private static ICriterion GetPermissionQueryInternal(User user, string operation, string securityKeyProperty)
{
var operationNames = Strings.GetHierarchicalOperationNames(operation);
var criteria = DetachedCriteria.For <Permission>("permission")
.CreateAlias("Operation", "op")
.CreateAlias("EntitiesGroup", "entityGroup", JoinType.LeftOuterJoin)
.CreateAlias("entityGroup.Entities", "entityKey", JoinType.LeftOuterJoin)
.SetProjection(Projections.Property("Allow"))
.Add(Restrictions.In("op.Name", operationNames))
.Add(Restrictions.Eq("User", user) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
.Add(
Property.ForName(securityKeyProperty).EqProperty("permission.EntitySecurityKey") ||
Property.ForName(securityKeyProperty).EqProperty("entityKey.EntitySecurityKey") ||
(
Restrictions.IsNull("permission.EntitySecurityKey") &&
Restrictions.IsNull("permission.EntitiesGroup")
)
)
.SetMaxResults(1)
.AddOrder(Order.Desc("Level"))
.AddOrder(Order.Asc("Allow"));
return(Subqueries.Eq(true, criteria));
}
public Permission[] GetPermissionsFor(UsersGroup usersGroup, bool eager = false)
{
var criteria = DetachedCriteria.For <Permission>()
.Add(Expression.Eq("UsersGroup", usersGroup) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllUsersGroupParents(usersGroup).SetProjection(Projections.Id())));
return(FindResults(criteria, eager));
}
public virtual EntitiesGroup[] GetAssociatedEntitiesGroupsFor <TEntity>(TEntity entity) where TEntity : IEntityInformationExtractor <TEntity>
{
var entitiesGroups =
SecurityCriterions.AllGroups(entity)
.GetExecutableCriteria(_session)
.AddOrder(Order.Asc("Name"))
.SetCacheable(true)
.List <EntitiesGroup>();
return(entitiesGroups.ToArray());
}
public virtual UsersGroup[] GetAssociatedUsersGroupFor(User user)
{
var usersGroups =
SecurityCriterions.AllGroups(user)
.GetExecutableCriteria(_session)
.AddOrder(Order.Asc("Name"))
.SetCacheable(true)
.List <UsersGroup>();
return(usersGroups.ToArray());
}
public Permission[] GetPermissionsFor <TEntity>(User user, TEntity entity) where TEntity : IEntityInformationExtractor <TEntity>
{
var key = entity.SecurityKey;
var entitiesGroups = GetAssociatedEntitiesGroupsFor(entity);
var criteria = DetachedCriteria.For <Permission>()
.Add(Expression.Eq("User", user) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
.Add(Expression.Eq("EntitySecurityKey", key) || Expression.In("EntitiesGroup", entitiesGroups));
return(FindResults(criteria));
}
public Permission[] GetGlobalPermissionsFor(User user, string operationName)
{
var operationNames = Strings.GetHierarchicalOperationNames(operationName);
var criteria = DetachedCriteria.For <Permission>()
.Add(Expression.Eq("User", user) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
.Add(Expression.IsNull("EntitiesGroup"))
.Add(Expression.IsNull("EntitySecurityKey"))
.CreateAlias("Operation", "op")
.Add(Expression.In("op.Name", operationNames));
return(FindResults(criteria));
}
public void RemoveUser(User user)
{
ICollection <UsersGroup> groups =
SecurityCriterions.DirectUsersGroups((user))
.GetExecutableCriteria(_session)
.SetCacheable(true)
.List <UsersGroup>();
foreach (UsersGroup group in groups)
{
group.Users.Remove(user);
}
_session.CreateQuery("delete Permission p where p.User = :user")
.SetEntity("user", user)
.ExecuteUpdate();
}
public virtual UsersGroup[] GetAncestryAssociation(User user, string usersGroupName)
{
var desiredGroup = GetUsersGroupByName(usersGroupName);
ICollection <UsersGroup> directGroups =
SecurityCriterions.DirectUsersGroups((user))
.GetExecutableCriteria(_session)
.SetCacheable(true)
.List <UsersGroup>();
if (directGroups.Contains(desiredGroup))
{
return(new[] { desiredGroup });
}
var associatedGroups = GetAssociatedUsersGroupFor(user);
if (!associatedGroups.Contains(desiredGroup))
{
return(new UsersGroup[0]);
}
var shortest = new List <UsersGroup>();
foreach (var usersGroup in associatedGroups)
{
var path = new List <UsersGroup>();
var current = usersGroup;
while (current != null && current != desiredGroup)
{
path.Add(current);
current = current.Parent;
}
if (current != null)
{
path.Add(current);
}
if (path.Contains(desiredGroup) && directGroups.Contains(path[0]))
{
shortest = Min(shortest, path);
}
}
return(shortest.ToArray());
}
public virtual EntitiesGroup[] GetAncestryAssociationOfEntity <TEntity>(TEntity entity, string entityGroupName) where TEntity : IEntityInformationExtractor <TEntity>
{
var desiredGroup = GetEntitiesGroupByName(entityGroupName);
ICollection <EntitiesGroup> directGroups =
SecurityCriterions.DirectEntitiesGroups(entity)
.GetExecutableCriteria(_session)
.SetCacheable(true)
.List <EntitiesGroup>();
if (directGroups.Contains(desiredGroup))
{
return(new[] { desiredGroup });
}
var associatedGroups = GetAssociatedEntitiesGroupsFor(entity);
if (!associatedGroups.Contains(desiredGroup))
{
return(new EntitiesGroup[0]);
}
var shortest = new List <EntitiesGroup>();
foreach (var entitiesGroup in associatedGroups)
{
var path = new List <EntitiesGroup>();
var current = entitiesGroup;
while (current != null && current != desiredGroup)
{
path.Add(current);
current = current.Parent;
}
if (current != null)
{
path.Add(current);
}
if (path.Contains(desiredGroup) && directGroups.Contains(path[0]))
{
shortest = Min(shortest, path);
}
}
return(shortest.ToArray());
}
public Permission[] GetPermissionsFor <TEntity>(User user, TEntity entity, string operationName) where TEntity : IEntityInformationExtractor <TEntity>
{
var key = entity.SecurityKey;
var operationNames = Strings.GetHierarchicalOperationNames(operationName);
var entitiesGroups = GetAssociatedEntitiesGroupsFor(entity);
//var usersGroups = GetAssociatedUsersGroupFor(user);
var onCriteria =
(Restrictions.Eq("EntitySecurityKey", key) || Restrictions.In("EntitiesGroup", entitiesGroups)) ||
(Restrictions.IsNull("EntitiesGroup") && Restrictions.IsNull("EntitySecurityKey"));
var criteria = DetachedCriteria.For <Permission>()
.Add(Restrictions.Eq("User", user) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
.Add(onCriteria)
.CreateAlias("Operation", "op")
.Add(Restrictions.In("op.Name", operationNames));
return(FindResults(criteria));
}
