public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); Role myAddressPermissions = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "AggregatedObjectPermissionsOnly")); if (myAddressPermissions == null) { myAddressPermissions = ObjectSpace.CreateObject <Role>(); myAddressPermissions.Name = "AggregatedObjectPermissionsOnly"; myAddressPermissions.AddPermission(new ObjectAccessPermission(typeof(MyPerson), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); myAddressPermissions.AddPermission(new ObjectAccessPermission(typeof(MyAddress), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); myAddressPermissions.Save(); } User userSam = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam")); if (userSam == null) { userSam = ObjectSpace.CreateObject <User>(); userSam.UserName = "******"; userSam.FirstName = "Sam"; userSam.Roles.Add(myAddressPermissions); userSam.Save(); } }
private static void PopulateSystemRoles() { var authZRole = new Role(_authZRoleId); authZRole.AddPermission(new Permission(IdentityAndAccessConstants.Context, nameof(GetUser))); authZRole.AddPermission(new Permission(IdentityAndAccessConstants.Context, nameof(CreateUser))); _systemRoleStore[_authZRoleId] = authZRole; }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); Employee userAdmin = Session.FindObject<Employee>(new BinaryOperator("UserName", "Admin")); if (new XPCollection<Company>(Session).Count == 0) { using (Role administratorRole = new Role(Session) { Name = "Administrator role" }) { administratorRole.AddPermission(new EditModelPermission()); administratorRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); administratorRole.Save(); using (Role userRole = new Role(Session) { Name = "User" }) { userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Navigate)); userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Read)); userRole.Save(); } userAdmin = new Employee(Session); userAdmin.UserName = "******"; userAdmin.FirstName = "Admin"; userAdmin.LastName = ""; userAdmin.Roles.Add(administratorRole); userAdmin.Save(); using (Branch branch1 = new Branch(Session) { Acronym = "WTPR", Branchname = "Roadmax Head Office" }) { using (Company company1 = new Company(Session) { CompanyName = "Roadmax Marketing Inc.", Acronym = "WTPR" }) { company1.Employees.Add(userAdmin); company1.Branches.Add(branch1); company1.Save(); ImportData(company1); } } } using (Currency curr = new Currency(Session) { CurrencyName = "Peso", CurrencyRate = 1 }) { curr.Save(); } using (VatCategory vat = new VatCategory(Session) { Acronym = "VAT", Description = "Vatable", Rate = 12 }) { vat.Save(); } } //importReport("SOHeaderPrintOut"); }
public void AndRoleHasPermission(string roleKey, string permissionKey) { var role = new Role(new RoleId(roleKey)); role.AddPermission(_permissions[permissionKey]); _rolesStore.Get(role.Id).Returns(role); }
void LoadDefaultUsersAndRolesData() { Employee adminUser = ObjectSpace.FindObject <Employee>(new BinaryOperator("UserName", "Admin")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <Employee>(); adminUser.UserName = "******"; adminUser.SetPassword(""); } Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrator")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <Role>(); adminRole.Name = "Administrator"; } while (adminRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(adminRole.PersistentPermissions[0]); } adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); adminRole.Save(); adminUser.Roles.Add(adminRole); adminUser.Save(); }
public HardcodedRolesStore() { var visitor = new Role(_visitor); visitor.AddPermission(new Permission("contributors", "getall")); _roles[_visitor] = visitor; var sysadmin = new Role(_sysAdmin); sysadmin.AddPermission(new Permission("contributors", "getall")); sysadmin.AddPermission(new Permission("players", "create")); sysadmin.AddPermission(new Permission("players", "getall")); _roles[_sysAdmin] = sysadmin; }
