/// <exclude /> public static SecurityResult Resolve(UserToken userToken, IEnumerable<PermissionType> requiredPermissions, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinition) { if (userToken == null) throw new ArgumentNullException("userToken"); if (requiredPermissions == null) throw new ArgumentNullException("requiredPermissions"); if ((entityToken is NoSecurityEntityToken)) return SecurityResult.Allowed; requiredPermissions = requiredPermissions.Evaluate(); if (!requiredPermissions.Any()) { return SecurityResult.Allowed; } IEnumerable<PermissionType> currentPermissionTypes = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinition); if (!currentPermissionTypes.Any()) { return SecurityResult.Disallowed; } // At least one of the permissions should be allowed foreach (PermissionType permissionType in currentPermissionTypes) { if (requiredPermissions.Contains(permissionType)) { return SecurityResult.Allowed; } } return SecurityResult.Disallowed; }
public void RemoveUserPermissionDefinition(UserToken userToken, string serializedEntityToken) { string username = userToken.Username; var entityToken = EntityTokenSerializer.Deserialize(serializedEntityToken); using (TransactionScope transactionScope = TransactionsFacade.CreateNewScope()) { IList<IUserPermissionDefinition> toDelete; if (entityToken.IsValid()) { toDelete = DataFacade.GetData<IUserPermissionDefinition>() .Where(upd => upd.Username == username) .ToList() .Where(d => entityToken.EqualsWithVersionIgnore(DeserializeSilent(d.SerializedEntityToken))) .ToList(); } else { toDelete = DataFacade.GetData<IUserPermissionDefinition>() .Where(upd => upd.Username == username && upd.SerializedEntityToken == serializedEntityToken) .ToList(); } if (toDelete.Count > 0) { DataFacade.Delete<IUserPermissionDefinition>(toDelete); } transactionScope.Complete(); } }
/// <exclude /> public static SecurityResult Resolve(UserToken userToken, ActionToken actionToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinition) { if (userToken == null) throw new ArgumentNullException("userToken"); if (actionToken == null) throw new ArgumentNullException("actionToken"); return Resolve(userToken, actionToken.PermissionTypes, entityToken, userPermissionDefinitions, userGroupPermissionDefinition); }
/// <summary> /// This method will return all allowed permission for the given <paramref name="userToken"/> and given the <paramref name="entityToken"/>. /// </summary> /// <param name="userToken">UserToken to get permissions for.</param> /// <param name="entityToken">EntityToken to get permissions for.</param> /// <returns>Allowed permission types</returns> public static IEnumerable<PermissionType> GetPermissions(UserToken userToken, EntityToken entityToken) { IEnumerable<UserPermissionDefinition> userPermissionDefinitions = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username); IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username); IEnumerable<PermissionType> permissions = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions).Evaluate(); return permissions; }
/// <summary> /// This method returns true if the given username <paramref name="username"/> has admin rights on the root element. /// This is normal way of creating a administrator in C1. /// </summary> /// <param name="username">Username to test</param> /// <returns>True if the given username has admin rights on the root element.</returns> public static bool IsAdministrator(string username) { UserToken userToken = new UserToken(username); EntityToken rootEntityToken = ElementFacade.GetRootsWithNoSecurity().First().ElementHandle.EntityToken; IEnumerable<PermissionType> permissions = GetPermissions(userToken, rootEntityToken); return permissions.Contains(PermissionType.Administrate); }
/// <exclude /> public static IEnumerable<PermissionType> GetLocallyDefinedUserPermissionTypes(UserToken userToken, EntityToken entityToken) { Verify.ArgumentNotNull(userToken, "userToken"); Verify.ArgumentNotNull(entityToken, "entityToken"); IEnumerable<UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username); var result = new List<PermissionType>(); foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions) { if (userPermissionDefinition.EntityToken.Equals(entityToken)) { result.AddRange(userPermissionDefinition.PermissionTypes); } } return result.Distinct(); }
