/// <inheritdoc /> public override IPermission CreatePermission(OperationSemantic semantic) { switch (semantic) { case OperationSemantic.Default: case OperationSemantic.Read: return(new Permission(_defaultPermission)); case OperationSemantic.Write: return(new Permission(_writePermission ?? _defaultPermission)); default: throw new ArgumentOutOfRangeException(nameof(semantic), semantic, null); } }
/// <summary> /// Requires a permission for the given operation semantic, parameter index and securable object. /// </summary> /// <param name="member">The member, field or property being accessed.</param> /// <param name="semantic">The semantic of the operation being executed.</param> /// <param name="parameterIndex"> /// The 1-based index of the parameter on which the permission is required, or 0 if the /// permission is required on the <c>this</c> object. /// </param> /// <param name="securable"></param> internal void RequirePermission(MemberInfo member, OperationSemantic semantic, int parameterIndex, object securable) { if (evaluatingPermissions) { return; } if (SecurityContext.Current == null) { return; } var subject = SecurityContext.Current.Subject; var policy = SecurityContext.Current.Policy; if (policy == null) { return; } try { evaluatingPermissions = true; foreach (var permission in _permissions) { if ((permission.Semantic == OperationSemantic.Default || permission.Semantic == semantic) && permission.ParameterIndex == parameterIndex) { if (!policy.Evaluate(subject, permission.Permission, securable)) { SecurityContext.Current.ExceptionHandler?.OnSecurityException(member, semantic, securable, SecurityContext.Current.Subject, permission.Permission); string memberKind; if (member is FieldInfo) { memberKind = "field"; } else if (member is PropertyInfo) { memberKind = "property"; } else if (member is MethodBase) { memberKind = "method"; } else { throw new ArgumentOutOfRangeException(nameof(member)); } throw new SecurityException( $"Cannot {semantic.ToString().ToLowerInvariant()} the {memberKind} {member.DeclaringType.Name}.{member.Name}: the subject '{subject.Name}' does not have the {permission.Permission.Name} permission on the object '{securable}'."); } } } } finally { evaluatingPermissions = false; } }
public OperationPermission(OperationSemantic semantic, int parameterIndex, [Required] T permission) { Semantic = semantic; Permission = permission; ParameterIndex = parameterIndex; }
/// <inheritdoc /> public abstract IPermission CreatePermission(OperationSemantic semantic);