/// <summary> /// Atualiza a base após um update do programa /// </summary> public override void UpdateDatabaseAfterUpdateSchema() { String userName = ADResources.AdminUser; String fullName = ADResources.AdminName; String passWord = ADResources.AdminPass; // If a user doesn't exist in the database, create this user User admin = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", userName)); if (admin == null) { admin = ObjectSpace.CreateObject <User>(); admin.UserName = userName; admin.FirstName = fullName; // Set a password if the standard authentication type is used admin.SetPassword(passWord); } // If a role with the Administrators name doesn't exist in the database, create this role Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administradores")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <Role>(); adminRole.Name = "Administradores"; } // Delete all permissions assigned to the Administrators and Users roles while (adminRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(adminRole.PersistentPermissions[0]); } // Allow full access to all objects to the Administrators role adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); // Allow editing the Application Model to the Administrators role adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow)); // Save the Administrators role to the database adminRole.Save(); // Add the Administrators role to the user1 admin.Roles.Add(adminRole); // Save the users to the database admin.Save(); ObjectSpace.CommitChanges(); base.UpdateDatabaseAfterUpdateSchema(); }
public void GivenRoleHasPermission(string roleKey, string permissionKey) { var role = new Role(new RoleId(roleKey)); role.AddPermission(_permissions[permissionKey]); _testFixture.SetupRole(role); }
//增加权限 protected void AddPermissionButton_Click(object sender, System.EventArgs e) { if (this.CategoryList.SelectedIndex > -1) { int currentRole = Convert.ToInt32(Request["RoleID"]); Role bizRole = new Role(currentRole); bizRole.AddPermission(Convert.ToInt32(this.CategoryList.SelectedValue)); CategoryDownList_SelectedIndexChanged(sender, e); } }
/// <summary> /// Update permissions associated with a role /// </summary> /// <remarks>Updates the permissions for a role</remarks> /// <param name="id">id of Role to update</param> /// <param name="items"></param> /// <response code="200">OK</response> /// <response code="404">Role not found</response> public virtual IActionResult RolesIdPermissionsPutAsync(int id, PermissionViewModel[] items) { using (IDbContextTransaction txn = _context.BeginTransaction()) { Role role = _context.Roles .Where(x => x.Id == id) .Include(x => x.RolePermissions) .ThenInclude(rolePerm => rolePerm.Permission) .FirstOrDefault(); if (role == null) { // record not found return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration)))); } List <Permission> allPermissions = _context.Permissions.ToList(); List <int?> permissionIds = items.Select(x => x.Id).ToList(); List <int> existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList(); List <int?> permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains((int)x)).ToList(); // Permissions to add foreach (int?permissionId in permissionIdsToAdd) { Permission permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId); if (permToAdd == null) { throw new ArgumentException(string.Format("Invalid Permission Code {0}", permissionId)); } role.AddPermission(permToAdd); } // Permissions to remove List <RolePermission> permissionsToRemove = role.RolePermissions.Where(x => x.Permission != null && !permissionIds.Contains(x.Permission.Id)).ToList(); foreach (RolePermission perm in permissionsToRemove) { role.RemovePermission(perm.Permission); _context.RolePermissions.Remove(perm); } _context.Roles.Update(role); _context.SaveChanges(); txn.Commit(); IEnumerable <Permission> dbPermissions = role.RolePermissions.Select(x => x.Permission); // create DTO with serializable response List <PermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList(); return(new ObjectResult(new HetsResponse(result))); } }
public void Execute(AddRolePermissionCommand command) { Role role = repository.GetRoleWithPermissions(command.RoleId); if (!role.HasPermission(command.PermissionId)) { Permission permission = repository.GetPermission(command.PermissionId); role.AddPermission(permission); repository.SaveChanges(); auditTrail.AddEntry(command.PermissionId, role.Name, permission.Description, "Lisätty käyttöoikeus roolille"); } }
//增加权限 protected void AddPermissionButton_Click(object sender, System.EventArgs e) { int[] items = CategoryList.GetSelectedIndices(); if (items.Length > 0) { int currentRole = Convert.ToInt32(Request["RoleID"]); Role bizRole = new Role(currentRole); foreach (int i in items) { int permid = Convert.ToInt32(this.CategoryList.Items[i].Value); bizRole.AddPermission(permid); } } CategoryDownList_SelectedIndexChanged(sender, e); }
