public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
SecuritySystemRole adminRole =
ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
SecuritySystemUser user =
ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Administrator"));
if (user == null)
{
user = ObjectSpace.CreateObject <SecuritySystemUser>();
user.UserName = "******";
user.SetPassword("");
user.Roles.Add(adminRole);
}
}
public static SecuritySystemRole AddMemberAccessPermissionFluent <T>(this SecuritySystemRole securityRole, string members, SecurityOperationsFluentExtension securityOperation, string criteria = null)
{
if (String.IsNullOrEmpty(members))
{
throw new ArgumentNullException(String.Format("Members arguments (Role {0} Type {1} ) is null or empty", securityRole.Name, typeof(T).FullName));
}
if (typeof(T).IsInterface)
{
foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType()))
{
if (String.IsNullOrEmpty(criteria))
{
securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation));
}
else
{
securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation), criteria);
}
}
return(securityRole);
}
if (String.IsNullOrEmpty(criteria))
{
securityRole.AddMemberAccessPermission <T>(members, GetDescriptionAttribute(securityOperation));
}
else
{
securityRole.AddMemberAccessPermission <T>(members, GetDescriptionAttribute(securityOperation), criteria);
}
return(securityRole);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
if (ObjectSpace.GetObjects <Issue>().Count == 0)
{
Issue issue1 = ObjectSpace.CreateObject <Issue>();
issue1.Subject = "Processed issue";
issue1.Active = false;
Issue issue2 = ObjectSpace.CreateObject <Issue>();
issue2.Subject = "Active issue";
issue2.Active = true;
}
if (ObjectSpace.GetObjects <XpoWorkflowDefinition>().Count == 0)
{
XpoWorkflowDefinition definition = ObjectSpace.CreateObject <XpoWorkflowDefinition>();
definition.Name = "Create Task for active Issue";
definition.Xaml = GetXaml("WorkflowExample.Module.DatabaseUpdate.CreateTaskForActiveIssue.xml");
definition.TargetObjectType = typeof(Issue);
definition.AutoStartWhenObjectFitsCriteria = true;
definition.Criteria = "[Active] = True";
definition.IsActive = true;
}
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
adminRole.Save();
}
SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Administrator"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.SetPassword("");
adminUser.Roles.Add(adminRole);
}
SecuritySystemUser workflowServiceUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "WorkflowService"));
if (workflowServiceUser == null)
{
workflowServiceUser = ObjectSpace.CreateObject <SecuritySystemUser>();
workflowServiceUser.UserName = "******";
workflowServiceUser.SetPassword("");
workflowServiceUser.Roles.Add(adminRole);
}
ObjectSpace.CommitChanges();
}
private SecuritySystemRole CreateDefaultRole()
{
SecuritySystemRole defaultRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <SecuritySystemRole>();
defaultRole.Name = "Users";
defaultRole.IsAdministrative = true;
}
return(defaultRole);
}
private SecuritySystemRole RolAdmin()
{
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
return(adminRole);
}
//Administrators can do everything within the application.
private SecuritySystemRole GetAdministratorRole()
{
SecuritySystemRole administratorRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (administratorRole == null)
{
administratorRole = ObjectSpace.CreateObject <SecuritySystemRole>();
administratorRole.Name = "Administrators";
//Can access everything.
administratorRole.IsAdministrative = true;
}
return(administratorRole);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin"));
if (userAdmin == null)
{
userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>();
userAdmin.UserName = "******";
// Set a password if the standard authentication type is used
userAdmin.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = "Administrators";
}
adminRole.IsAdministrative = true;
userAdmin.Roles.Add(adminRole);
if (ObjectSpace.Database.Contains("DB1"))
{
SecuritySystemUser sampleUser1 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User1"));
if (sampleUser1 == null)
{
sampleUser1 = ObjectSpace.CreateObject <SecuritySystemUser>();
sampleUser1.UserName = "******";
sampleUser1.SetPassword("");
}
SecuritySystemRole defaultRole = CreateDefaultRole();
sampleUser1.Roles.Add(defaultRole);
}
if (ObjectSpace.Database.Contains("DB2"))
{
SecuritySystemUser sampleUser2 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User2"));
if (sampleUser2 == null)
{
sampleUser2 = ObjectSpace.CreateObject <SecuritySystemUser>();
sampleUser2.UserName = "******";
sampleUser2.SetPassword("");
}
SecuritySystemRole defaultRole = CreateDefaultRole();
sampleUser2.Roles.Add(defaultRole);
}
ObjectSpace.CommitChanges();
}
public static SecuritySystemRole AddTypePermissionFluent <T>(this SecuritySystemRole securityRole, SecurityOperationsFluentExtension securityOperation)
{
if (typeof(T).IsInterface)
{
foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType()))
{
securityRole.SetTypePermissions(type, GetDescriptionAttribute(securityOperation), DevExpress.ExpressApp.Security.Strategy.SecuritySystemModifier.Allow);
}
return(securityRole);
}
securityRole.SetTypePermissions <T>(GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow);
return(securityRole);
