/// <exclude />
public static SecurityResult Resolve(UserToken userToken, IEnumerable<PermissionType> requiredPermissions, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinition)
{
if (userToken == null) throw new ArgumentNullException("userToken");
if (requiredPermissions == null) throw new ArgumentNullException("requiredPermissions");
if ((entityToken is NoSecurityEntityToken)) return SecurityResult.Allowed;
requiredPermissions = requiredPermissions.Evaluate();
if (!requiredPermissions.Any())
{
return SecurityResult.Allowed;
}
IEnumerable<PermissionType> currentPermissionTypes = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinition);
if (!currentPermissionTypes.Any())
{
return SecurityResult.Disallowed;
}
// At least one of the permissions should be allowed
foreach (PermissionType permissionType in currentPermissionTypes)
{
if (requiredPermissions.Contains(permissionType))
{
return SecurityResult.Allowed;
}
}
return SecurityResult.Disallowed;
}
public void RemoveUserPermissionDefinition(UserToken userToken, string serializedEntityToken)
{
string username = userToken.Username;
var entityToken = EntityTokenSerializer.Deserialize(serializedEntityToken);
using (TransactionScope transactionScope = TransactionsFacade.CreateNewScope())
{
IList<IUserPermissionDefinition> toDelete;
if (entityToken.IsValid())
{
toDelete = DataFacade.GetData<IUserPermissionDefinition>()
.Where(upd => upd.Username == username)
.ToList()
.Where(d => entityToken.EqualsWithVersionIgnore(DeserializeSilent(d.SerializedEntityToken)))
.ToList();
}
else
{
toDelete = DataFacade.GetData<IUserPermissionDefinition>()
.Where(upd => upd.Username == username && upd.SerializedEntityToken == serializedEntityToken)
.ToList();
}
if (toDelete.Count > 0)
{
DataFacade.Delete<IUserPermissionDefinition>(toDelete);
}
transactionScope.Complete();
}
}
/// <exclude />
public static SecurityResult Resolve(UserToken userToken, ActionToken actionToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinition)
{
if (userToken == null) throw new ArgumentNullException("userToken");
if (actionToken == null) throw new ArgumentNullException("actionToken");
return Resolve(userToken, actionToken.PermissionTypes, entityToken, userPermissionDefinitions, userGroupPermissionDefinition);
}
/// <summary>
/// This method will return all allowed permission for the given <paramref name="userToken"/> and given the <paramref name="entityToken"/>.
/// </summary>
/// <param name="userToken">UserToken to get permissions for.</param>
/// <param name="entityToken">EntityToken to get permissions for.</param>
/// <returns>Allowed permission types</returns>
public static IEnumerable<PermissionType> GetPermissions(UserToken userToken, EntityToken entityToken)
{
IEnumerable<UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username);
IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username);
IEnumerable<PermissionType> permissions = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions).Evaluate();
return permissions;
}
/// <summary>
/// This method returns true if the given username <paramref name="username"/> has admin rights on the root element.
/// This is normal way of creating a administrator in C1.
/// </summary>
/// <param name="username">Username to test</param>
/// <returns>True if the given username has admin rights on the root element.</returns>
public static bool IsAdministrator(string username)
{
UserToken userToken = new UserToken(username);
EntityToken rootEntityToken = ElementFacade.GetRootsWithNoSecurity().First().ElementHandle.EntityToken;
IEnumerable<PermissionType> permissions = GetPermissions(userToken, rootEntityToken);
return permissions.Contains(PermissionType.Administrate);
}
/// <exclude />
public static IEnumerable<PermissionType> GetLocallyDefinedUserPermissionTypes(UserToken userToken, EntityToken entityToken)
{
Verify.ArgumentNotNull(userToken, "userToken");
Verify.ArgumentNotNull(entityToken, "entityToken");
IEnumerable<UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username);
var result = new List<PermissionType>();
foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions)
{
if (userPermissionDefinition.EntityToken.Equals(entityToken))
{
result.AddRange(userPermissionDefinition.PermissionTypes);
}
}
return result.Distinct();
}
/// <summary>
/// This returns a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <param name="userPermissionDefinitions"></param>
/// <param name="userGroupPermissionDefinitions"></param>
/// <returns></returns>
public static IEnumerable<PermissionType> GetCurrentPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions)
{
Verify.ArgumentNotNull(userToken, "userToken");
Verify.ArgumentNotNull(entityToken, "entityToken");
IReadOnlyCollection<PermissionType> resultPermissionTypes = PermissionTypeFacadeCaching.GetCurrentPermissionTypes(userToken, entityToken);
if (resultPermissionTypes != null)
{
return resultPermissionTypes;
}
IReadOnlyCollection<PermissionType> userPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, entityToken);