/// <summary> /// Add permissions to a role /// </summary> /// <remarks>Adds permissions to a role</remarks> /// <param name="id">id of Role to update</param> /// <param name="items"></param> /// <response code="200">OK</response> /// <response code="404">Role not found</response> public virtual IActionResult RolesIdPermissionsPostAsync(int id, Permission[] items) { using (IDbContextTransaction txn = _context.BeginTransaction()) { Role role = _context.Roles .Where(x => x.Id == id) .Include(x => x.RolePermissions) .ThenInclude(rolePerm => rolePerm.Permission) .FirstOrDefault(); if (role == null) { // Not Found return(new StatusCodeResult(404)); } var allPermissions = _context.Permissions.ToList(); var permissionIds = items.Select(x => x.Id).ToList(); var existingPermissionIds = role.RolePermissions.Select(x => x.Permission.Id).ToList(); var permissionIdsToAdd = permissionIds.Where(x => !existingPermissionIds.Contains(x)).ToList(); // Permissions to add foreach (int permissionId in permissionIdsToAdd) { Permission permToAdd = allPermissions.FirstOrDefault(x => x.Id == permissionId); if (permToAdd == null) { throw new ArgumentException(string.Format("Invalid Permission Code {0}", permissionId)); } role.AddPermission(permToAdd); } _context.Roles.Update(role); _context.SaveChanges(); txn.Commit(); IEnumerable <Permission> dbPermissions = role.RolePermissions.Select(x => x.Permission); // Create DTO with serializable response List <PermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList(); return(new ObjectResult(result)); } }
/// <summary> /// Add permission to a role /// </summary> /// <remarks>Adds permissions to a role</remarks> /// <param name="id">id of Role to update</param> /// <param name="item"></param> /// <response code="200">OK</response> /// <response code="404">Role not found</response> public virtual IActionResult RolesIdPermissionsPostAsync(int id, PermissionViewModel item) { using (IDbContextTransaction txn = _context.BeginTransaction()) { Role role = _context.Roles .Where(x => x.Id == id) .Include(x => x.RolePermissions) .ThenInclude(rolePerm => rolePerm.Permission) .FirstOrDefault(); if (role == null) { // record not found return(new ObjectResult(new HetsResponse("HETS-01", ErrorViewModel.GetDescription("HETS-01", _configuration)))); } List <Permission> allPermissions = _context.Permissions.ToList(); List <string> existingPermissionCodes = role.RolePermissions.Select(x => x.Permission.Code).ToList(); if (!existingPermissionCodes.Contains(item.Code)) { Permission permToAdd = allPermissions.FirstOrDefault(x => x.Code == item.Code); if (permToAdd == null) { throw new ArgumentException(string.Format("Invalid Permission Code {0}", item.Code)); } role.AddPermission(permToAdd); } _context.Roles.Update(role); _context.SaveChanges(); txn.Commit(); List <RolePermission> dbPermissions = _context.RolePermissions.ToList(); // Create DTO with serializable response List <RolePermissionViewModel> result = dbPermissions.Select(x => x.ToViewModel()).ToList(); return(new ObjectResult(new HetsResponse(result))); } }
public void btnSave_Click(object sender, System.EventArgs e) { Role bllRole = new Role(); bllRole.RoleID = Convert.ToInt32(lblRoleID.Text); foreach (ListItem item in chkPermissions.Items) { if (item.Selected) { bllRole.AddPermission(Convert.ToInt32(item.Value)); } else { bllRole.RemovePermission(Convert.ToInt32(item.Value)); } } LogHelp.AddUserLog(CurrentUser.UserName, CurrentUser.UserType, "编辑角色权限", this); YSWL.Common.MessageBox.ShowSuccessTip(this, Resources.Site.TooltipSaveOK); }
public void ProcessMessage(IHandlerContext <SetRolePermissionCommand> context) { var message = context.Message; using (_databaseContextFactory.Create()) { var role = new Role(message.RoleId); var stream = _eventStore.Get(message.RoleId); stream.Apply(role); if (message.Active && !role.HasPermission(message.Permission)) { stream.AddEvent(role.AddPermission(message.Permission)); } if (!message.Active && role.HasPermission(message.Permission)) { stream.AddEvent(role.RemovePermission(message.Permission)); } _eventStore.Save(stream); } }