}
public static SecuritySystemRole AddTypePermissionFluent(this SecuritySystemRole securityRole, List <Type> typeList, SecurityOperationsFluentExtension securityOperation)
{
foreach (var type in typeList)
{
if (type.IsInterface)
{
foreach (var classType in GetListTypesFromInterface(type, securityRole.GetType()))
{
securityRole.SetTypePermissions(classType, GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow);
}
continue;
}
securityRole.SetTypePermissions(type, GetDescriptionAttribute(securityOperation), SecuritySystemModifier.Allow);
}
return(securityRole);
}
public void Run()
{
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
adminRole.Save();
}
SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "admin"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.SetPassword("");
adminUser.Roles.Add(adminRole);
}
string name = "Bob";
DomainObject1 theObject = ObjectSpace.FindObject <DomainObject1>(CriteriaOperator.Parse("Name=?", name));
if (theObject == null)
{
theObject = ObjectSpace.CreateObject <DomainObject1>();
theObject.Name = name;
theObject.Amount = 1000;
theObject.Category1 = "Payments";
theObject.Category2 = "Other Payments";
theObject.TranDate = new DateTime(2014, 5, 6);
}
name = "Alice";
theObject = ObjectSpace.FindObject <DomainObject1>(CriteriaOperator.Parse("Name=?", name));
if (theObject == null)
{
theObject = ObjectSpace.CreateObject <DomainObject1>();
theObject.Name = name;
theObject.Amount = 1000;
theObject.Category1 = "Receipts";
theObject.Category2 = "Other Receipts";
theObject.TranDate = new DateTime(2014, 5, 5);
}
}
private SecuritySystemRole CreateDefaultRole()
{
SecuritySystemRole defaultRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Default"));
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <SecuritySystemRole>();
defaultRole.Name = "Default";
defaultRole.AddObjectAccessPermission <SecuritySystemUser>("[Oid] = CurrentUserId()", SecurityOperations.ReadOnlyAccess);
defaultRole.AddMemberAccessPermission <SecuritySystemUser>("ChangePasswordOnFirstLogon", SecurityOperations.Write);
defaultRole.AddMemberAccessPermission <SecuritySystemUser>("StoredPassword", SecurityOperations.Write);
defaultRole.SetTypePermissionsRecursively <SecuritySystemRole>(SecurityOperations.Read, SecuritySystemModifier.Allow);
defaultRole.SetTypePermissionsRecursively <AuditDataItemPersistent>(SecurityOperations.CRUDAccess, SecuritySystemModifier.Allow);
}
return(defaultRole);
}
// Grant full access if permission object not found for the owner
// note that if you want to grant full access, you need to delete the existing permissions object
private void GrantFullAcccess(Type targetType, SecuritySystemRole role)
{
var opArArtfRecon = CriteriaOperator.Parse("TargetType = ? And Owner = ?",
targetType, role);
SecuritySystemTypePermissionObject typePermission = ObjectSpace.FindObject <SecuritySystemTypePermissionObject>(opArArtfRecon);
if (typePermission == null)
{
typePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
typePermission.TargetType = targetType;
typePermission.AllowCreate = true;
typePermission.AllowDelete = true;
typePermission.AllowNavigate = true;
typePermission.AllowRead = true;
typePermission.AllowWrite = true;
role.TypePermissions.Add(typePermission);
}
}
private void PermisosTipos(List <Type> tipos, SecuritySystemRole rol, bool create, bool del, bool navigate, bool read, bool write)
{
foreach (Type tp in tipos)
{
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = tp;
userTypePermission.AllowCreate = create;
userTypePermission.AllowDelete = del;
userTypePermission.AllowNavigate = navigate;
userTypePermission.AllowRead = read;
userTypePermission.AllowWrite = write;
rol.TypePermissions.Add(userTypePermission);
}
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
string name = "MyName";
Contact theObject = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName=?", name));
if (theObject == null)
{
theObject = ObjectSpace.CreateObject <Contact>();
theObject.FirstName = name;
}
SecuritySystemUser sampleUser = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User"));
if (sampleUser == null)
{
sampleUser = ObjectSpace.CreateObject <SecuritySystemUser>();
sampleUser.UserName = "******";
sampleUser.SetPassword("");
}
SecuritySystemRole defaultRole = CreateDefaultRole();
sampleUser.Roles.Add(defaultRole);
SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin"));
if (userAdmin == null)
{
userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>();
userAdmin.UserName = "******";
// Set a password if the standard authentication type is used
userAdmin.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = "Administrators";
}
adminRole.IsAdministrative = true;
userAdmin.Roles.Add(adminRole);
ObjectSpace.CommitChanges();
}
public static SecuritySystemRole AddObjectAccessPermissionFluent <T>(this SecuritySystemRole securityRole, SecurityOperationsFluentExtension securityOperation, string criteria)
{
if (String.IsNullOrEmpty(criteria))
{
throw new ArgumentNullException("SecurityOperations or criteria arguments is null or empty");
}
if (typeof(T).IsInterface)
{
foreach (var type in GetListTypesFromInterface(typeof(T), securityRole.GetType()))
{
securityRole.AddObjectAccessPermission(type, criteria, GetDescriptionAttribute(securityOperation));
}
return(securityRole);
