/// <summary> /// Grant a particular rights holder specific rights to an entity. /// </summary> /// <param name="rightsHolderId">The rights holder's id.</param> /// <param name="entityId">The entity's id.</param> /// <param name="rightId">The specific right's id.</param> /// <returns>The id of the AccessControl row.</returns> internal static Guid GrantAccess(Guid rightsHolderId, Guid entityId, Guid rightId) { DataModelTransaction transaction = DataModelTransaction.Current; DataModel dataModel = new DataModel(); Guid currentUserId = TradingSupport.UserId; UserRow currentUserRow = DataModel.User.UserKey.Find(currentUserId); RightsHolderRow rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId); Guid rightsHolderTenantId; AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId); Guid accessControlId = Guid.Empty; // Determine whether current user has write access to the entity. if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write)) { throw new FaultException <SecurityFault>( new SecurityFault(String.Format("{0} does not write permission to {1}", rightsHolderId, entityId))); } rightsHolderRow.AcquireReaderLock(transaction); rightsHolderTenantId = rightsHolderRow.TenantId; rightsHolderRow.ReleaseReaderLock(transaction.TransactionId); // Determine whether current user's tenant is upstream from rights holder we're modifying. if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId)) { throw new FaultException <SecurityFault>( new SecurityFault(String.Format("{0} does not control over tenant {1}", rightsHolderId, rightsHolderTenantId))); } if (accessControlRow != null) { accessControlRow.AcquireWriterLock(transaction); accessControlId = accessControlRow.AccessControlId; dataModel.UpdateAccessControl( accessControlRow.AccessControlId, new object[] { accessControlRow.AccessControlId }, rightId, entityId, rightsHolderId, accessControlRow.RowVersion, rightsHolderTenantId); } else { accessControlId = Guid.NewGuid(); dataModel.CreateAccessControl( accessControlId, rightId, entityId, rightsHolderId, rightsHolderTenantId); } return(accessControlId); }
/// <summary> /// Revoke any and all access a rights holder has to an entity. /// </summary> /// <param name="rightsHolderId">The rights holder's id.</param> /// <param name="entityId">The entity's id.</param> /// <returns>The error code.</returns> internal static ErrorCode RevokeAccess(Guid rightsHolderId, Guid entityId) { DataModelTransaction transaction = DataModelTransaction.Current; DataModel dataModel = new DataModel(); Guid currentUserId = TradingSupport.UserId; UserRow currentUserRow = DataModel.User.UserKey.Find(currentUserId); RightsHolderRow rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId); Guid rightsHolderTenantId; AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId); // Determine whether current user has write access to the entity. if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write)) { return(ErrorCode.AccessDenied); } rightsHolderRow.AcquireReaderLock(transaction); rightsHolderTenantId = rightsHolderRow.TenantId; rightsHolderRow.ReleaseReaderLock(transaction.TransactionId); // Determine whether current user's tenant is upstream from rights holder we're modifying. if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId)) { return(ErrorCode.AccessDenied); } if (accessControlRow != null) { accessControlRow.AcquireWriterLock(transaction); dataModel.DestroyAccessControl(new object[] { accessControlRow.AccessControlId }, accessControlRow.RowVersion); } else { return(ErrorCode.RecordNotFound); } return(ErrorCode.Success); }