private void CreateDemoObjects() { User user = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam")); if (user == null) { user = ObjectSpace.CreateObject <User>(); user.UserName = "******"; user.FirstName = "Sam"; } User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John")); if (user2 == null) { user2 = ObjectSpace.CreateObject <User>(); user2.UserName = "******"; user2.FirstName = "John"; } User workflowServiceUser = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "WorkflowService")); if (workflowServiceUser == null) { workflowServiceUser = ObjectSpace.CreateObject <User>(); workflowServiceUser.UserName = "******"; workflowServiceUser.FirstName = "WorkflowService"; } Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <Role>(); adminRole.Name = "Administrators"; adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow)); adminRole.Users.Add(user); adminRole.Users.Add(workflowServiceUser); } if (ObjectSpace.GetObjects <Issue>().Count == 0) { Issue issue = ObjectSpace.CreateObject <Issue>(); issue.Subject = "Processed issue"; issue.Active = false; issue.SetCreatedBy(user); Issue issue2 = ObjectSpace.CreateObject <Issue>(); issue2.Subject = "Active issue"; issue2.Active = true; issue2.SetCreatedBy(user); } if (ObjectSpace.GetObjects <XpoWorkflowDefinition>().Count == 0) { XpoWorkflowDefinition definition = ObjectSpace.CreateObject <XpoWorkflowDefinition>(); definition.Name = "Create Task for active Issue"; definition.Xaml = CreateTaskForActiveIssueWorkflowXaml; definition.TargetObjectType = typeof(Issue); definition.AutoStartWhenObjectFitsCriteria = true; definition.Criteria = "[Active] = True"; definition.IsActive = true; XpoWorkflowDefinition codeActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>(); codeActivityDefinition.Name = "Create Task for active Issue (Code Activity)"; codeActivityDefinition.Xaml = CodeActivityCreateTaskForActiveIssueWorkflowXaml; codeActivityDefinition.TargetObjectType = typeof(Issue); codeActivityDefinition.AutoStartWhenObjectIsCreated = true; codeActivityDefinition.IsActive = false; XpoWorkflowDefinition customStartWorkflowActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>(); customStartWorkflowActivityDefinition.Name = "Custom start workflow"; customStartWorkflowActivityDefinition.Xaml = StartWorkflowViaReceiveAndCustomContractXaml; customStartWorkflowActivityDefinition.TargetObjectType = typeof(WorkflowDemo.Module.Objects.Task); customStartWorkflowActivityDefinition.IsActive = true; XpoWorkflowDefinition receiveCorrelationsActivityDefinition = ObjectSpace.CreateObject <XpoWorkflowDefinition>(); receiveCorrelationsActivityDefinition.Name = "Start/stop (correlations) demo"; receiveCorrelationsActivityDefinition.Xaml = ReceiveCorrelationsXaml; receiveCorrelationsActivityDefinition.TargetObjectType = typeof(WorkflowDemo.Module.Objects.Task); receiveCorrelationsActivityDefinition.IsActive = true; } ObjectSpace.CommitChanges(); }
private void AddRoleToUser(Role userRole) { //userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess)); //userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); #region Create Users for the Complex Security Strategy // If a user named 'Sam' doesn't exist in the database, create this user User user1 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam")); if (user1 == null) { user1 = ObjectSpace.CreateObject <User>(); user1.UserName = "******"; user1.FirstName = "Sam"; // Set a password if the standard authentication type is used user1.SetPassword(""); } // If a user named 'John' doesn't exist in the database, create this user User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John")); if (user2 == null) { user2 = ObjectSpace.CreateObject <User>(); user2.UserName = "******"; user2.FirstName = "John"; // Set a password if the standard authentication type is used user2.SetPassword(""); } // If a role with the Administrators name doesn't exist in the database, create this role Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <Role>(); adminRole.Name = "Administrators"; } // If a role with the Users name doesn't exist in the database, create this role Role userRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <Role>(); userRole.Name = "Users"; } // Delete all permissions assigned to the Administrators and Users roles while (adminRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(adminRole.PersistentPermissions[0]); } while (userRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(userRole.PersistentPermissions[0]); } // Allow full access to all objects to the Administrators role adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); // Deny editing access to the AuditDataItemPersistent type objects to the Administrators role adminRole.AddPermission(new ObjectAccessPermission(typeof(AuditDataItemPersistent), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); // Allow editing the application model to the Administrators role adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow)); // Save the Administrators role to the database adminRole.Save(); // Allow full access to all objects to the Users role userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); // Deny editing access to the User type objects to the Users role userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); // Deny full access to the Role type objects to the Users role userRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); // Deny editing the application model to the Users role userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); // Save the Users role to the database userRole.Save(); // Add the Administrators role to the user1 user1.Roles.Add(adminRole); // Add the Users role to the user2 user2.Roles.Add(userRole); // Save the users to the database user1.Save(); user2.Save(); ObjectSpace.CommitChanges(); #endregion }
public static void CreatePermission(Session sess) { Role roleBasic = sess.FindObject<Role>(new BinaryOperator("Name", "基本")); if (roleBasic == null) { roleBasic = new Role(sess); roleBasic.Name = "基本"; roleBasic.AddPermission(new ObjectAccessPermission(typeof(Barcode), ObjectAccess.Read)); roleBasic.AddPermission(new ObjectAccessPermission(typeof(FileDataEx), ObjectAccess.AllAccess)); roleBasic.AddPermission(new ObjectAccessPermission(typeof(SystemSetting), ObjectAccess.Read)); roleBasic.AddPermission(new ObjectAccessPermission(typeof(Unit), ObjectAccess.Read & ObjectAccess.Navigate)); roleBasic.AddPermission(new ObjectAccessPermission(typeof(UnitConvert), ObjectAccess.Read & ObjectAccess.Navigate)); roleBasic.Save(); } Role roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-只读")); if (roleItem == null) { roleItem = new Role(sess); roleItem.Name = "产品-只读"; roleItem.AddPermission(new ObjectAccessPermission(typeof(Item), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(BomLine), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.Read & ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(PriceCategory), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(RouteLine), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(WorkCenter), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(WorkOper), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.Save(); } roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-修改")); if (roleItem == null) { roleItem = new Role(sess); roleItem.Name = "产品-修改"; roleItem.AddPermission(new ObjectAccessPermission(typeof(Item), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(BomLine), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(RouteLine), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(PriceCategory), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.Read & ObjectAccess.Navigate)); roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.Read ^ ObjectAccess.Navigate)); roleItem.Save(); } roleItem = sess.FindObject<Role>(new BinaryOperator("Name", "产品-设定")); if (roleItem == null) { roleItem = new Role(sess); roleItem.Name = "产品-设定"; roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemCategory), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemSetting), ObjectAccess.AllAccess)); roleItem.AddPermission(new ObjectAccessPermission(typeof(ItemType), ObjectAccess.AllAccess )); roleItem.AddPermission(new ObjectAccessPermission(typeof(Lot), ObjectAccess.AllAccess )); roleItem.AddPermission(new ObjectAccessPermission(typeof(Material), ObjectAccess.AllAccess )); roleItem.Save(); } }