}
securityRole.AddObjectAccessPermission <T>(criteria, GetDescriptionAttribute(securityOperation));
return(securityRole);
}
private void SetupSecurity()
{
// Administrative role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
// Administrator users
SecuritySystemUser adminUser;
adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "admin"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.Roles.Add(adminRole);
}
// Accounts Receivable role
SecuritySystemRole arRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Accounts Receivable"));
if (arRole == null)
{
arRole = ObjectSpace.CreateObject <SecuritySystemRole>();
arRole.Name = "Accounts Receivable";
arRole.IsAdministrative = false;
}
// Accounts Receivable Permissions
// BankStmt
GrantFullAcccess(typeof(Cash.BankStmt), arRole);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = "Administrators";
adminRole.IsAdministrative = true;
}
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "Users";
userRole.SetTypePermissionsRecursively <object>(SecurityOperations.FullAccess, SecuritySystemModifier.Allow);
}
MyUser user1 = ObjectSpace.FindObject <MyUser>(new BinaryOperator("UserName", "Admin"));
if (user1 == null)
{
user1 = ObjectSpace.CreateObject <MyUser>();
user1.UserName = "******";
user1.SetPassword("");
user1.Roles.Add(adminRole);
}
MyUser user2 = ObjectSpace.FindObject <MyUser>(new BinaryOperator("UserName", "User"));
if (user2 == null)
{
user2 = ObjectSpace.CreateObject <MyUser>();
user2.UserName = "******";
user2.SetPassword("");
user2.Roles.Add(userRole);
}
}
public static SecuritySystemRole AddMemberAccessPermissionFluent(this SecuritySystemRole securityRole, List <Type> typeList, string members, SecurityOperationsFluentExtension securityOperation, string criteria = null)
{
if (String.IsNullOrEmpty(members))
{
throw new ArgumentNullException(String.Format("Members arguments (EmployeeRole {0} list types ) is null or empty", securityRole.Name));
}
foreach (var type in typeList)
{
if (type.IsInterface)
{
foreach (var classType in GetListTypesFromInterface(type, securityRole.GetType()))
{
if (String.IsNullOrEmpty(criteria))
{
securityRole.AddMemberAccessPermission(classType, members, GetDescriptionAttribute(securityOperation));
}
else
{
securityRole.AddMemberAccessPermission(classType, members, GetDescriptionAttribute(securityOperation), criteria);
}
}
continue;
}
if (String.IsNullOrEmpty(criteria))
{
securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation));
}
else
{
securityRole.AddMemberAccessPermission(type, members, GetDescriptionAttribute(securityOperation), criteria);
}
}
return(securityRole);
}
void CreateMemberLevelSecurityObjectPermissions(SecuritySystemRole securityDemoRole) {
//We want to selectively assign Read/Write permission to members of MemberLevelSecurityObject class, so first we create a type permission that allows everything except Read/Write
var memberLevelTypePermission = securityDemoRole.CreateTypePermission<MemberLevelSecurityObject>(o => {
o.AllowCreate = true;
o.AllowDelete = true;
o.AllowNavigate = true;
}, false);
//Only for ReadWriteProperty,Name members we overwrite the Read/Write permissions we got from the TypePermission. All other members members will inherit permissions from the TypePermission Read/Write ==false
memberLevelTypePermission.CreateMemberPermission(o => {
o.AllowRead = true;
o.AllowWrite = true;
o.Members = "ReadWriteProperty; Name";
}, false);
//Maybe this is not needed
memberLevelTypePermission.CreateMemberPermission(o => o.Members = "ProtectedContentProperty; ProtectedContentCollection", false);
//Only for ReadWriteProperty,Name members we overwrite the Read/Write permissions we got from the TypePermission. All other members members will inherit permissions from the TypePermission Read ==false
memberLevelTypePermission.CreateMemberPermission(o => {
o.AllowRead = true;
o.Members = "ReadOnlyProperty; ReadOnlyCollection";
}, false);
}
private void Usuarios()
{
SecuritySystemRole rolServs = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Servicios"));
if (rolServs == null)
{
rolServs = ObjectSpace.CreateObject <SecuritySystemRole>();
rolServs.Name = "Servicios";
}
if (rolServs.FindTypePermissionObject <Cliente>() == null)
{
List <Type> tipos = new List <Type>();
tipos.Clear();
tipos.Add(typeof(Cliente));
PermisosTipos(tipos, rolServs, true, true, true, true, true);
}
/*
* SecuritySystemRole rolAlma = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Almacen"));
*
* if (rolAlma == null)
* {
* List<Type> tipos = new List<Type>();
*
*
* rolAlma = ObjectSpace.CreateObject<SecuritySystemRole>();
* rolAlma.Name = "Almacen";
*
* / *
* SecuritySystemTypePermissionObject userTypePermission =
* ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>();
* userTypePermission.TargetType = typeof(SecuritySystemUser);
*
* SecuritySystemObjectPermissionsObject currentUserObjectPermission =
* ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>();
* currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
* currentUserObjectPermission.AllowNavigate = true;
* currentUserObjectPermission.AllowRead = true;
* userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* /
*
* tipos.Clear();
* tipos.Add(typeof(MovimientoI));
* tipos.Add(typeof(Producto));
* tipos.Add(typeof(Marca));
* tipos.Add(typeof(Linea));