/// <summary> /// This returns a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <param name="userPermissionDefinitions"></param> /// <param name="userGroupPermissionDefinitions"></param> /// <returns></returns> public static IEnumerable<PermissionType> GetCurrentPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions) { Verify.ArgumentNotNull(userToken, "userToken"); Verify.ArgumentNotNull(entityToken, "entityToken"); IReadOnlyCollection<PermissionType> resultPermissionTypes = PermissionTypeFacadeCaching.GetCurrentPermissionTypes(userToken, entityToken); if (resultPermissionTypes != null) { return resultPermissionTypes; } IReadOnlyCollection<PermissionType> userPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, entityToken); if (userPermissionTypes == null) { userPermissionTypes = RecursiveUpdateCurrentUserPermissionTypes(userToken, entityToken, userPermissionDefinitions, new HashSet<EntityTokenPair>()); PermissionTypeFacadeCaching.SetUserPermissionTypes(userToken, entityToken, userPermissionTypes); } IReadOnlyCollection<PermissionType> userGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken); if (userGroupPermissionTypes == null) { userGroupPermissionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, entityToken, userGroupPermissionDefinitions, new HashSet<EntityTokenPair>()); PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, userGroupPermissionTypes); } resultPermissionTypes = new List<PermissionType>(userPermissionTypes.Concat(userGroupPermissionTypes).Distinct()); if (resultPermissionTypes.Contains(PermissionType.ClearPermissions)) { resultPermissionTypes = EmptyPermissionTypeCollection; } PermissionTypeFacadeCaching.SetCurrentPermissionTypes(userToken, entityToken, resultPermissionTypes); return resultPermissionTypes; }
private static IReadOnlyCollection<PermissionType> RecursiveUpdateCurrentUserGroupPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions, HashSet<EntityTokenPair> alreadyProcessedTokens) { IReadOnlyCollection<PermissionType> cached = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken); if (cached != null) { return cached; } IEnumerable<UserGroupPermissionDefinition> selectedUserGroupPermissionDefinitions = userGroupPermissionDefinitions.Where(f => entityToken.Equals(f.EntityToken)); List<PermissionType> thisPermisstionTypes = new List<PermissionType>(); foreach (UserGroupPermissionDefinition userGroupPermissionDefinition in selectedUserGroupPermissionDefinitions) { List<PermissionType> groupPermissionTypes = userGroupPermissionDefinition.PermissionTypes.ToList(); thisPermisstionTypes.AddRange(groupPermissionTypes); } if (thisPermisstionTypes.Count > 0) { thisPermisstionTypes = thisPermisstionTypes.Distinct().ToList(); if (thisPermisstionTypes.Contains(PermissionType.ClearPermissions)) { thisPermisstionTypes = new List<PermissionType>(); } PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, thisPermisstionTypes); // Local defined permission overrules all other permissions return thisPermisstionTypes; } // Call resursively on all parents List<EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken); IEnumerable<PermissionType> parentsPermisstionTypes = new List<PermissionType>(); foreach (EntityToken parentEntityToken in parentEntityTokens) { EntityTokenPair pair = new EntityTokenPair(entityToken, parentEntityToken); if (alreadyProcessedTokens.Contains(pair) == false) { alreadyProcessedTokens.Add(pair); IEnumerable<PermissionType> thisParentPermisstionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, alreadyProcessedTokens); parentsPermisstionTypes = parentsPermisstionTypes.Concat(thisParentPermisstionTypes); } } List<PermissionType> permisstionTypes = parentsPermisstionTypes.Distinct().ToList(); PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, permisstionTypes); return permisstionTypes; }
