecurityObjects that fit to [Name] Like '%Fully Accessible%' navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission( o => { o.Criteria = "[Name] Like '%Fully Accessible%'"; }); //We create an ObjectPermission that allows only Navigate for ObjectLevelSecurityObjects that fit to [Name] Like '%Protected%' navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => { o.AllowNavigate = true; o.Criteria = "[Name] Like '%Protected%'"; }, false); //We create an ObjectPermission that allows only Navigate/Read for ObjectLevelSecurityObjects that fit to [Name] Like '%Read-Only%'' navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => { o.Criteria = "[Name] Like '%Read-Only%'"; o.AllowNavigate = true; o.AllowRead = true; }, false); //We create an ObjectPermission that allows only Navigate/Read/Write for ObjectLevelSecurityObjects that fit to [Name] Like '%Read-Only%'' navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => { o.Criteria = "[Name] Like '%Protected Deletion%'"; o.AllowNavigate = true; o.AllowRead = true; o.AllowWrite = true; }, false); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); //string name = "MyName"; //DomainObject1 theObject = ObjectSpace.FindObject<DomainObject1>(CriteriaOperator.Parse("Name=?", name)); //if(theObject == null) { // theObject = ObjectSpace.CreateObject<DomainObject1>(); // theObject.Name = name; //} SecuritySystemUser sampleUser = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User")); if (sampleUser == null) { sampleUser = ObjectSpace.CreateObject <SecuritySystemUser>(); sampleUser.UserName = "******"; sampleUser.SetPassword(""); } SecuritySystemRole defaultRole = CreateDefaultRole(); sampleUser.Roles.Add(defaultRole); SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin")); if (userAdmin == null) { userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>(); userAdmin.UserName = "******"; // Set a password if the standard authentication type is used userAdmin.SetPassword(""); } // If a role with the Administrators name doesn't exist in the database, create this role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = "Administrators"; // Seed demo data ObjectSpace.CreateObject <BusinessUnit>().Name = "RRHH"; ObjectSpace.CreateObject <BusinessUnit>().Name = "IT"; ObjectSpace.CreateObject <BusinessUnit>().Name = "COMERCIAL"; ObjectSpace.CreateObject <Period>().Name = "2020"; ObjectSpace.CreateObject <Period>().Name = "2018"; ObjectSpace.CreateObject <ServiceType>().Name = "Pago de planilla"; ObjectSpace.CreateObject <ServiceType>().Name = "Envio de SMS"; ObjectSpace.CreateObject <ServiceLocation>().Name = "Central"; ObjectSpace.CreateObject <ServiceLocation>().Name = "Local"; Department sczDepartment = ObjectSpace.CreateObject <Department>(); sczDepartment.Name = "Santa Cruz"; ObjectSpace.CreateObject <Department>().Name = "La Paz"; UserService sczUserService = ObjectSpace.CreateObject <UserService>(); sczUserService.Department = sczDepartment; sczUserService.Agency = "Norte"; sczUserService.Count = ">10000"; ObjectSpace.CreateObject <AppService>().Name = "Cosim ERP"; } adminRole.IsAdministrative = true; userAdmin.Roles.Add(adminRole); ObjectSpace.CommitChanges(); //This line persists created object(s). }
void SetPermissions(SecuritySystemRole employersRole) { employersRole.SetTypePermissions <ReportData>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow); employersRole.CreatePermissionBehaviour(PermissionBehavior.ReadOnlyAccess, (role, info) => role.SetTypePermissions(info.Type, SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow)); }