* tipos.Add(typeof(Unidad));
* tipos.Add(typeof(EsquemaImpuesto));
* tipos.Add(typeof(Moneda));
* tipos.Add(typeof(ConceptoMI));
* PermisosTipos(tipos, rolAlma, true, true, true, true, true);
*
* tipos.Clear();
* tipos.Add(typeof(Cliente));
* tipos.Add(typeof(Proveedor));
* tipos.Add(typeof(Direccion));
* PermisosTipos(tipos, rolAlma, false, false, true, true, true);
*
* tipos.Clear();
* tipos.Add(typeof(ExportaInvFis));
* PermisosTipos(tipos, rolAlma, true, false, true, true, true);
*
* tipos.Clear();
* tipos.Add(typeof(MyFileData));
* tipos.Add(typeof(FileData));
* PermisosTipos(tipos, rolAlma, true, true, false, true, true);
* }*/
/*
* SecuritySystemRole rolContab = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Contabilidad"));
*
* if (rolContab == null)
* {
* List<Type> tipos = new List<Type>();
*
*
* rolContab = ObjectSpace.CreateObject<SecuritySystemRole>();
* rolContab.Name = "Contabilidad";
*
* / *
* SecuritySystemTypePermissionObject userTypePermission =
* ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>();
* userTypePermission.TargetType = typeof(SecuritySystemUser);
*
* SecuritySystemObjectPermissionsObject currentUserObjectPermission =
* ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>();
* currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
* currentUserObjectPermission.AllowNavigate = true;
* currentUserObjectPermission.AllowRead = true;
* userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* /
*
* tipos.Clear();
* tipos.Add(typeof(Producto));
* tipos.Add(typeof(Cliente));
* tipos.Add(typeof(Documento));
* tipos.Add(typeof(DocumentoSalida));
*
* PermisosTipos(tipos, rolContab, false, false, true, true, false);
* }*/
/*
* SecuritySystemRole rolAdmin = ObjectSpace.FindObject<SecuritySystemRole>(new BinaryOperator("Name", "Admin"));
*
* if (rolAdmin == null)
* {
* List<Type> tipos = new List<Type>();
*
*
* rolAdmin = ObjectSpace.CreateObject<SecuritySystemRole>();
* rolAdmin.Name = "Admin";
*
* / *
* SecuritySystemTypePermissionObject userTypePermission =
* ObjectSpace.CreateObject<SecuritySystemTypePermissionObject>();
* userTypePermission.TargetType = typeof(SecuritySystemUser);
*
* SecuritySystemObjectPermissionsObject currentUserObjectPermission =
* ObjectSpace.CreateObject<SecuritySystemObjectPermissionsObject>();
* currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
* currentUserObjectPermission.AllowNavigate = true;
* currentUserObjectPermission.AllowRead = true;
* userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);* /
*
* tipos.Clear();
* tipos.Add(typeof(Direccion));
* tipos.Add(typeof(Compania));
* tipos.Add(typeof(ItemFormaP));
* tipos.Add(typeof(Documento));
* PermisosTipos(tipos, rolAdmin, true, true, false, true, true);
*
* tipos.Clear();
* tipos.Add(typeof(Clasificacion));
* tipos.Add(typeof(Cliente));
* tipos.Add(typeof(ConceptoCxc));
* tipos.Add(typeof(Cxc));
* tipos.Add(typeof(Vendedor));
* tipos.Add(typeof(Zona));
*
* tipos.Add(typeof(LCap.Module.BusinessObjects.Empresa.Empresa));
* tipos.Add(typeof(Moneda));
* tipos.Add(typeof(POFolio));
* tipos.Add(typeof(POCertificado));
* tipos.Add(typeof(POCorreo));
* tipos.Add(typeof(POCompra));
* tipos.Add(typeof(Administracion));
*
* tipos.Add(typeof(ConceptoMI));
* tipos.Add(typeof(Producto));
* tipos.Add(typeof(EsquemaImpuesto));
* tipos.Add(typeof(MovimientoI));
* tipos.Add(typeof(Linea));
* tipos.Add(typeof(Unidad));
* tipos.Add(typeof(Marca));
* tipos.Add(typeof(ExportaInvFis));
*
* tipos.Add(typeof(Proveedor));
* tipos.Add(typeof(Cxp));
* tipos.Add(typeof(ConceptoCxp));
*
* tipos.Add(typeof(DocumentoSalida));
*
* tipos.Add(typeof(Analysis));
*
* PermisosTipos(tipos, rolAdmin, true, true, true, true, true);
* }*/
SecuritySystemUser userR = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "root"));
if (userR == null)
{
userR = ObjectSpace.CreateObject <SecuritySystemUser>();
userR.UserName = "******";
// Set a password if the standard authentication type is used
userR.SetPassword("");
}
/*
* SecuritySystemUser userS = ObjectSpace.FindObject<SecuritySystemUser>(
* new BinaryOperator("UserName", "servicio"));
*
* if (userS == null)
* {
* userS = ObjectSpace.CreateObject<SecuritySystemUser>();
* userS.UserName = "******";
* // userS.SetPassword("servicio");
* }*/
/*
* SecuritySystemUser userA = ObjectSpace.FindObject<SecuritySystemUser>(
* new BinaryOperator("UserName", "almacen"));
*
* if (userA == null)
* {
* userA = ObjectSpace.CreateObject<SecuritySystemUser>();
* userA.UserName = "******";
* // Set a password if the standard authentication type is used
* userA.SetPassword("");
* }*/
/*
* SecuritySystemUser userCont = ObjectSpace.FindObject<SecuritySystemUser>(
* new BinaryOperator("UserName", "contab"));
*
* if (userCont == null)
* {
* userCont = ObjectSpace.CreateObject<SecuritySystemUser>();
* userCont.UserName = "******";
* // Set a password if the standard authentication type is used
* userCont.SetPassword("");
* }*/
/*
* SecuritySystemUser userAdmin = ObjectSpace.FindObject<SecuritySystemUser>(
* new BinaryOperator("UserName", "admin"));
*
* if (userAdmin == null)
* {
* userAdmin = ObjectSpace.CreateObject<SecuritySystemUser>();
* userAdmin.UserName = "******";
* // Set a password if the standard authentication type is used
* userAdmin.SetPassword("");
* }*/
// ...