public static void CreateUser(Session sess) { Role role = sess.FindObject<Role>(new BinaryOperator("Name", "administrator")); User user = sess.FindObject<User>(new BinaryOperator("UserName", "Kenneth")); if (role == null) { role = new Role(sess); role.Name = "administrator"; role.AddPermission(new ObjectAccessPermission(typeof(Object), ObjectAccess.AllAccess)); } if (user == null) { user = new User(sess); user.UserName = "******"; user.Roles.Add(role); user.Save(); // DevExpress.XtraEditors.XtraMessageBox.Show("User Kenneth created"); } User userAdmin = sess.FindObject<User>(new BinaryOperator("UserName", "admin")); if (userAdmin != null) { userAdmin.Roles.Add(role); userAdmin.Save(); // DevExpress.XtraEditors.XtraMessageBox.Show("User admin created"); } }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); Employee userAdmin = Session.FindObject <Employee>(new BinaryOperator("UserName", "Admin")); if (new XPCollection <Company>(Session).Count == 0) { using (Role administratorRole = new Role(Session) { Name = "Administrator role" }) { administratorRole.AddPermission(new EditModelPermission()); administratorRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); administratorRole.Save(); using (Role userRole = new Role(Session) { Name = "User" }) { userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Navigate)); userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.Read)); userRole.Save(); } userAdmin = new Employee(Session); userAdmin.UserName = "******"; userAdmin.FirstName = "Admin"; userAdmin.LastName = ""; userAdmin.Roles.Add(administratorRole); userAdmin.Save(); using (Branch branch1 = new Branch(Session) { Acronym = "WTPR", Branchname = "Roadmax Head Office" }) { using (Company company1 = new Company(Session) { CompanyName = "Roadmax Marketing Inc.", Acronym = "WTPR" }) { company1.Employees.Add(userAdmin); company1.Branches.Add(branch1); company1.Save(); ImportData(company1); } } } using (Currency curr = new Currency(Session) { CurrencyName = "Peso", CurrencyRate = 1 }) { curr.Save(); } using (VatCategory vat = new VatCategory(Session) { Acronym = "VAT", Description = "Vatable", Rate = 12 }) { vat.Save(); } } //importReport("SOHeaderPrintOut"); }
private void AddRoleToUser(Role userRole) { //userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess, ObjectAccessModifier.Allow)); userRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess)); userRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess)); //userRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); }
private void AddRoleToStudent(Role studentRole) { studentRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetailReportParametersObject), ObjectAccess.AllAccess)); studentRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); }
static void Main() { var storage = new Dictionary <Guid, List <object> >(); Func <Guid, Tuple <Int32, IEnumerable <object> > > reader = id => { List <object> events; if (storage.TryGetValue(id, out events)) { return(new Tuple <int, IEnumerable <object> >(events.Count, events)); } return(null); }; var unitOfWork = new UnitOfWork(); var roleRepository = new Repository <Role>(Role.Factory, unitOfWork, reader); var roleGroupRepository = new Repository <RoleGroup>(RoleGroup.Factory, unitOfWork, reader); var userAccountRepository = new Repository <UserAccount>(UserAccount.Factory, unitOfWork, reader); // Setting up security (accounts, roles and authorization) var administratorRoleId = new RoleId(Guid.NewGuid()); var administratorRole = new Role(administratorRoleId, new Name("Administrator")); administratorRole.AddPermissions(SecurityPermissions.All); administratorRole.AllowPermissions(SecurityPermissions.All); roleRepository.Add(administratorRole.Id, administratorRole); var subRole1Id = new RoleId(Guid.NewGuid()); var subRole1 = new Role(subRole1Id, new Name("SubRole1")); subRole1.AddPermission(SecurityPermissions.AddRole); subRole1.DenyPermission(SecurityPermissions.AddRole); roleRepository.Add(subRole1.Id, subRole1); var subRole2Id = new RoleId(Guid.NewGuid()); var subRole2 = new Role(subRole2Id, new Name("SubRole2")); subRole2.AddPermission(SecurityPermissions.AddRole); subRole2.AllowPermission(SecurityPermissions.AddRole); roleRepository.Add(subRole2.Id, subRole2); var group1Id = new RoleGroupId(Guid.NewGuid()); var group1 = new RoleGroup(group1Id, new Name("SubRole 1 & 2")); group1.AddRole(subRole1); group1.AddRole(subRole2); roleGroupRepository.Add(group1.Id, group1); var administratorId = new UserAccountId(Guid.NewGuid()); var administrator = new UserAccount(administratorId, new