if (userPermissionTypes == null)
{
userPermissionTypes = RecursiveUpdateCurrentUserPermissionTypes(userToken, entityToken, userPermissionDefinitions, new HashSet<EntityTokenPair>());
PermissionTypeFacadeCaching.SetUserPermissionTypes(userToken, entityToken, userPermissionTypes);
}
IReadOnlyCollection<PermissionType> userGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken);
if (userGroupPermissionTypes == null)
{
userGroupPermissionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, entityToken, userGroupPermissionDefinitions, new HashSet<EntityTokenPair>());
PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, userGroupPermissionTypes);
}
resultPermissionTypes = new List<PermissionType>(userPermissionTypes.Concat(userGroupPermissionTypes).Distinct());
if (resultPermissionTypes.Contains(PermissionType.ClearPermissions))
{
resultPermissionTypes = EmptyPermissionTypeCollection;
}
PermissionTypeFacadeCaching.SetCurrentPermissionTypes(userToken, entityToken, resultPermissionTypes);
return resultPermissionTypes;
}
private static IReadOnlyCollection<PermissionType> RecursiveUpdateCurrentUserGroupPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions, HashSet<EntityTokenPair> alreadyProcessedTokens)
{
IReadOnlyCollection<PermissionType> cached = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken);
if (cached != null)
{
return cached;
}
IEnumerable<UserGroupPermissionDefinition> selectedUserGroupPermissionDefinitions = userGroupPermissionDefinitions.Where(f => entityToken.Equals(f.EntityToken));
List<PermissionType> thisPermisstionTypes = new List<PermissionType>();
foreach (UserGroupPermissionDefinition userGroupPermissionDefinition in selectedUserGroupPermissionDefinitions)
{
List<PermissionType> groupPermissionTypes = userGroupPermissionDefinition.PermissionTypes.ToList();
thisPermisstionTypes.AddRange(groupPermissionTypes);
}
if (thisPermisstionTypes.Count > 0)
{
thisPermisstionTypes = thisPermisstionTypes.Distinct().ToList();
if (thisPermisstionTypes.Contains(PermissionType.ClearPermissions))
{
thisPermisstionTypes = new List<PermissionType>();
}
PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, thisPermisstionTypes);
// Local defined permission overrules all other permissions
return thisPermisstionTypes;
}
// Call resursively on all parents
List<EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken);
IEnumerable<PermissionType> parentsPermisstionTypes = new List<PermissionType>();
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
EntityTokenPair pair = new EntityTokenPair(entityToken, parentEntityToken);
if (alreadyProcessedTokens.Contains(pair) == false)
{
alreadyProcessedTokens.Add(pair);
IEnumerable<PermissionType> thisParentPermisstionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, alreadyProcessedTokens);
parentsPermisstionTypes = parentsPermisstionTypes.Concat(thisParentPermisstionTypes);
}
}
List<PermissionType> permisstionTypes = parentsPermisstionTypes.Distinct().ToList();
PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, permisstionTypes);
return permisstionTypes;
}
/// <exclude />
public static void RemoveUserPermissionDefinition(UserToken userToken, EntityToken entityToken)
{
if (userToken == null) throw new ArgumentNullException("userToken");
if (entityToken == null) throw new ArgumentNullException("entityToken");
if ((entityToken is NoSecurityEntityToken)) return;
if (!UserPermissionDefinitionProviderPluginFacade.CanAlterDefinitions) throw new InvalidOperationException("The user permission definition provider does not support altering user permission defintions");
string serializedEntityToken = EntityTokenSerializer.Serialize(entityToken);
EntityTokenCacheFacade.ClearCache();
UserPermissionDefinitionProviderPluginFacade.RemoveUserPermissionDefinition(userToken, serializedEntityToken);
}
/// <summary>
/// This uses a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <param name="userPermissionDefinitions"></param>
/// <param name="userGroupPermissionDefinitions"></param>
/// <returns></returns>
public static bool IsSubBrachContainingPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions)
{
Verify.ArgumentNotNull(userToken, "userToken");
Verify.ArgumentNotNull(entityToken, "entityToken");
IEnumerable<PermissionType> permissionTypes = GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions);
if (permissionTypes.Any())
{
return true;
}
// User permissions
foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions)
{
if (!userPermissionDefinition.PermissionTypes.Contains(PermissionType.ClearPermissions))
{
var graph = new RelationshipGraph(userPermissionDefinition.EntityToken, RelationshipGraphSearchOption.Both, true);
if (graph.Levels.Any(level => level.AllEntities.Contains(entityToken)))
{
return true;
}
}
}
// User group permissions
foreach (UserGroupPermissionDefinition userGroupPermissionDefinition in userGroupPermissionDefinitions)
{