// Add the "Administrators" Role to the user1
userR.Roles.Add(RolAdmin());
// userS.Roles.Add(rolServs);
/*
* userA.Roles.Add(rolAlma);
* userCont.Roles.Add(rolContab);
* userAdmin.Roles.Add(rolAdmin);*/
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
UpdateAnalysisCriteriaColumn();
SecuritySystemRole defaultRole = CreateDefaultRole();
Position developerPosition = ObjectSpace.FindObject <Position>(CriteriaOperator.Parse("Title == 'Developer'"));
if (developerPosition == null)
{
developerPosition = ObjectSpace.CreateObject <Position>();
developerPosition.Title = "Developer";
}
Position managerPosition = ObjectSpace.FindObject <Position>(CriteriaOperator.Parse("Title == 'Manager'"));
if (managerPosition == null)
{
managerPosition = ObjectSpace.CreateObject <Position>();
managerPosition.Title = "Manager";
}
Department devDepartment = ObjectSpace.FindObject <Department>(CriteriaOperator.Parse("Title == 'Development Department'"));
if (devDepartment == null)
{
devDepartment = ObjectSpace.CreateObject <Department>();
devDepartment.Title = "Development Department";
devDepartment.Office = "205";
devDepartment.Positions.Add(developerPosition);
devDepartment.Positions.Add(managerPosition);
}
Contact contactMary = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName == 'Mary' && LastName == 'Tellitson'"));
if (contactMary == null)
{
contactMary = ObjectSpace.CreateObject <Contact>();
contactMary.FirstName = "Mary";
contactMary.LastName = "Tellitson";
contactMary.Email = "*****@*****.**";
contactMary.Birthday = new DateTime(1980, 11, 27);
contactMary.Department = devDepartment;
contactMary.Position = managerPosition;
}
Contact contactJohn = ObjectSpace.FindObject <Contact>(CriteriaOperator.Parse("FirstName == 'John' && LastName == 'Nilsen'"));
if (contactJohn == null)
{
contactJohn = ObjectSpace.CreateObject <Contact>();
contactJohn.FirstName = "John";
contactJohn.LastName = "Nilsen";
contactJohn.Email = "*****@*****.**";
contactJohn.Birthday = new DateTime(1981, 10, 3);
contactJohn.Department = devDepartment;
contactJohn.Position = developerPosition;
}
if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Review reports'")) == null)
{
DemoTask task = ObjectSpace.CreateObject <DemoTask>();
task.Subject = "Review reports";
task.AssignedTo = contactJohn;
task.StartDate = DateTime.Parse("May 03, 2008");
task.DueDate = DateTime.Parse("September 06, 2008");
task.Status = DevExpress.Persistent.Base.General.TaskStatus.InProgress;
task.Priority = Priority.High;
task.EstimatedWork = 60;
task.Description = "Analyse the reports and assign new tasks to employees.";
}
if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Fix breakfast'")) == null)
{
DemoTask task = ObjectSpace.CreateObject <DemoTask>();
task.Subject = "Fix breakfast";
task.AssignedTo = contactMary;
task.StartDate = DateTime.Parse("May 03, 2008");
task.DueDate = DateTime.Parse("May 04, 2008");
task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed;
task.Priority = Priority.Low;
task.EstimatedWork = 1;
task.ActualWork = 3;
task.Description = "The Development Department - by 9 a.m.\r\nThe R&QA Department - by 10 a.m.";
}
if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Task1'")) == null)
{
DemoTask task = ObjectSpace.CreateObject <DemoTask>();
task.Subject = "Task1";
task.AssignedTo = contactJohn;
task.StartDate = DateTime.Parse("June 03, 2008");
task.DueDate = DateTime.Parse("June 06, 2008");
task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed;
task.Priority = Priority.High;
task.EstimatedWork = 10;
task.ActualWork = 15;
task.Description = "A task designed specially to demonstrate the PivotChart module. Switch to the Reports navigation group to view the generated analysis.";
}
if (ObjectSpace.FindObject <DemoTask>(CriteriaOperator.Parse("Subject == 'Task2'")) == null)
{
DemoTask task = ObjectSpace.CreateObject <DemoTask>();
task.Subject = "Task2";
task.AssignedTo = contactJohn;
task.StartDate = DateTime.Parse("July 03, 2008");
task.DueDate = DateTime.Parse("July 06, 2008");
task.Status = DevExpress.Persistent.Base.General.TaskStatus.Completed;
task.Priority = Priority.Low;
task.EstimatedWork = 8;
task.ActualWork = 16;
task.Description = "A task designed specially to demonstrate the PivotChart module. Switch to the Reports navigation group to view the generated analysis.";
}
UpdateStatus("CreateAnalysis", "", "Creating analysis reports in the database...");
CreateDataToBeAnalysed();
UpdateStatus("CreateSecurityData", "", "Creating users and roles in the database...");
#region Create a User for the Simple Security Strategy
//// If a simple user named 'Sam' doesn't exist in the database, create this simple user
//SecuritySimpleUser adminUser = ObjectSpace.FindObject<SecuritySimpleUser>(new BinaryOperator("UserName", "Sam"));
//if(adminUser == null) {
// adminUser = ObjectSpace.CreateObject<SecuritySimpleUser>();
// adminUser.UserName = "******";
//}
//// Make the user an administrator
//adminUser.IsAdministrator = true;
//// Set a password if the standard authentication type is used
//adminUser.SetPassword("");
#endregion
#region Create Users for the Complex Security Strategy
// If a user named 'Sam' doesn't exist in the database, create this user
SecuritySystemUser user1 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Sam"));
if (user1 == null)
{
user1 = ObjectSpace.CreateObject <SecuritySystemUser>();
