C# (CSharp) EdFi.Dashboards.Resources.Security.ClaimValidators ClaimValidatorRequest Exemples

Exemple #1

Fichier : ViewMyStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {

            ValidateCurrentUserIsStaff(request);

            var studentListType = request.GetParameterValueByName(ClaimValidatorRequest.StudentListTypeParameterName);

            // DJWhite 4 Jan 2012: Default null or empty to NONE which is equivalent to ALL.
            if (String.IsNullOrEmpty(studentListType)) studentListType = StudentListType.None.ToString();

            switch (studentListType.ToLower())
            {
                case ClaimValidatorRequest.StudentListEnumSection:
                    ValidateClaimSchoolStaffSection(request, ClaimType);
                    break;
                case ClaimValidatorRequest.StudentListEnumCohort:
                    ValidateClaimSchoolCohortStaff(request, ClaimType);
                    break;
                case ClaimValidatorRequest.StudentListEnumCustomStudentList:
                    ValidateClaimSchoolCustomStudentListStaff(request, ClaimType);
                    break;
                case ClaimValidatorRequest.StudentListEnumMetricsBasedWatchList:
                case ClaimValidatorRequest.StudentListEnumAll:
                case ClaimValidatorRequest.StudentListEnumNone:
                    ValidateClaimSchoolStaff(request, ClaimType);
                    break;
                default:
                    throw new UserAccessDeniedException(ClaimValidatorRequest.InvalidParameterErrorMessage);
            }

            return null;
        }

Exemple #2

Fichier : AccessOrganizationClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            //ValidateClaimSchoolStaff(request, ClaimType);
            ValidateClaimSchoolUser(request, ClaimType);

            return null;
        }

Exemple #3

Fichier : ViewMyStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateCurrentUserIsStaff(request);
            ValidateClaimSchoolStaffSection(request, ClaimType);

            return null;
        }

Exemple #4

Fichier : NullClaimValidator.cs Projet : sybrix/EdFi-App

 public object ValidateRequest(ClaimValidatorRequest request)
 {
     throw new UnhandledSignatureException(false, // Not explicitly unhandled... it fell through to the end of the chain of responsibility
         string.Format(
             ClaimValidatorRequest.UnhandledParameterErrorMessageFormat,
             request.BuildSignatureKey()));
 }

Exemple #5

Fichier : ViewMyMetricsClaimValidator.cs Projet : sybrix/EdFi-App

 protected override object HandleRequest(ClaimValidatorRequest request)
 {
     var leaId = request.GetLocalEducationAgencyId();
     //View my metrics is currently siloed.
     SecurityAssertionProvider.CurrentUserMustHaveClaimOnEducationOrganization(leaId, ClaimType);
     return null;
     //throw new UserAccessDeniedException(Implementations.SecurityAssertionProvider.NoEducationOrganizationPermissionErrorMessage);
 }

Exemple #6

Fichier : ManageWatchListClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            //TODO: Start using this again once the staffUSI issue is fixed
            //ValidateCurrentUserIsStaff(request);
            CheckEducationOrganization(request);

            return null;
        }

Exemple #7

Fichier : ManageGoalsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateClaimLocalEducationAgencyMetric(request, ClaimType);

            // TODO: GKM - Do we need to secure specific metrics (such as Operational Dashboards), or does Manage Goals allow them to read those metrics too?

            return null;
        }

Exemple #8

Fichier : AccessOrganizationClaimValidator.cs Projet : sybrix/EdFi-App

        protected void CheckLea(ClaimValidatorRequest request)
        {
            var lea = request.GetNullableIdByName(ClaimValidatorRequest.LocalEducationAgencyParameterName);
            if (null == lea) return;

            var userInfo = UserInformation.Current;
            //Look at LEA or higher.
            var claimValidatorLeaEdorgs = SecurityAssertionProvider.GetEducationOrganizationHierarchy((int)lea);
            if (userInfo.AssociatedOrganizations.Any(
                n => ((n.ClaimTypes.Contains(ClaimType)) &&
                    (claimValidatorLeaEdorgs.Contains(n.EducationOrganizationId) || //The user has an explict claim for the LEA or State level
                    (SecurityAssertionProvider.GetEducationOrganizationHierarchy(n.EducationOrganizationId).Contains((int)lea)))))) //The user has the lea within the hierarchy of one of thier claims.
                //Note: Can not look higher than LEA in this last check because the State agency ID always comes back in the hierarchy.
                return;

            throw new UserAccessDeniedException(Implementations.SecurityAssertionProvider.NoEducationOrganizationPermissionErrorMessage);
        }

