/// <summary> /// Initializes a new instance of the <see cref="OperationDescriptionAttribute"/> class. /// </summary> /// <param name="area">The area.</param> /// <param name="operationLevel">The operation level.</param> public OperationDescriptionAttribute(PermissionArea area, PermissionOperationLevel operationLevel) { Area = area; OperationLevel = operationLevel; }
/// <summary> /// Determines whether the specified operation is allowed. /// </summary> /// <param name="operation">The operation.</param> /// <param name="user">The user.</param> /// <param name="entityType">Type of the entity.</param> /// <param name="entityId">The entity id.</param> /// <param name="isOwner">if set to <c>true</c> [is owner].</param> /// <param name="level">The level.</param> /// <returns> /// <c>true</c> if the specified operation is allowed; otherwise, <c>false</c>. /// </returns> public bool IsAllowed(int operation, ICorePrincipal user, Type entityType, long?entityId, bool isOwner, PermissionOperationLevel level) { //check if user is administrator if (user != null && user.IsInRole(SystemRole.Administrator.ToString())) { return(true); } bool isAllowed = false; var criteria = Session.CreateCriteria <Permission>(); if (user != null) { var rolesSubQuery = DetachedCriteria.For <Role>() .CreateAlias("Users", "user") .Add(Restrictions.Eq("user.id", user.PrincipalId)) .SetProjection(Projections.Id()); var userUserGroupsSubQuery = DetachedCriteria.For <UserGroup>() .CreateAlias("Users", "userGroupUser", JoinType.LeftOuterJoin) .Add(Restrictions.Eq("userGroupUser.id", user.PrincipalId)) .SetProjection(Projections.Id()); var userGroupsRolesSubQuery = DetachedCriteria.For <Role>() .CreateAlias("UserGroups", "userGroup", JoinType.LeftOuterJoin) .Add(Subqueries.PropertyIn("userGroup.id", userUserGroupsSubQuery)) .SetProjection(Projections.Id()); criteria.Add(Restrictions.Or( Restrictions.Or(Subqueries.PropertyIn("Role.Id", rolesSubQuery), Subqueries.PropertyIn("Role.Id", userGroupsRolesSubQuery)), !isOwner ? Restrictions.Eq("Role.Id", (Int64)SystemRole.User) : Restrictions.In("Role.Id", new List <SystemRole> { SystemRole.User, SystemRole.Owner }))); } else { criteria.Add(Restrictions.Eq("Role.Id", (Int64)SystemRole.Guest)); } criteria.CreateAlias("EntityType", "et").Add(Restrictions.Eq("et.Name", PermissionsHelper.GetEntityType(entityType))); switch (level) { case PermissionOperationLevel.Type: criteria.Add(Restrictions.IsNull("EntityId")); break; case PermissionOperationLevel.Object: criteria.Add(Restrictions.Eq("EntityId", entityId)); break; case PermissionOperationLevel.ObjectType: criteria.Add(Restrictions.Or(Restrictions.IsNull("EntityId"), Restrictions.Eq("EntityId", entityId))); break; } var rules = criteria.SetCacheable(true).List <Permission>(); foreach (var rule in rules.Where(rule => !isAllowed)) { isAllowed = (rule.Permissions & operation) == operation; } return(isAllowed); }
public bool IsAllowed(int operation, ICorePrincipal user, Type entityType, long?entityId, PermissionOperationLevel level) { return(IsAllowed(operation, user, entityType, entityId, false, level)); }