user1.UserName = "******";
// Set a password if the standard authentication type is used
user1.SetPassword("");
}
// If a user named 'John' doesn't exist in the database, create this user
SecuritySystemUser user2 = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "John"));
if (user2 == null)
{
user2 = ObjectSpace.CreateObject <SecuritySystemUser>();
user2.UserName = "******";
// Set a password if the standard authentication type is used
user2.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = "Administrators";
}
adminRole.IsAdministrative = true;
// If a role with the Users name doesn't exist in the database, create this role
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "Users";
}
userRole.SetTypePermissionsRecursively <object>(SecurityOperations.FullAccess, SecuritySystemModifier.Allow);
userRole.SetTypePermissionsRecursively <SecuritySystemUser>(SecurityOperations.FullAccess, SecuritySystemModifier.Deny);
userRole.SetTypePermissionsRecursively <SecuritySystemRole>(SecurityOperations.FullAccess, SecuritySystemModifier.Deny);
// Add the Administrators role to the user1
user1.Roles.Add(adminRole);
// Add the Users role to the user2
user2.Roles.Add(userRole);
user2.Roles.Add(defaultRole);
#endregion
ObjectSpace.CommitChanges();
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
if (ObjectSpace.CreateCollection(typeof(Company)).Count == 0)
{
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "User"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
userRole.TypePermissions.Add(userTypePermission);
SecuritySystemTypePermissionObject validatedObjectTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
validatedObjectTypePermission.TargetType = typeof(ValidatedObject);
validatedObjectTypePermission.AllowWrite = true;
validatedObjectTypePermission.AllowNavigate = true;
validatedObjectTypePermission.AllowCreate = true;
validatedObjectTypePermission.AllowDelete = true;
validatedObjectTypePermission.AllowRead = true;
userRole.TypePermissions.Add(validatedObjectTypePermission);
SecuritySystemTypePermissionObject companyTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
companyTypePermission.TargetType = typeof(Company);
companyTypePermission.AllowRead = true;
userRole.TypePermissions.Add(companyTypePermission);
}
Employee admin = ObjectSpace.CreateObject <Employee>();
admin.UserName = "******";
admin.SetPassword("");
admin.Roles.Add(adminRole);
admin.Save();
Company company1 = ObjectSpace.CreateObject <Company>();
company1.Name = "Company 1";
company1.Employees.Add(admin);
company1.Save();
Employee user = ObjectSpace.CreateObject <Employee>();
user.UserName = "******";
user.SetPassword("");
user.Roles.Add(userRole);
user.Save();
Employee user2 = ObjectSpace.CreateObject <Employee>();
user2.UserName = "******";
user2.SetPassword("");
user2.Roles.Add(userRole);
user2.Save();
Company company2 = ObjectSpace.CreateObject <Company>();
company2.Name = "Company 2";
company2.Employees.Add(user);
company2.Employees.Add(user2);
company2.Save();
}
}
//Users can access and partially edit data (no create and delete capabilities) from their own department.
private SecuritySystemRole GetUserRole()
{
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "Users";
SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(Employee);
userRole.TypePermissions.Add(userTypePermission);
SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true;
canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;";
canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()";
canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString();
canEditOwnUserMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission);
SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;";
canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission);
SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
roleTypePermission.TargetType = typeof(SecuritySystemRole);
roleTypePermission.AllowRead = true;
userRole.TypePermissions.Add(roleTypePermission);
SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
taskTypePermission.TargetType = typeof(EmployeeTask);
taskTypePermission.AllowNavigate = true;
userRole.TypePermissions.Add(taskTypePermission);
SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditTaskAssociationsMemberPermission.Members = "AssignedTo;";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditTaskAssociationsMemberPermission.AllowWrite = true;
taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission);
SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true;
taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
departmentTypePermission.TargetType = typeof(Department);
userRole.TypePermissions.Add(departmentTypePermission);
SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewOwnDepartmentObjectPermission.AllowNavigate = true;
canViewOwnDepartmentObjectPermission.AllowRead = true;
canViewOwnDepartmentObjectPermission.Save();
departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditAssociationsMemberPermission.Members = "Employees;";
canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditAssociationsMemberPermission.AllowWrite = true;
departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission);
}
return(userRole);
}
//Managers can access and fully edit (including create and delete capabilities) data from their own department. However, they cannot access data from other departments.