Exemple #9

Fichier : ManageWatchListClaimValidator.cs Projet : sybrix/EdFi-App

        protected void CheckEducationOrganization(ClaimValidatorRequest request)
        {
            var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
            var localEducationAgencyId =
                request.GetNullableIdByName(ClaimValidatorRequest.LocalEducationAgencyParameterName);
            var userInfo = UserInformation.Current;

            if (schoolId.HasUsableValue())
            {
                var claimValidatorSchoolEdOrgs =
                    SecurityAssertionProvider.GetEducationOrganizationHierarchy(schoolId.Value);

                if (
                    userInfo.AssociatedOrganizations.Any(
                        org =>
                            org.ClaimTypes.Contains(ClaimType) &&
                            (claimValidatorSchoolEdOrgs.Contains(org.EducationOrganizationId) ||
                            SecurityAssertionProvider.GetEducationOrganizationHierarchy(org.EducationOrganizationId)
                                .Contains(schoolId.Value))))
                {
                    return;
                }
            }
            else if (localEducationAgencyId.HasUsableValue())
            {
                var claimValidatorLocalEducationAgencyEdOrgs =
                    SecurityAssertionProvider.GetEducationOrganizationHierarchy(localEducationAgencyId.Value);

                if (
                    userInfo.AssociatedOrganizations.Any(
                        org =>
                            org.ClaimTypes.Contains(ClaimType) &&
                            (claimValidatorLocalEducationAgencyEdOrgs.Contains(org.EducationOrganizationId) ||
                            SecurityAssertionProvider.GetEducationOrganizationHierarchy(org.EducationOrganizationId)
                                .Contains(localEducationAgencyId.Value))))
                {
                    return;
                }
            }
            
            throw new UserAccessDeniedException(Implementations.SecurityAssertionProvider.NoEducationOrganizationPermissionErrorMessage);
        }

Exemple #10

Fichier : AdministerDashboardClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateClaimLocalEducationAgency(request, ClaimType);

            return null;
        }

Exemple #11

Fichier : ClaimAuthorizationBase.cs Projet : sybrix/EdFi-App

	    public void AuthorizeRequest(ClaimValidatorRequest request)
        {
            claimValidator.ValidateRequest(request);
	    }

Exemple #12

Fichier : AccessOrganizationClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            CheckLea(request);

            return null;
        }

Exemple #13

Fichier : AccessOrganizationClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            var schoolId = request.GetParameterValueByName(ClaimValidatorRequest.SchoolParameterName);
            if (schoolId != null)
            {
                ValidateClaimSchool(request, ClaimType);
                return null;
            }

            var leaId = request.GetParameterValueByName(ClaimValidatorRequest.LocalEducationAgencyParameterName);
            if (leaId != null)
            {
                CheckLea(request);
                return null;
            }

            throw new ArgumentException("SchoolId and LocalEducationAgency can not both be null.");
        }

Exemple #14

Fichier : ViewAllStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateClaimSchoolStudentByOrganizationAssociation(request, ClaimType);

            return null;
        }

Exemple #15

Fichier : ViewAllStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
            if (schoolId.HasValue)
                ValidateClaimSchoolStaff(request, ClaimType);
            else
                ValidateClaimLocalEducationAgencyStaff(request, ClaimType);

            var customStudentListId = request.GetNullableIdByName(ClaimValidatorRequest.CustomStudentListParameterName);
            if (customStudentListId.HasValue && schoolId.HasValue)
            {
                try
                {
                    ValidateClaimSchoolCustomStudentListStaff(request, ClaimType);
                }
                catch (UserAccessDeniedException)
                {
                    // this lets a LEA level user modify a LEA custom student list at a school level
                    ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
                    ValidateClaimLocalEducationAgencyCustomStudentListStaff(request, ClaimType);
                }
            }
            else if (customStudentListId.HasValue)
                ValidateClaimLocalEducationAgencyCustomStudentListStaff(request, ClaimType);

            return null;
        }

Exemple #16

Fichier : ViewAllStudentsClaimValidator.cs Projet : sybrix/EdFi-App

 protected override object HandleRequest(ClaimValidatorRequest request)
 {
     var staffUSI = request.GetNullableLongIdByName(ClaimValidatorRequest.StaffParameterName);
     if (staffUSI.HasValue)
     {
         var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
         if (schoolId.HasValue)
             ValidateClaimSchoolStaff(request, ClaimType);
         else
             ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
     }
     else
     {
         var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
         if (schoolId.HasValue)
             ValidateClaimSchool(request, ClaimType);
         else
             ValidateClaimLocalEducationAgency(request, ClaimType);
     }
     return null;
 }

Exemple #17

Fichier : AdministerDashboardClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateClaimStaff(request, ClaimType);

            return null;
        }

Exemple #18

Fichier : ApplyViewPermissionsByClaimInterceptor.cs Projet : sybrix/EdFi-App

        public bool AuthorizeByClaim(IEnumerable<ParameterInstance> parameters, IEnumerable<string> claims)
        {
            Exception firstAuthorizationException = null;
            var allExceptions = new List<Exception>();

            if ((null == claims) || (!claims.Any())) return false;

            var request = new ClaimValidatorRequest {Parameters = parameters};

            foreach (var claim in claims)
            {
                try
                {
                    var authorization = GetClaimAuthorization(claim);
                    authorization.AuthorizeRequest(request);
                    return true;
                }
                catch (InvalidCastException)
                {
                    // Several claim validators have been throwing invalid cast exceptions which have been hidden by the catch block below
                    throw;
                }
                catch (Exception ex)
                {
                    if (firstAuthorizationException == null)
                        firstAuthorizationException = ex;
                    allExceptions.Add(ex);
                }
            }

