private List <string> GetDenyProperties(object targetObject) { List <string> denyMembers = new List <string>(); Type targetType = targetObject.GetType(); IEntityType entityType = securityDbContext.RealDbContext.Model.FindEntityType(targetType); IEnumerable <INavigation> properties = entityType.GetNavigations(); IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties(); foreach (IProperty property in properties) { PropertyInfo propertyInfo = propertiesInfo.FirstOrDefault(p => p.Name == property.Name); if (property.IsKey()) { continue; } if (property.GetContainingForeignKeys().Count() > 0) { continue; } if (property.GetContainingKeys().Count() > 0) { continue; } if (propertyInfo != null && propertyInfo.GetGetMethod().IsStatic) { continue; } bool isGranted = permissionProcessor.IsGranted(targetType, SecurityOperation.Read, targetObject, property.Name); if (!isGranted) { denyMembers.Add(property.Name); } } return(denyMembers); }
private static List <string> GetBlockedProperties(object targetObject, IModel model, IPermissionProcessor processor) { List <string> denyMembers = new List <string>(); Type targetType = targetObject.GetType(); IEntityType entityType = model.FindEntityType(targetType); IEnumerable <IProperty> properties = entityType.GetProperties(); foreach (IProperty property in properties) { if (property.IsKey()) { continue; } if (property.GetContainingForeignKeys().Count() > 0) { continue; } if (property.GetContainingKeys().Count() > 0) { continue; } bool isGranted = processor.IsGranted(targetType, SecurityOperation.Read, targetObject, property.Name); if (!isGranted) { denyMembers.Add(property.Name); } } return(denyMembers); }
private static List <string> GetBlockedNavigationProperties(object targetObject, IEnumerable <object> denyObjects, IModel model, IPermissionProcessor processor) { List <string> denyNavigationProperties = new List <string>(); Type targetType = targetObject.GetType(); IEntityType entityType = model.FindEntityType(targetType); IEnumerable <INavigation> properties = entityType.GetNavigations(); IEnumerable <PropertyInfo> propertiesInfo = targetType.GetRuntimeProperties(); foreach (INavigation propertyNavigation in properties) { bool isGranted = processor.IsGranted(targetObject.GetType(), SecurityOperation.Read, targetObject, propertyNavigation.Name); if (!isGranted) { denyNavigationProperties.Add(propertyNavigation.Name); denyNavigationProperties.AddRange(GetDenyForeignKey(propertyNavigation).Select(p => p.Name)); } else { PropertyInfo navigationPropertyInfo = propertiesInfo.First(p => p.Name == propertyNavigation.Name); if (!propertyNavigation.IsCollection()) { object valueNavigationProperty = navigationPropertyInfo.GetValue(targetObject); if (valueNavigationProperty != null) { bool isDenyNavigationObject = denyObjects.Contains(valueNavigationProperty); if (isDenyNavigationObject) { denyNavigationProperties.Add(propertyNavigation.Name); denyNavigationProperties.AddRange(GetDenyForeignKey(propertyNavigation).Select(p => p.Name)); } } } } } return(denyNavigationProperties); }
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation, object targetObject) { return(processor.IsGranted(type, operation, targetObject, "")); }
public static bool IsGranted(this IPermissionProcessor processor, Type type, SecurityOperation operation) { return(processor.IsGranted(type, operation, null, "")); }
private bool IsMemberGranted(string member, Type type, object realObject) { return(processor.IsGranted(type, SecurityOperation.Write, realObject, member)); }
public Expression GetDatabaseReadExpressionFromSecurity(Expression sourceExpression, Type type) { Expression loadExpression = null; if (permissionsProvider.GetPermissions().Count() > 0) { ParameterExpression parameterExpression = Expression.Parameter(type, "p"); bool allowReadLevelType = permissionProcessor.IsGranted(type, SecurityOperation.Read); if (allowReadLevelType) { IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); if (objectsDenyExpression.Count() > 0) { IEnumerable <Expression> originalExpressions = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria)); IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(originalExpressions); loadExpression = GetAndMergedExpression(invertedExpressions); } } else { IEnumerable <IObjectPermission> objectsAllowExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read)); if (objectsAllowExpression.Count() > 0) { IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(objectsAllowExpression.Select(p => p.Criteria)); loadExpression = GetOrMergedExpression(nativeExpression); IEnumerable <IObjectPermission> objectsDenyExpression = GetObjectPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); nativeExpression = GetBodiesOfLambdaExpressions(objectsDenyExpression.Select(p => p.Criteria)); IEnumerable <Expression> invertedExpressions = GetInvertedExpressions(nativeExpression); Expression denyObjectExpression = GetAndMergedExpression(invertedExpressions); if (denyObjectExpression != null) { loadExpression = Expression.AndAlso(loadExpression, denyObjectExpression); } } IEnumerable <IMemberPermission> memberAllowExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Allow && p.Operations.HasFlag(SecurityOperation.Read)); if (memberAllowExpression.Count() > 0) { Expression membersExpression = null; IEnumerable <IMemberPermission> memberDenyExpression = GetMemberPermissions(type).Where(p => p.OperationState == OperationState.Deny && p.Operations.HasFlag(SecurityOperation.Read)); IEnumerable <string> memberNames = memberAllowExpression.GroupBy(x => x.MemberName).Select(g => g.First().MemberName); foreach (string memberName in memberNames) { Expression memberExpression; IEnumerable <IMemberPermission> currentMemberAllowExpressions = memberAllowExpression.Where(p => p.MemberName == memberName); IEnumerable <Expression> nativeExpression = GetBodiesOfLambdaExpressions(currentMemberAllowExpressions.Select(p => p.Criteria)); memberExpression = GetOrMergedExpression(nativeExpression); IEnumerable <IMemberPermission> currentMemberDenyExpressions = memberDenyExpression.Where(p => p.MemberName == memberName); if (currentMemberDenyExpressions.Count() > 0) { nativeExpression = GetBodiesOfLambdaExpressions(currentMemberDenyExpressions.Select(p => p.Criteria)); IEnumerable <Expression> inversionExpression = GetInvertedExpressions(nativeExpression); Expression denyLoadObjectExpression = GetAndMergedExpression(inversionExpression); if (denyLoadObjectExpression != null) { memberExpression = Expression.AndAlso(memberExpression, denyLoadObjectExpression); } } if (membersExpression == null) { membersExpression = memberExpression; } else { membersExpression = Expression.OrElse(membersExpression, memberExpression); } } if (membersExpression != null) { if (loadExpression == null) { loadExpression = membersExpression; } else { loadExpression = Expression.OrElse(loadExpression, membersExpression); } } } if (loadExpression == null) { loadExpression = Expression.Constant(false); } } if (loadExpression != null) { UpdateParameterVisitor updateParameterVisitor = new UpdateParameterVisitor(realDbContext, parameterExpression); loadExpression = updateParameterVisitor.Visit(loadExpression); //loadExpression = Expression.Condition( // loadExpression, // Expression.Constant(true, typeof(bool)), // Expression.Constant(false, typeof(bool))); MethodInfo whereMethodInfo = UtilityHelper.GetMethods("Where", type, 1).First().MakeGenericMethod(type); Expression whereLambda = Expression.Lambda(loadExpression, parameterExpression); loadExpression = Expression.Call(whereMethodInfo, new[] { sourceExpression, whereLambda }); } else { loadExpression = sourceExpression; } } else { loadExpression = sourceExpression; } return(loadExpression); }