if (!userGroupPermissionDefinition.PermissionTypes.Contains(PermissionType.ClearPermissions))
{
var graph = new RelationshipGraph(userGroupPermissionDefinition.EntityToken, RelationshipGraphSearchOption.Both, true);
if (graph.Levels.Any(level => level.AllEntities.Contains(entityToken)))
{
return true;
}
}
}
return false;
}
/// <summary>
/// This returns a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <param name="presetUserGroupPermissions">
/// This is used for simulating that local defined user group permissions has been set
/// </param>
/// <returns></returns>
public static IEnumerable<PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken, Dictionary<Guid, IEnumerable<PermissionType>> presetUserGroupPermissions)
{
if (userToken == null) throw new ArgumentNullException("userToken");
if (entityToken == null) throw new ArgumentNullException("entityToken");
IEnumerable<PermissionType> permissionTypes = PermissionTypeFacadeCaching.GetInheritedPermissionsTypes(userToken, entityToken);
if (permissionTypes != null)
{
return permissionTypes;
}
if (presetUserGroupPermissions == null || presetUserGroupPermissions.Count == 0)
{
ICollection<PermissionType> localDefinedUserGroupPermissionTypes = GetLocallyDefinedUserGroupPermissionTypes(userToken.Username, entityToken).Evaluate();
if (localDefinedUserGroupPermissionTypes.Count > 0)
{
PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, localDefinedUserGroupPermissionTypes.ToList());
return localDefinedUserGroupPermissionTypes;
}
}
else
{
List<Guid> userGroupIds = UserGroupFacade.GetUserGroupIds(userToken.Username);
var localDefinedUserGroupPermissionTypes = new List<PermissionType>();
foreach (Guid userGroupId in userGroupIds)
{
IEnumerable<PermissionType> groupPermissionTypes;
if (presetUserGroupPermissions.TryGetValue(userGroupId, out groupPermissionTypes))
{
localDefinedUserGroupPermissionTypes.AddRange(groupPermissionTypes);
}
}
if (localDefinedUserGroupPermissionTypes.Contains(PermissionType.ClearPermissions))
{
return new PermissionType[0];
}
return localDefinedUserGroupPermissionTypes.Distinct();
}
ICollection<UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username).Evaluate();
ICollection<UserGroupPermissionDefinition> userGroupPermissionDefinitions = GetUserGroupPermissionDefinitions(userToken.Username).Evaluate();
List<EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken);
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
RecursiveUpdateCurrentUserPermissionTypes(userToken, parentEntityToken, userPermissionDefinitions, new HashSet<EntityTokenPair>());
RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, new HashSet<EntityTokenPair>());
}
if (!PermissionTypeFacadeCaching.CachingWorking)
{
throw new InvalidOperationException("RequestLifetimeCache is not operational");
}
permissionTypes = new List<PermissionType>();
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
IEnumerable<PermissionType> parentUserPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, parentEntityToken);
if (parentUserPermissionTypes != null)
{
permissionTypes = permissionTypes.Concat(parentUserPermissionTypes);
}
IEnumerable<PermissionType> parentUserGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, parentEntityToken);
if (parentUserGroupPermissionTypes != null)
{
permissionTypes = permissionTypes.Concat(parentUserGroupPermissionTypes);
}
}
var distinctPermissionTypes = permissionTypes.Distinct().ToList();
PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, distinctPermissionTypes);
return distinctPermissionTypes;
}
/// <summary>
/// This returns a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <returns></returns>
public static IEnumerable<PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken)
{
return GetInheritedPermissionsTypes(userToken, entityToken, null);
}
private static IReadOnlyCollection <PermissionType> RecursiveUpdateCurrentUserGroupPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinitions, HashSet <EntityTokenPair> alreadyProcessedTokens)
{
var cached = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken);
if (cached != null)
{
return(cached);
}
var selectedUserGroupPermissionDefinitions = userGroupPermissionDefinitions.Where(f => entityToken.EqualsWithVersionIgnore(f.EntityToken));
var thisPermissionTypes = new List <PermissionType>();
foreach (var userGroupPermissionDefinition in selectedUserGroupPermissionDefinitions)
{
List <PermissionType> groupPermissionTypes = userGroupPermissionDefinition.PermissionTypes.ToList();
thisPermissionTypes.AddRange(groupPermissionTypes);
}
if (thisPermissionTypes.Count > 0)
{
thisPermissionTypes = thisPermissionTypes.Distinct().ToList();
if (thisPermissionTypes.Contains(PermissionType.ClearPermissions))
{
thisPermissionTypes = new List <PermissionType>();
}
PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, thisPermissionTypes);
// Local defined permission overrules all other permissions
return(thisPermissionTypes);
}
// Call resursively on all parents
List <EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken);