            // If all claims failed authorization, throw the first exception.
            // However the first exception is not necessarily the most useful message. So,
            // we'll log all the information we have here to allow better debugging
            // of failures. Also look at the exception thrown in the BeforeExecution method for the 
            // service name and method that it was trying to authorize.
            if (firstAuthorizationException != null)
            {
                var sb = new StringBuilder();
                sb.AppendFormat("Authorization Failure: Parameters: [{0}]  Claims: [{1}]", string.Join(", ", parameters), string.Join(", ", claims));
                sb.AppendLine();

                var claimsPrincipal = UserInformation.Current.ToClaimsPrincipal();

                foreach (var identity in claimsPrincipal.Identities)
                    foreach (var claim in identity.Claims)
                        sb.AppendLine(claim.ClaimType + ": " + claim.Value);

                foreach (var ex in allExceptions)
                    sb.AppendLine(ex.ToString());

                logger.Warn(sb);
                throw firstAuthorizationException;
            }

            throw new SecurityAccessDeniedException("Could not authorize by claim.");
        }

Exemple #19

Fichier : ViewMyStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateClaimStudentByCurrentUser(request, ClaimType);

            return null;
        }

Exemple #20

Fichier : ViewMyStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            ValidateCurrentUserIsStaff(request);

            var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
            if (schoolId.HasValue)
                ValidateClaimSchoolStaff(request, ClaimType);
            else
                ValidateClaimLocalEducationAgencyStaff(request, ClaimType);

            return null;
        }

Exemple #21

Fichier : ViewAllStudentsClaimValidator.cs Projet : sybrix/EdFi-App

        protected override object HandleRequest(ClaimValidatorRequest request)
        {
            var studentListType = request.GetParameterValueByName(ClaimValidatorRequest.StudentListTypeParameterName);
            var schoolId = request.GetNullableIdByName(ClaimValidatorRequest.SchoolParameterName);
            var staffUSI = request.GetNullableLongIdByName(ClaimValidatorRequest.StaffParameterName);

            // DJWhite 4 Jan 2012: Default null or empty to NONE which is equivalent to ALL.
            if (String.IsNullOrEmpty(studentListType)) studentListType = StudentListType.None.ToString();

            switch (studentListType.ToLower())
            {
                case ClaimValidatorRequest.StudentListEnumSection:
                    if (!schoolId.HasValue)
                        throw new UserAccessDeniedException(ClaimValidatorRequest.InvalidParameterErrorMessage);

                    if (staffUSI.HasValue)
                        ValidateClaimSchoolStaffSection(request, ClaimType);
                    else
                        ValidateClaimSchoolSection(request, ClaimType);
                    break;
                case ClaimValidatorRequest.StudentListEnumCohort:
                    if (staffUSI.HasValue)
                    {
                        if (schoolId.HasValue)
                            ValidateClaimSchoolCohortStaff(request, ClaimType);
                        else
                            ValidateClaimLocalEducationAgencyCohortStaff(request, ClaimType);
                    }
                    else
                    {
                        if (schoolId.HasValue)
                            ValidateClaimSchoolCohort(request, ClaimType);
                        else
                            ValidateClaimLocalEducationAgencyCohort(request, ClaimType);
                    }
                    break;
                case ClaimValidatorRequest.StudentListEnumCustomStudentList:
                    ValidateClaimSchoolCustomStudentListStaff(request, ClaimType);
                    break;
                case ClaimValidatorRequest.StudentListEnumMetricsBasedWatchList:
                case ClaimValidatorRequest.StudentListEnumAll:
                case ClaimValidatorRequest.StudentListEnumNone:
                    if (staffUSI.HasValue)
                    {
                        if (schoolId.HasValue)
                            ValidateClaimSchoolStaff(request, ClaimType);
                        else
                            ValidateClaimLocalEducationAgencyStaff(request, ClaimType);
                    }
                    else
                    {
                        if (schoolId.HasValue)
                            ValidateClaimSchool(request, ClaimType);
                        else
                            ValidateClaimLocalEducationAgency(request, ClaimType);
                    }
                    break;
                default:
                    throw new UserAccessDeniedException(ClaimValidatorRequest.InvalidParameterErrorMessage);
            }

            return null;
        }

Exemple #22

Fichier : AuthorizationFixtureBase.cs Projet : sybrix/EdFi-App

 public ClaimValidatorRequest GetClaimValidatorRequest()
 {
     var result = new ClaimValidatorRequest {Parameters = GetSuppliedParameters()};
     return result;
 }