private SecuritySystemRole GetManagerRole()
{
SecuritySystemRole managerRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Managers"));
if (managerRole == null)
{
managerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
managerRole.Name = "Managers";
managerRole.ChildRoles.Add(GetUserRole());
SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
departmentTypePermission.TargetType = typeof(Department);
departmentTypePermission.AllowNavigate = true;
managerRole.TypePermissions.Add(departmentTypePermission);
SecuritySystemObjectPermissionsObject canEditOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canEditOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditOwnDepartmentObjectPermission.AllowNavigate = true;
canEditOwnDepartmentObjectPermission.AllowRead = true;
canEditOwnDepartmentObjectPermission.AllowWrite = true;
canEditOwnDepartmentObjectPermission.AllowDelete = true;
canEditOwnDepartmentObjectPermission.Save();
departmentTypePermission.ObjectPermissions.Add(canEditOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject employeeTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
employeeTypePermission.TargetType = typeof(Employee);
employeeTypePermission.AllowNavigate = true;
employeeTypePermission.AllowCreate = true;
managerRole.TypePermissions.Add(employeeTypePermission);
SecuritySystemObjectPermissionsObject canEditEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Employees[Oid=CurrentUserId()]";
//canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("Department")) | new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString();
canEditEmployeesFromOwnDepartmentObjectPermission.AllowWrite = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowDelete = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowRead = true;
canEditEmployeesFromOwnDepartmentObjectPermission.Save();
employeeTypePermission.ObjectPermissions.Add(canEditEmployeesFromOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
taskTypePermission.TargetType = typeof(EmployeeTask);
taskTypePermission.AllowNavigate = true;
taskTypePermission.AllowCreate = true;
managerRole.TypePermissions.Add(taskTypePermission);
SecuritySystemObjectPermissionsObject canEditTasksOnlyFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Employees[Oid=CurrentUserId()]";
//canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("AssignedTo")) | new NullOperator(new OperandProperty("AssignedTo.Department")) | new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString();
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowNavigate = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowRead = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowWrite = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowDelete = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.Save();
taskTypePermission.ObjectPermissions.Add(canEditTasksOnlyFromOwnDepartmentObjectPermission);
}
return(managerRole);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
// Administrative role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
// Administrator user
SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Administrator"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.SetPassword("");
adminUser.Roles.Add(adminRole);
}
// A role whith type-level permissions
SecuritySystemRole contactsManagerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contacts Manager"));
if (contactsManagerRole == null)
{
contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactsManagerRole.Name = "Contacts Manager";
SecuritySystemTypePermissionObject contactTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactTypePermission.TargetType = typeof(Contact);
contactTypePermission.AllowCreate = true;
contactTypePermission.AllowDelete = true;
contactTypePermission.AllowNavigate = true;
contactTypePermission.AllowRead = true;
contactTypePermission.AllowWrite = true;
contactsManagerRole.TypePermissions.Add(contactTypePermission);
}
SecuritySystemUser userSam =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Sam"));
if (userSam == null)
{
userSam = ObjectSpace.CreateObject <SecuritySystemUser>();
userSam.UserName = "******";
userSam.SetPassword("");
userSam.Roles.Add(contactsManagerRole);
}
// A role with object-level permissions
SecuritySystemRole basicUserRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Basic User"));
if (basicUserRole == null)
{
basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>();
basicUserRole.Name = "Basic User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
basicUserRole.TypePermissions.Add(userTypePermission);
}
SecuritySystemUser userJohn =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "John"));
if (userJohn == null)
{
userJohn = ObjectSpace.CreateObject <SecuritySystemUser>();
userJohn.UserName = "******";
userJohn.SetPassword("");
userJohn.Roles.Add(basicUserRole);
}
// A role with member-level permissions
SecuritySystemRole contactViewerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contact Viewer"));
if (contactViewerRole == null)
{
contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactViewerRole.Name = "Contact Viewer";
SecuritySystemTypePermissionObject contactLimitedTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactLimitedTypePermission.TargetType = typeof(Contact);
contactLimitedTypePermission.AllowNavigate = true;
SecuritySystemMemberPermissionsObject contactMemberPermission =
ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