var parentsPermissionTypes = Enumerable.Empty <PermissionType>();
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
var pair = new EntityTokenPair(entityToken, parentEntityToken);
if (alreadyProcessedTokens.Contains(pair))
{
continue;
}
alreadyProcessedTokens.Add(pair);
var thisParentPermissionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, alreadyProcessedTokens);
var filteredPermissionTypes = FilterParentPermissions(userToken, entityToken, thisParentPermissionTypes);
parentsPermissionTypes = parentsPermissionTypes.Concat(filteredPermissionTypes);
}
List <PermissionType> permissionTypes = parentsPermissionTypes.Distinct().ToList();
PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, permissionTypes);
return(permissionTypes);
}
/// <exclude />
public static IEnumerable <PermissionType> GetLocallyDefinedUserPermissionTypes(UserToken userToken, EntityToken entityToken)
{
Verify.ArgumentNotNull(userToken, "userToken");
Verify.ArgumentNotNull(entityToken, "entityToken");
IEnumerable <UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username);
var result = new List <PermissionType>();
foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions)
{
if (userPermissionDefinition.EntityToken.EqualsWithVersionIgnore(entityToken))
{
result.AddRange(userPermissionDefinition.PermissionTypes);
}
}
return(result.Distinct());
}
/// <summary>
/// This returns a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <param name="presetUserGroupPermissions">
/// This is used for simulating that local defined user group permissions has been set
/// </param>
/// <returns></returns>
public static IEnumerable <PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken, Dictionary <Guid, IEnumerable <PermissionType> > presetUserGroupPermissions)
{
if (userToken == null)
{
throw new ArgumentNullException("userToken");
}
if (entityToken == null)
{
throw new ArgumentNullException("entityToken");
}
var cachedValue = PermissionTypeFacadeCaching.GetInheritedPermissionsTypes(userToken, entityToken);
if (cachedValue != null)
{
return(cachedValue);
}
if (presetUserGroupPermissions == null || presetUserGroupPermissions.Count == 0)
{
ICollection <PermissionType> localDefinedUserGroupPermissionTypes = GetLocallyDefinedUserGroupPermissionTypes(userToken.Username, entityToken).Evaluate();
if (localDefinedUserGroupPermissionTypes.Count > 0)
{
PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, localDefinedUserGroupPermissionTypes.ToList());
return(localDefinedUserGroupPermissionTypes);
}
}
else
{
var userGroupIds = UserGroupFacade.GetUserGroupIds(userToken.Username);
var localDefinedUserGroupPermissionTypes = new List <PermissionType>();
foreach (Guid userGroupId in userGroupIds)
{
IEnumerable <PermissionType> groupPermissionTypes;
if (presetUserGroupPermissions.TryGetValue(userGroupId, out groupPermissionTypes))
{
localDefinedUserGroupPermissionTypes.AddRange(groupPermissionTypes);
}
}
if (localDefinedUserGroupPermissionTypes.Contains(PermissionType.ClearPermissions))
{
return(new PermissionType[0]);
}
return(localDefinedUserGroupPermissionTypes.Distinct());
}
ICollection <UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username).Evaluate();
ICollection <UserGroupPermissionDefinition> userGroupPermissionDefinitions = GetUserGroupPermissionDefinitions(userToken.Username).Evaluate();
List <EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken);
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
RecursiveUpdateCurrentUserPermissionTypes(userToken, parentEntityToken, userPermissionDefinitions, new HashSet <EntityTokenPair>());
RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, new HashSet <EntityTokenPair>());
}
if (!PermissionTypeFacadeCaching.CachingWorking)
{
throw new InvalidOperationException("RequestLifetimeCache is not operational");
}
var permissionTypes = Enumerable.Empty <PermissionType>();
foreach (EntityToken parentEntityToken in parentEntityTokens)
{
IEnumerable <PermissionType> parentUserPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, parentEntityToken);
if (parentUserPermissionTypes != null)
{
permissionTypes = permissionTypes.Concat(parentUserPermissionTypes);
}
IEnumerable <PermissionType> parentUserGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, parentEntityToken);
if (parentUserGroupPermissionTypes != null)
{
permissionTypes = permissionTypes.Concat(parentUserGroupPermissionTypes);
}
}
var distinctPermissionTypes = permissionTypes.Distinct().ToList();
PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, distinctPermissionTypes);
return(distinctPermissionTypes);
}
/// <summary>
/// This returns a merged result of user permissions and user group permissions
/// </summary>
/// <param name="userToken"></param>
/// <param name="entityToken"></param>
/// <returns></returns>
public static IEnumerable <PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken)
{
return(GetInheritedPermissionsTypes(userToken, entityToken, null));
}