/// <exclude /> public static void RemoveUserPermissionDefinition(UserToken userToken, EntityToken entityToken) { if (userToken == null) throw new ArgumentNullException("userToken"); if (entityToken == null) throw new ArgumentNullException("entityToken"); if ((entityToken is NoSecurityEntityToken)) return; if (!UserPermissionDefinitionProviderPluginFacade.CanAlterDefinitions) throw new InvalidOperationException("The user permission definition provider does not support altering user permission defintions"); string serializedEntityToken = EntityTokenSerializer.Serialize(entityToken); EntityTokenCacheFacade.ClearCache(); UserPermissionDefinitionProviderPluginFacade.RemoveUserPermissionDefinition(userToken, serializedEntityToken); }
/// <summary> /// This uses a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <param name="userPermissionDefinitions"></param> /// <param name="userGroupPermissionDefinitions"></param> /// <returns></returns> public static bool IsSubBrachContainingPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable<UserPermissionDefinition> userPermissionDefinitions, IEnumerable<UserGroupPermissionDefinition> userGroupPermissionDefinitions) { Verify.ArgumentNotNull(userToken, "userToken"); Verify.ArgumentNotNull(entityToken, "entityToken"); IEnumerable<PermissionType> permissionTypes = GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions); if (permissionTypes.Any()) { return true; } // User permissions foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions) { if (!userPermissionDefinition.PermissionTypes.Contains(PermissionType.ClearPermissions)) { var graph = new RelationshipGraph(userPermissionDefinition.EntityToken, RelationshipGraphSearchOption.Both, true); if (graph.Levels.Any(level => level.AllEntities.Contains(entityToken))) { return true; } } } // User group permissions foreach (UserGroupPermissionDefinition userGroupPermissionDefinition in userGroupPermissionDefinitions) { if (!userGroupPermissionDefinition.PermissionTypes.Contains(PermissionType.ClearPermissions)) { var graph = new RelationshipGraph(userGroupPermissionDefinition.EntityToken, RelationshipGraphSearchOption.Both, true); if (graph.Levels.Any(level => level.AllEntities.Contains(entityToken))) { return true; } } } return false; }
/// <summary> /// This returns a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <param name="presetUserGroupPermissions"> /// This is used for simulating that local defined user group permissions has been set /// </param> /// <returns></returns> public static IEnumerable<PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken, Dictionary<Guid, IEnumerable<PermissionType>> presetUserGroupPermissions) { if (userToken == null) throw new ArgumentNullException("userToken"); if (entityToken == null) throw new ArgumentNullException("entityToken"); IEnumerable<PermissionType> permissionTypes = PermissionTypeFacadeCaching.GetInheritedPermissionsTypes(userToken, entityToken); if (permissionTypes != null) { return permissionTypes; } if (presetUserGroupPermissions == null || presetUserGroupPermissions.Count == 0) { ICollection<PermissionType> localDefinedUserGroupPermissionTypes = GetLocallyDefinedUserGroupPermissionTypes(userToken.Username, entityToken).Evaluate(); if (localDefinedUserGroupPermissionTypes.Count > 0) { PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, localDefinedUserGroupPermissionTypes.ToList()); return localDefinedUserGroupPermissionTypes; } } else { List<Guid> userGroupIds = UserGroupFacade.GetUserGroupIds(userToken.Username); var localDefinedUserGroupPermissionTypes = new List<PermissionType>(); foreach (Guid userGroupId in userGroupIds) { IEnumerable<PermissionType> groupPermissionTypes; if (presetUserGroupPermissions.TryGetValue(userGroupId, out groupPermissionTypes)) { localDefinedUserGroupPermissionTypes.AddRange(groupPermissionTypes); } } if (localDefinedUserGroupPermissionTypes.Contains(PermissionType.ClearPermissions)) { return new PermissionType[0]; } return localDefinedUserGroupPermissionTypes.Distinct(); } ICollection<UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username).Evaluate(); ICollection<UserGroupPermissionDefinition> userGroupPermissionDefinitions = GetUserGroupPermissionDefinitions(userToken.Username).Evaluate(); List<EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken); foreach (EntityToken parentEntityToken in parentEntityTokens) { RecursiveUpdateCurrentUserPermissionTypes(userToken, parentEntityToken, userPermissionDefinitions, new HashSet<EntityTokenPair>()); RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, new HashSet<EntityTokenPair>()); } if (!PermissionTypeFacadeCaching.CachingWorking) { throw new InvalidOperationException("RequestLifetimeCache is not operational"); } permissionTypes = new List<PermissionType>(); foreach (EntityToken parentEntityToken in parentEntityTokens) { IEnumerable<PermissionType> parentUserPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, parentEntityToken); if (parentUserPermissionTypes != null) { permissionTypes = permissionTypes.Concat(parentUserPermissionTypes); } IEnumerable<PermissionType> parentUserGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, parentEntityToken); if (parentUserGroupPermissionTypes != null) { permissionTypes = permissionTypes.Concat(parentUserGroupPermissionTypes); } } var distinctPermissionTypes = permissionTypes.Distinct().ToList(); PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, distinctPermissionTypes); return distinctPermissionTypes; }
/// <summary> /// This returns a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <returns></returns> public static IEnumerable<PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken) { return GetInheritedPermissionsTypes(userToken, entityToken, null); }
private static IReadOnlyCollection <PermissionType> RecursiveUpdateCurrentUserGroupPermissionTypes(UserToken userToken, EntityToken entityToken, IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinitions, HashSet <EntityTokenPair> alreadyProcessedTokens) { var cached = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, entityToken); if (cached != null) { return(cached); } var selectedUserGroupPermissionDefinitions = userGroupPermissionDefinitions.Where(f => entityToken.EqualsWithVersionIgnore(f.EntityToken)); var thisPermissionTypes = new List <PermissionType>(); foreach (var userGroupPermissionDefinition in selectedUserGroupPermissionDefinitions) { List <PermissionType> groupPermissionTypes = userGroupPermissionDefinition.PermissionTypes.ToList(); thisPermissionTypes.AddRange(groupPermissionTypes); } if (thisPermissionTypes.Count > 0) { thisPermissionTypes = thisPermissionTypes.Distinct().ToList(); if (thisPermissionTypes.Contains(PermissionType.ClearPermissions)) { thisPermissionTypes = new List <PermissionType>(); } PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, thisPermissionTypes); // Local defined permission overrules all other permissions return(thisPermissionTypes); } // Call resursively on all parents List <EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken); var parentsPermissionTypes = Enumerable.Empty <PermissionType>(); foreach (EntityToken parentEntityToken in parentEntityTokens) { var pair = new EntityTokenPair(entityToken, parentEntityToken); if (alreadyProcessedTokens.Contains(pair)) { continue; } alreadyProcessedTokens.Add(pair); var thisParentPermissionTypes = RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, alreadyProcessedTokens); var filteredPermissionTypes = FilterParentPermissions(userToken, entityToken, thisParentPermissionTypes); parentsPermissionTypes = parentsPermissionTypes.Concat(filteredPermissionTypes); } List <PermissionType> permissionTypes = parentsPermissionTypes.Distinct().ToList(); PermissionTypeFacadeCaching.SetUserGroupPermissionTypes(userToken, entityToken, permissionTypes); return(permissionTypes); }
/// <exclude /> public static IEnumerable <PermissionType> GetLocallyDefinedUserPermissionTypes(UserToken userToken, EntityToken entityToken) { Verify.ArgumentNotNull(userToken, "userToken"); Verify.ArgumentNotNull(entityToken, "entityToken"); IEnumerable <UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username); var result = new List <PermissionType>(); foreach (UserPermissionDefinition userPermissionDefinition in userPermissionDefinitions) { if (userPermissionDefinition.EntityToken.EqualsWithVersionIgnore(entityToken)) { result.AddRange(userPermissionDefinition.PermissionTypes); } } return(result.Distinct()); }
