Esempio n. 1
0
 protected void VerifyPermission(string permissionName, string module)
 {
     if (!_authQueries.VerifyPermission(UserId, permissionName, module))
     {
         throw new HttpException(403, "Access forbidden");
     }
 }
Esempio n. 2
0
        public JsonResult PlayerData(SearchPackage searchPackage)
        {
            var allowViewEmail  = _authQueries.VerifyPermission(UserId, Permissions.ViewEmail, Modules.PlayerReport);
            var allowViewMobile = _authQueries.VerifyPermission(UserId, Permissions.ViewMobile, Modules.PlayerReport);

            var dataBuilder = new SearchPackageDataBuilder <PlayerRecord>(searchPackage, _queries.GetPlayerRecords());
            var data        = dataBuilder
                              .Map(r => r.PlayerId, r => new object[]
            {
                r.Licensee,
                r.Brand,
                r.Username,
                allowViewMobile ? r.Mobile : r.Mobile.MaskMobile(),
                allowViewEmail ? r.Email : r.Email.MaskEmail(),
                r.Birthday,
                r.IsInternalAccount,
                r.RegistrationDate,
                r.IsInactive,
                r.Language,
                r.Currency,
                r.SignUpIP,
                r.VipLevel,
                r.Country,
                r.PlayerName,
                r.Title,
                r.Gender,
                r.StreetAddress,
                r.PostCode,
                r.Created,
                r.CreatedBy,
                r.Updated,
                r.UpdatedBy,
                r.Activated,
                r.ActivatedBy,
                r.Deactivated,
                r.DeactivatedBy
            })
                              .GetPageData(r => r.RegistrationDate);

            return(new JsonResult {
                Data = data, MaxJsonLength = int.MaxValue, JsonRequestBehavior = JsonRequestBehavior.AllowGet
            });
        }
Esempio n. 3
0
        public RejectOnlineDepositResponse Reject(RejectOnlineDepositRequest request)
        {
            if (false ==
                (_authQueries.VerifyPermission(UserId, Permissions.Reject, Modules.DepositVerification) ||
                 _authQueries.VerifyPermission(UserId, Permissions.Reject, Modules.DepositApproval)))
            {
                throw new HttpException(403, "Access forbidden");
            }

            var data = _onlineDepositQueries.GetOnlineDepositById(request.Id);

            CheckBrand(data.BrandId);

            var model = Mapper.Map <Core.Payment.Interface.Data.RejectOnlineDepositRequest>(request);

            _onlineDepositCommands.Reject(model);

            return(new RejectOnlineDepositResponse
            {
                Success = true
            });
        }
Esempio n. 4
0
        public void Can_verify_permission_for_admin()
        {
            _authCommands.CreatePermission(new CreatePermission
            {
                Name   = "Test",
                Module = "Test"
            });
            var permissions = _authQueries.GetPermissions().Select(p => p.Id);
            var roleId      = Guid.NewGuid();

            _authCommands.CreateRole(new CreateRole
            {
                RoleId      = roleId,
                Permissions = permissions.ToList()
            });
            var actorId          = Guid.NewGuid();
            var createActorModel = new CreateActor
            {
                ActorId  = actorId,
                Password = TestDataGenerator.GetRandomString(),
                Username = TestDataGenerator.GetRandomString()
            };

            _authCommands.CreateActor(createActorModel);
            _authCommands.AssignRoleToActor(new AssignRole
            {
                ActorId = createActorModel.ActorId,
                RoleId  = roleId
            });

            var actorHasPermission   = _authQueries.VerifyPermission(actorId, "Test", "Test");
            var actorHasNoPermission = _authQueries.VerifyPermission(actorId, "Invalid", "Invalid");

            actorHasPermission.Should().BeTrue();
            actorHasNoPermission.Should().BeFalse();
        }
        public IMethodReturn Invoke(IMethodInvocation input,
                                    GetNextInterceptionBehaviorDelegate getNext)
        {
            var methodBaseClass = input.MethodBase;

            if (input.MethodBase.DeclaringType != null && input.MethodBase.DeclaringType.IsInterface)
            {
                // Map interface method to implementing class method which contains the Permission attributes
                var targetType           = input.Target.GetType();
                var parameterTypes       = input.MethodBase.GetParameters().Select(par => par.ParameterType).ToArray();
                const BindingFlags flags = BindingFlags.NonPublic | BindingFlags.Public | BindingFlags.DeclaredOnly | BindingFlags.Instance;
                methodBaseClass = targetType.GetMethod(input.MethodBase.ReflectedType.FullName + "." + input.MethodBase.Name, flags, Type.DefaultBinder, parameterTypes, null) ??
                                  targetType.GetMethod(input.MethodBase.Name, flags, Type.DefaultBinder, parameterTypes, null) ??
                                  input.MethodBase;
            }

            var permissionAttrs = methodBaseClass.GetCustomAttributes(typeof(PermissionAttribute), true);

            if (permissionAttrs.Any())
            {
                if (_actorInfoProvider.IsActorAvailable == false)
                {
                    throw new RegoException("Current user data is not accessible.");
                }

                var userId  = _actorInfoProvider.Actor.Id;
                var allowed = permissionAttrs.Select(p => (PermissionAttribute)p).Aggregate(false, (current, permission) => current ||
                                                                                            _authQueries.VerifyPermission(userId,
                                                                                                                          permission.Permission, permission.Module));

                if (!allowed)
                {
                    throw new InsufficientPermissionsException(
                              string.Format("User \"{0}\" has insufficient permissions for the operation ", _actorInfoProvider.Actor.UserName));
                }
            }

            // Invoke the next behavior in the chain.
            var result = getNext()(input, getNext);

            return(result);
        }