UserAccountName("Administrator")); administrator.GrantRole(administratorRole); administrator.GrantRoleGroup(group1); userAccountRepository.Add(administrator.Id, administrator); // Using security - in domain layer code var combinator = new AccessDecisionCombinator(); administrator.CombineDecisions(combinator, roleRepository, roleGroupRepository); var decider = combinator.BuildDecider(); Console.WriteLine(decider.IsAllowed(SecurityPermissions.AddUserAccount)); // Using security - in application layer code var command = new AddUserAccount( new Guid("735A259F-996B-4174-9899-3D40242BF6B1"), "Pierke Pol"); var resolver = new PermissionResolver(); var service = new UserAccountApplicationService( userAccountRepository, roleRepository, roleGroupRepository); var authorizer = new MessageAuthorizer( resolver, userAccountRepository, roleRepository, roleGroupRepository); var commandHandler = service.Secure <AddUserAccount>(authorizer); commandHandler.Handle(new SecurityContext <AddUserAccount>(administratorId, command)); // Using security - in projection code var builder = new SqlConnectionStringBuilder("Data Source=.\\SQLEXPRESS;Initial Catalog=<YourStoreHere>;Integrated Security=SSPI;"); // What that table could look like ... //CREATE TABLE [UserAccountEffectiveRoles]( // [UserAccountId] [uniqueidentifier] NOT NULL, // [RoleId] [uniqueidentifier] NULL, // [RoleGroupId] [uniqueidentifier] NULL, // [Id] [int] IDENTITY(1,1) NOT NULL, // CONSTRAINT [PK_UserAccountEffectiveRoles] PRIMARY KEY CLUSTERED ( [Id] ASC ) //) var observer = new SqlStatementObserver(); // var lookup = new MemoryRoleGroupLookup(new Dictionary<Guid, HashSet<Guid>>()); var lookupInitializer = new SqlBasedLookupRolesOfRoleGroupInitializer(builder); var lookup = lookupInitializer.Initialize(); var projectionHandler = new UserAccountEffectiveRolesProjectionHandler(observer, lookup); var compositeProjectionHandler = new CompositeHandler( new IHandle <object>[] { new HandlerAdapter <AddedRoleToRoleGroup>(lookup), new HandlerAdapter <RemovedRoleFromRoleGroup>(lookup), new HandlerAdapter <DisabledUserAccount>(projectionHandler), new HandlerAdapter <RoleGrantedToUserAccount>(projectionHandler), new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler), new HandlerAdapter <RoleGroupGrantedToUserAccount>(projectionHandler), new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler), new HandlerAdapter <AddedRoleToRoleGroup>(projectionHandler), new HandlerAdapter <RemovedRoleFromRoleGroup>(projectionHandler) }); foreach (var change in unitOfWork.GetChanges()) { compositeProjectionHandler.Handle(change); } new BatchedSqlStatementFlusher( builder). Flush(observer.Statements); Console.ReadLine(); }
public HardcodedRolesStore() { var visitor = new Role(_visitor); visitor.AddPermission(new Permission("contributors", "getall")); }
public void WhenIAddPermission(string permissionKey) { _role.AddPermission(_permissionStore[permissionKey]); }
public void SetTestUserPermission(string context, string action) { _testUserRole.AddPermission(new Permission(context, action)); }
private void AddRoleToStudent(Role studentRole) { studentRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(IXPSimpleObject), ObjectAccess.NoAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(User), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Student), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetail), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(PopUpMessage), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentAccumulation), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResult), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransaction), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentClass), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Subject), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Branch), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Semester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Department), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Lesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Teacher), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbLesson), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(TkbSemester), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Classroom), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(Office), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterState), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterTime), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyNote), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.AllAccess)); studentRole.AddPermission(new