void OnBeforeDelete(object sender, OnBeforeDeleteEventArgs e) { if (e.SkipSecurity) { return; } // Security is applied during delete traversal stage only (since predicates require relations to be loaded etc, can't work during commit phase) if (e.IsCommitPhase) { return; } var authentication = ApplicationSettings.Container.Resolve <IAuthentication>(); var claims = authentication.GetCurrentUserClaims(); string message = null; SecurityPredicate predicate = null; var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanDelete(e.Entity, claims, out message, out predicate); if (permissionLevel != PermissionLevel.Authorized) { authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access"))); } // If there is filter defined => we should verify the data accessed complies with the filter if (predicate != null) { e.FilterExpression = predicate.Filter; } }
void OnBeforeCount(object sender, OnBeforeCountEventArgs e) { if (e.SkipSecurity) { return; } var authentication = ApplicationSettings.Container.Resolve <IAuthentication>(); var claims = authentication.GetCurrentUserClaims(); string message = null; SecurityPredicate predicate = null; var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanRead(new GORoleDataObject(), claims, out message, out predicate); if (permissionLevel != PermissionLevel.Authorized) { authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access"))); } // If there is filter defined => add it to existing predicate if (predicate != null) { e.FilterExpression = predicate.Filter; } }
void OnBeforeGet(object sender, OnBeforeGetEventArgs e) { if (e.SkipSecurity) return; var authentication = ApplicationSettings.Container.Resolve<IAuthentication>(); var claims = authentication.GetCurrentUserClaims(); string message = null; SecurityPredicate predicate = null; var permissionLevel = ApplicationSettings.Container.Resolve<IAuthorizations>().CanRead(e.Entity, claims, out message, out predicate); if (permissionLevel != PermissionLevel.Authorized) authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access"))); // If there is filter defined => we should verify the data accessed complies with the filter if (predicate != null) { e.FilterExpression = predicate.Filter; } }