public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation readOperation, TransactionInformation transactionInformation) { if (AuthorizationContext.IsInAuthorizationContext) { return(ReadVetoResult.Allowed); } using (AuthorizationContext.Enter()) { var user = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationUser]; var operation = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationOperation]; if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user)) { return(ReadVetoResult.Allowed); } var sw = new StringWriter(); var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine); if (isAllowed) { return(ReadVetoResult.Allowed); } return(readOperation == ReadOperation.Query ? ReadVetoResult.Ignore : ReadVetoResult.Deny(sw.GetStringBuilder().ToString())); } }
public override VetoResult AllowDelete(string key, TransactionInformation transactionInformation) { if (AuthorizationContext.IsInAuthorizationContext) { return(VetoResult.Allowed); } using (AuthorizationContext.Enter()) { var user = CurrentOperationContext.Headers.Value[Constants.RavenAuthorizationUser]; var operation = CurrentOperationContext.Headers.Value[Constants.RavenAuthorizationOperation]; if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user)) { return(VetoResult.Allowed); } var previousDocument = Database.Get(key, transactionInformation); if (previousDocument == null) { return(VetoResult.Allowed); } var sw = new StringWriter(); var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, previousDocument.Metadata, sw.WriteLine); return(isAllowed ? VetoResult.Allowed : VetoResult.Deny(sw.GetStringBuilder().ToString())); } }
public override void Respond(IHttpContext context) { var match = urlMatcher.Match(context.GetRequestUrl()); var userId = match.Groups[1].Value; var docIds = context.Request.QueryString.GetValues("id"); var operation = context.Request.QueryString["operation"]; var transactionInformation = GetRequestTransaction(context); if (docIds == null || string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(userId)) { context.SetStatusToBadRequest(); return; } var list = new List <OperationAllowedResult>(); // we don't want security to take hold when we are trying to ask about security using (AuthorizationContext.Enter()) { foreach (var docId in docIds) { var document = Database.GetDocumentMetadata(docId, transactionInformation); if (document == null) { list.Add(new OperationAllowedResult { IsAllowed = false, Reasons = new List <string> { "Document " + docId + " does not exists" } }); continue; } var reasons = new List <string>(); var authorizationDecisions = new AuthorizationDecisions(Database); var isAllowed = authorizationDecisions.IsAllowed(userId, operation, docId, document.Metadata, reasons.Add); list.Add(new OperationAllowedResult { IsAllowed = isAllowed, Reasons = reasons }); } } context.WriteJson(list); }