ObjectAccessPermission(typeof(MyHelp), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(WeekReportData), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(ClassTransactionTracking), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(AccountTransactionFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(TeacherFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(SubjectFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.AllAccess ^ ObjectAccess.Navigate)); //studentRole.AddPermission(new ObjectAccessPermission(typeof(StudentResultFile), ObjectAccess.ChangeAccess, ObjectAccessModifier.Deny)); studentRole.AddPermission(new ObjectAccessPermission(typeof(RegisterDetailReportParametersObject), ObjectAccess.AllAccess)); studentRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); User user1 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "Sam")); if (user1 == null) { user1 = ObjectSpace.CreateObject <User>(); user1.UserName = "******"; user1.FirstName = "Sam"; // Set a password if the standard authentication type is used user1.SetPassword(""); } // If a user named 'John' doesn't exist in the database, create this user User user2 = ObjectSpace.FindObject <User>(new BinaryOperator("UserName", "John")); if (user2 == null) { user2 = ObjectSpace.CreateObject <User>(); user2.UserName = "******"; user2.FirstName = "John"; // Set a password if the standard authentication type is used user2.SetPassword(""); } BasicUser adminUser = ObjectSpace.FindObject <BasicUser>(new BinaryOperator("UserName", "Sam")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <BasicUser>(); adminUser.UserName = "******"; adminUser.FullName = "Sam"; } // Make the user an administrator adminUser.IsAdministrator = true; // Set a password if the standard authentication type is used adminUser.SetPassword(""); // Save the user to the database adminUser.Save(); // If a role with the Administrators name doesn't exist in the database, create this role Role adminRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Administrators")); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <Role>(); adminRole.Name = "Administrators"; } // If a role with the Users name doesn't exist in the database, create this role Role userRole = ObjectSpace.FindObject <Role>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <Role>(); userRole.Name = "Users"; } // Delete all permissions assigned to the Administrators and Users roles while (adminRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(adminRole.PersistentPermissions[0]); } while (userRole.PersistentPermissions.Count > 0) { ObjectSpace.Delete(userRole.PersistentPermissions[0]); } // Allow full access to all objects to the Administrators role adminRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); // Allow editing the application model to the Administrators role adminRole.AddPermission(new EditModelPermission(ModelAccessModifier.Allow)); // Save the Administrators role to the database adminRole.Save(); // Allow full access to all objects to the Users role userRole.AddPermission(new ObjectAccessPermission(typeof(object), ObjectAccess.AllAccess)); //// Deny full access to the User type objects to the Users role //userRole.AddPermission(new ObjectAccessPermission(typeof(UserDetail), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); // Deny full access to the Role type objects to the Users role userRole.AddPermission(new ObjectAccessPermission(typeof(Role), ObjectAccess.AllAccess, ObjectAccessModifier.Deny)); //userRole.AddPermission(new ObjectAccessPermission(typeof(), ObjectAccess.Read, ObjectAccessModifier.Deny)); // Deny editing the application model to the Users role userRole.AddPermission(new EditModelPermission(ModelAccessModifier.Deny)); // Save the Users role to the database userRole.Save(); // Add the Administrators role to the user1 user1.Roles.Add(adminRole); // Add the Users role to the user2 user2.Roles.Add(userRole); // Save the users to the database user1.Save(); user2.Save(); }