Esempio n. 1
0
        /// <inheritdoc />
        public override IPermission CreatePermission(OperationSemantic semantic)
        {
            switch (semantic)
            {
            case OperationSemantic.Default:
            case OperationSemantic.Read:
                return(new Permission(_defaultPermission));

            case OperationSemantic.Write:
                return(new Permission(_writePermission ?? _defaultPermission));

            default:
                throw new ArgumentOutOfRangeException(nameof(semantic), semantic, null);
            }
        }
        /// <summary>
        ///   Requires a permission for the given operation semantic, parameter index and securable object.
        /// </summary>
        /// <param name="member">The member, field or property being accessed.</param>
        /// <param name="semantic">The semantic of the operation being executed.</param>
        /// <param name="parameterIndex">
        ///   The 1-based index of the parameter on which the permission is required, or 0 if the
        ///   permission is required on the <c>this</c> object.
        /// </param>
        /// <param name="securable"></param>
        internal void RequirePermission(MemberInfo member, OperationSemantic semantic, int parameterIndex, object securable)
        {
            if (evaluatingPermissions)
            {
                return;
            }

            if (SecurityContext.Current == null)
            {
                return;
            }

            var subject = SecurityContext.Current.Subject;
            var policy  = SecurityContext.Current.Policy;

            if (policy == null)
            {
                return;
            }


            try
            {
                evaluatingPermissions = true;

                foreach (var permission in _permissions)
                {
                    if ((permission.Semantic == OperationSemantic.Default || permission.Semantic == semantic) &&
                        permission.ParameterIndex == parameterIndex)
                    {
                        if (!policy.Evaluate(subject, permission.Permission, securable))
                        {
                            SecurityContext.Current.ExceptionHandler?.OnSecurityException(member, semantic, securable,
                                                                                          SecurityContext.Current.Subject, permission.Permission);

                            string memberKind;
                            if (member is FieldInfo)
                            {
                                memberKind = "field";
                            }
                            else if (member is PropertyInfo)
                            {
                                memberKind = "property";
                            }
                            else if (member is MethodBase)
                            {
                                memberKind = "method";
                            }
                            else
                            {
                                throw new ArgumentOutOfRangeException(nameof(member));
                            }

                            throw new SecurityException(
                                      $"Cannot {semantic.ToString().ToLowerInvariant()} the {memberKind} {member.DeclaringType.Name}.{member.Name}: the subject '{subject.Name}' does not have the {permission.Permission.Name} permission on the object '{securable}'.");
                        }
                    }
                }
            }
            finally
            {
                evaluatingPermissions = false;
            }
        }
 public OperationPermission(OperationSemantic semantic, int parameterIndex, [Required] T permission)
 {
     Semantic       = semantic;
     Permission     = permission;
     ParameterIndex = parameterIndex;
 }
 /// <inheritdoc />
 public abstract IPermission CreatePermission(OperationSemantic semantic);