contactMemberPermission.Members = "Name";
contactMemberPermission.AllowRead = true;
contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission);
contactViewerRole.TypePermissions.Add(contactLimitedTypePermission);
}
SecuritySystemUser userBill =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Bill"));
if (userBill == null)
{
userBill = ObjectSpace.CreateObject <SecuritySystemUser>();
userBill.UserName = "******";
userBill.SetPassword("");
userBill.Roles.Add(contactViewerRole);
}
// Contact objects are created for demo purposes
Contact contactMary = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "Mary Tellitson"));
if (contactMary == null)
{
contactMary = ObjectSpace.CreateObject <Contact>();
contactMary.Name = "Mary Tellitson";
contactMary.Email = "*****@*****.**";
}
Contact contactJohn = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "John Nilsen"));
if (contactJohn == null)
{
contactJohn = ObjectSpace.CreateObject <Contact>();
contactJohn.Name = "John Nilsen";
contactJohn.Email = "*****@*****.**";
}
ObjectSpace.CommitChanges();
}
void SetPermissions(SecuritySystemRole employersRole) {
employersRole.SetTypePermissions<ReportData>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow);
employersRole.CreatePermissionBehaviour(PermissionBehavior.ReadOnlyAccess, (role, info) => role.SetTypePermissions(info.Type, SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow));
}
void CreateNavigateObjectLevelSecurityObjectPermissions(SecuritySystemRole securityDemoRole) {
//We want to allow operations for objects that fit in a criterion, so first we create a TypePermission that allows no operation except Navigate
var navigateObjectLevelSecurityObjectTypePermission = securityDemoRole.CreateTypePermission<ObjectLevelSecurityObject>(o => {
o.AllowNavigate = true;
}, false);
//We create an ObjectPermission that allows all operations for ObjectLevelSecurityObjects that fit to [Name] Like '%Fully Accessible%'
navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(
o => { o.Criteria = "[Name] Like '%Fully Accessible%'"; });
//We create an ObjectPermission that allows only Navigate for ObjectLevelSecurityObjects that fit to [Name] Like '%Protected%'
navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => {
o.AllowNavigate = true;
o.Criteria = "[Name] Like '%Protected%'";
}, false);
//We create an ObjectPermission that allows only Navigate/Read for ObjectLevelSecurityObjects that fit to [Name] Like '%Read-Only%''
navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => {
o.Criteria = "[Name] Like '%Read-Only%'";
o.AllowNavigate = true;
o.AllowRead = true;
}, false);
//We create an ObjectPermission that allows only Navigate/Read/Write for ObjectLevelSecurityObjects that fit to [Name] Like '%Read-Only%''
navigateObjectLevelSecurityObjectTypePermission.CreateObjectPermission(o => {
o.Criteria = "[Name] Like '%Protected Deletion%'";
o.AllowNavigate = true;
o.AllowRead = true;
o.AllowWrite = true;
}, false);
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
//string name = "MyName";
//DomainObject1 theObject = ObjectSpace.FindObject<DomainObject1>(CriteriaOperator.Parse("Name=?", name));
//if(theObject == null) {
// theObject = ObjectSpace.CreateObject<DomainObject1>();
// theObject.Name = name;
//}
SecuritySystemUser sampleUser = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "User"));
if (sampleUser == null)
{
sampleUser = ObjectSpace.CreateObject <SecuritySystemUser>();
sampleUser.UserName = "******";
sampleUser.SetPassword("");
}
SecuritySystemRole defaultRole = CreateDefaultRole();
sampleUser.Roles.Add(defaultRole);
SecuritySystemUser userAdmin = ObjectSpace.FindObject <SecuritySystemUser>(new BinaryOperator("UserName", "Admin"));
if (userAdmin == null)
{
userAdmin = ObjectSpace.CreateObject <SecuritySystemUser>();
userAdmin.UserName = "******";
// Set a password if the standard authentication type is used
userAdmin.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Administrators"));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = "Administrators";
// Seed demo data
ObjectSpace.CreateObject <BusinessUnit>().Name = "RRHH";
ObjectSpace.CreateObject <BusinessUnit>().Name = "IT";
ObjectSpace.CreateObject <BusinessUnit>().Name = "COMERCIAL";
ObjectSpace.CreateObject <Period>().Name = "2020";
ObjectSpace.CreateObject <Period>().Name = "2018";
ObjectSpace.CreateObject <ServiceType>().Name = "Pago de planilla";
ObjectSpace.CreateObject <ServiceType>().Name = "Envio de SMS";
ObjectSpace.CreateObject <ServiceLocation>().Name = "Central";
ObjectSpace.CreateObject <ServiceLocation>().Name = "Local";
Department sczDepartment = ObjectSpace.CreateObject <Department>();
sczDepartment.Name = "Santa Cruz";
ObjectSpace.CreateObject <Department>().Name = "La Paz";
UserService sczUserService = ObjectSpace.CreateObject <UserService>();
sczUserService.Department = sczDepartment;
sczUserService.Agency = "Norte";
sczUserService.Count = ">10000";
ObjectSpace.CreateObject <AppService>().Name = "Cosim ERP";
}
adminRole.IsAdministrative = true;
userAdmin.Roles.Add(adminRole);
ObjectSpace.CommitChanges(); //This line persists created object(s).
}
void SetPermissions(SecuritySystemRole employersRole)
{
employersRole.SetTypePermissions <ReportData>(SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow);
employersRole.CreatePermissionBehaviour(PermissionBehavior.ReadOnlyAccess, (role, info) => role.SetTypePermissions(info.Type, SecurityOperations.ReadOnlyAccess, SecuritySystemModifier.Allow));
}