/// <summary> /// This returns a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <param name="presetUserGroupPermissions"> /// This is used for simulating that local defined user group permissions has been set /// </param> /// <returns></returns> public static IEnumerable <PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken, Dictionary <Guid, IEnumerable <PermissionType> > presetUserGroupPermissions) { if (userToken == null) { throw new ArgumentNullException("userToken"); } if (entityToken == null) { throw new ArgumentNullException("entityToken"); } var cachedValue = PermissionTypeFacadeCaching.GetInheritedPermissionsTypes(userToken, entityToken); if (cachedValue != null) { return(cachedValue); } if (presetUserGroupPermissions == null || presetUserGroupPermissions.Count == 0) { ICollection <PermissionType> localDefinedUserGroupPermissionTypes = GetLocallyDefinedUserGroupPermissionTypes(userToken.Username, entityToken).Evaluate(); if (localDefinedUserGroupPermissionTypes.Count > 0) { PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, localDefinedUserGroupPermissionTypes.ToList()); return(localDefinedUserGroupPermissionTypes); } } else { var userGroupIds = UserGroupFacade.GetUserGroupIds(userToken.Username); var localDefinedUserGroupPermissionTypes = new List <PermissionType>(); foreach (Guid userGroupId in userGroupIds) { IEnumerable <PermissionType> groupPermissionTypes; if (presetUserGroupPermissions.TryGetValue(userGroupId, out groupPermissionTypes)) { localDefinedUserGroupPermissionTypes.AddRange(groupPermissionTypes); } } if (localDefinedUserGroupPermissionTypes.Contains(PermissionType.ClearPermissions)) { return(new PermissionType[0]); } return(localDefinedUserGroupPermissionTypes.Distinct()); } ICollection <UserPermissionDefinition> userPermissionDefinitions = GetUserPermissionDefinitions(userToken.Username).Evaluate(); ICollection <UserGroupPermissionDefinition> userGroupPermissionDefinitions = GetUserGroupPermissionDefinitions(userToken.Username).Evaluate(); List <EntityToken> parentEntityTokens = ParentsFacade.GetAllParents(entityToken); foreach (EntityToken parentEntityToken in parentEntityTokens) { RecursiveUpdateCurrentUserPermissionTypes(userToken, parentEntityToken, userPermissionDefinitions, new HashSet <EntityTokenPair>()); RecursiveUpdateCurrentUserGroupPermissionTypes(userToken, parentEntityToken, userGroupPermissionDefinitions, new HashSet <EntityTokenPair>()); } if (!PermissionTypeFacadeCaching.CachingWorking) { throw new InvalidOperationException("RequestLifetimeCache is not operational"); } var permissionTypes = Enumerable.Empty <PermissionType>(); foreach (EntityToken parentEntityToken in parentEntityTokens) { IEnumerable <PermissionType> parentUserPermissionTypes = PermissionTypeFacadeCaching.GetUserPermissionTypes(userToken, parentEntityToken); if (parentUserPermissionTypes != null) { permissionTypes = permissionTypes.Concat(parentUserPermissionTypes); } IEnumerable <PermissionType> parentUserGroupPermissionTypes = PermissionTypeFacadeCaching.GetUserGroupPermissionTypes(userToken, parentEntityToken); if (parentUserGroupPermissionTypes != null) { permissionTypes = permissionTypes.Concat(parentUserGroupPermissionTypes); } } var distinctPermissionTypes = permissionTypes.Distinct().ToList(); PermissionTypeFacadeCaching.SetInheritedPermissionsTypes(userToken, entityToken, distinctPermissionTypes); return(distinctPermissionTypes); }
/// <summary> /// This returns a merged result of user permissions and user group permissions /// </summary> /// <param name="userToken"></param> /// <param name="entityToken"></param> /// <returns></returns> public static IEnumerable <PermissionType> GetInheritedPermissionsTypes(UserToken userToken, EntityToken entityToken) { return(GetInheritedPermissionsTypes(userToken, entityToken, null)); }