public Zetbox.API.AccessRights GetGroupAccessRights(InterfaceType ifType)
{
if (Identity == null || !ifType.Type.IsIDataObject())
{
return(Zetbox.API.AccessRights.Full);
}
// Identity is a Administrator - is allowed to do everything
if (Identity.IsAdmininistrator())
{
return(Zetbox.API.AccessRights.Full);
}
// Case #1363: May return NULL during initialization
var objClass = metaDataResolver.GetObjectClass(ifType);
if (objClass == null)
{
return(Zetbox.API.AccessRights.Full);
}
// Only ACL's on Root classes are allowed
var rootClass = objClass.GetRootClass();
// No AccessControlList - full rights
if (!rootClass.HasAccessControlList())
{
return(Zetbox.API.AccessRights.Full);
}
var rights = rootClass.GetGroupAccessRights(Identity);
if (rights.HasValue)
{
return(rights.Value);
}
else
{
return(rootClass.NeedsRightsTable() ? Zetbox.API.AccessRights.None : Zetbox.API.AccessRights.Full);
}
}
private Expression AddSecurityFilter(Expression e, InterfaceType ifType)
{
if (Identity == null || !ifType.Type.IsIDataObject())
{
return(e);
}
// Case #1363: May return NULL during initialization
var objClass = MetaDataResolver.GetObjectClass(ifType);
if (objClass == null)
{
return(e);
}
// Only ACL's on Root classes are allowed
var rootClass = objClass.GetRootClass();
if (Ctx.GetGroupAccessRights(ifType).HasReadRights())
{
return(e);
}
else if (rootClass.NeedsRightsTable())
{
// original expression type
var type = TranslateType(ifType.Type);
var baseIfType = rootClass.GetDescribedInterfaceType();
var rights_type = Type.GetType(baseIfType.Type.FullName + "_Rights" + ImplementationSuffix + ", " + type.Assembly.FullName, true);
// .Where(o => o.Projekte_Rights.Any(r => r.Identity == 12))
ParameterExpression pe_o = Expression.Parameter(type, "o");
ParameterExpression pe_r = Expression.Parameter(rights_type, "r");
// r.Identity == 12
var eq_identity = Expression.Equal(
Expression.PropertyOrField(pe_r, "Identity"),
Expression.Constant(Identity.ID),
false,
typeof(int).GetMethod("op_Equality"));
// r => r.Identity == 12
var eq_identity_lambda = Expression.Lambda(eq_identity, pe_r);
// o.Projekte_Rights
var any_src = Expression.PropertyOrField(pe_o, "SecurityRightsCollection" + Zetbox.API.Helper.ImplementationSuffix);
// o.Projekte_Rights.Any(r => r.Identity == 12)
var any = Expression.Call(typeof(System.Linq.Enumerable), "Any", new Type[] { rights_type },
any_src,
eq_identity_lambda);
// o.Projekte_Rights.Any(r => r.Identity == 12)
//var eq_count = Expression.Equal(
// count,
// Expression.Constant(1),
// false,
// typeof(int).GetMethod("op_Equality"));
// (o => o.Projekte_Rights.Any(r => r.Identity == 12))
var filter = Expression.Lambda(any, new ParameterExpression[] { pe_o });
// e.Where(o => o.Projekte_Rights.Any(r => r.Identity == 12))
var result = Expression.Call(typeof(Queryable), "Where", new Type[] { type }, e, filter);
return(result);
}
else
{
// No Group Membership, no rights table - no rights
throw new System.Security.SecurityException(string.Format("Identity has no rights to query '{0}'", ifType.Type.FullName));
}
}
