protected override void ConfigureSecurity(ExecutionContext context) { context.Assertions.Add(c => { if (!c.User.CanGrantRole(Role)) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot grant role '{1}' to '{2}'.", c.User.Name, Role, Grantee)))); } return(AssertResult.Allow()); }); context.Assertions.Add(c => { if (WithAdmin) { if (!c.User.IsRoleAdmin(Role)) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' does not administrate role '{1}'.", c.User, Role)))); } } return(AssertResult.Allow()); }); context.Assertions.Add(c => { if (!c.User.CanManageUsers()) { throw new SecurityException(String.Format("The user '{0}' has not enough rights to manage other users.", c.User.Name)); } }); }
protected override void ConfigureSecurity(ExecutionContext context) { context.Assertions.Add(c => { bool modifyOwnRecord = c.User.Name.Equals(UserName); if (modifyOwnRecord) { return(AssertResult.Allow()); } if (!c.User.CanManageUsers()) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot create users", c.User.Name)))); } return(AssertResult.Allow()); }); context.Assertions.Add(c => { if (String.Equals(UserName, User.PublicName, StringComparison.OrdinalIgnoreCase) || String.Equals(UserName, User.SystemName, StringComparison.OrdinalIgnoreCase)) { return(AssertResult.Deny(new SecurityException(String.Format("User name '{0}' is reserved for the system.", UserName)))); } return(AssertResult.Allow()); }); }
protected override void ConfigureSecurity(ExecutionContext context) { context.Assertions.Add(c => { if (!c.User.CanManageRoles()) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' has not enough rights to create roles.", c.User.Name)))); } return(AssertResult.Allow()); }); }
protected override void ConfigureSecurity(ExecutionContext context) { context.Assertions.Add(c => { if (String.Equals(UserName, User.PublicName, StringComparison.OrdinalIgnoreCase) || String.Equals(UserName, User.SystemName, StringComparison.OrdinalIgnoreCase)) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' is reserved and cannot be dropped.", UserName)))); } return(AssertResult.Allow()); }); context.Assertions.Add(c => { if (!c.User.CanDropUser(UserName)) { throw new SecurityException(String.Format("The user '{0}' has not enough rights to drop the other user '{1}'", c.User.Name, UserName)); } }); }
protected override void ConfigureSecurity(ExecutionContext context) { context.Assertions.Add(c => { if (SystemRoles.IsSystemRole(RoleName)) { return(AssertResult.Deny(new SecurityException(String.Format("The role '{0}' is system protected.", RoleName)))); } return(AssertResult.Allow()); }); context.Assertions.Add(c => { if (!c.User.CanDropRole(RoleName)) { return(AssertResult.Deny(new SecurityException(String.Format("User '{0}' has not enough rights to drop a role.", c.User.Name)))); } return(AssertResult.Allow()); }); }