Esempio n. 1
0
        void OnBeforeDelete(object sender, OnBeforeDeleteEventArgs e)
        {
            if (e.SkipSecurity)
            {
                return;
            }

            // Security is applied during delete traversal stage only (since predicates require relations to be loaded etc, can't work during commit phase)
            if (e.IsCommitPhase)
            {
                return;
            }

            var authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
            var claims         = authentication.GetCurrentUserClaims();

            string            message   = null;
            SecurityPredicate predicate = null;

            var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanDelete(e.Entity, claims, out message, out predicate);

            if (permissionLevel != PermissionLevel.Authorized)
            {
                authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
            }

            // If there is filter defined => we should verify the data accessed complies with the filter
            if (predicate != null)
            {
                e.FilterExpression = predicate.Filter;
            }
        }
Esempio n. 2
0
        void OnBeforeCount(object sender, OnBeforeCountEventArgs e)
        {
            if (e.SkipSecurity)
            {
                return;
            }

            var authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
            var claims         = authentication.GetCurrentUserClaims();

            string            message   = null;
            SecurityPredicate predicate = null;

            var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanRead(new GORoleDataObject(), claims, out message, out predicate);

            if (permissionLevel != PermissionLevel.Authorized)
            {
                authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
            }

            // If there is filter defined => add it to existing predicate
            if (predicate != null)
            {
                e.FilterExpression = predicate.Filter;
            }
        }
        void OnBeforeGet(object sender, OnBeforeGetEventArgs e)
        {
			if (e.SkipSecurity)
				return;

            var authentication = ApplicationSettings.Container.Resolve<IAuthentication>();
            var claims = authentication.GetCurrentUserClaims();

			string message = null;
			SecurityPredicate predicate = null;

            var permissionLevel = ApplicationSettings.Container.Resolve<IAuthorizations>().CanRead(e.Entity, claims, out message, out predicate);
        
			if (permissionLevel != PermissionLevel.Authorized)
				authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));

			// If there is filter defined => we should verify the data accessed complies with the filter
			if (predicate != null)
            {
				e.FilterExpression = predicate.Filter;
            }
		}