public StoredItemSecurityContext(StoredObjectId item, IUserInfoStore user)
{
Condition.Requires(item).IsNotNull();
Condition.Requires(user).IsNotNull();
this.Item = item;
this.User = user;
}
public PerUserAccessCondition(StoredObjectId item, IUserInfoStore user)
{
Condition.Requires(item).IsNotNull();
Condition.Requires(user).IsNotNull();
this.Item = item;
this.User = user;
}
public StoreSecurityException(IHasId item, IUserInfoStore user, StoredItemAccessMode ruleType)
: base(string.Format("{2} Access denied on {0} for {1}", item, user, ruleType))
{
Condition.Requires(item).IsNotNull();
Condition.Requires(user).IsNotNull();
this._item = item;
this._user = user;
this._ruleType = ruleType;
}
public StoreSecurityException(IHasId item, IUserInfoStore user, StoredItemAccessMode ruleType)
: base(string.Format("{2} Access denied on {0} for {1}", item, user, ruleType))
{
Condition.Requires(item).IsNotNull();
Condition.Requires(user).IsNotNull();
this._item = item;
this._user = user;
this._ruleType = ruleType;
}
public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
// call base
base.GetObjectData(info, context);
//pull out added info
this._item = info.GetValue("_item", typeof(object)) as IHasId;
this._user = info.GetValue("_user", typeof( object)) as IUserInfoStore;
this._ruleType = (StoredItemAccessMode)info.GetValue("_ruleType", typeof(StoredItemAccessMode));
}
public override void GetObjectData(SerializationInfo info, StreamingContext context)
{
// call base
base.GetObjectData(info, context);
//pull out added info
this._item = info.GetValue("_item", typeof(object)) as IHasId;
this._user = info.GetValue("_user", typeof(object)) as IUserInfoStore;
this._ruleType = (StoredItemAccessMode)info.GetValue("_ruleType", typeof(StoredItemAccessMode));
}
/// <summary>
/// for a particular stored item, accessing user, and access mode, get all applicable rules, in order of least
/// dependent rule to most
/// </summary>
/// <param name="ruleType"></param>
/// <param name="storeItem"></param>
/// <param name="user"></param>
/// <returns></returns>
protected List<StoreAccessRule> GetItemRulesForUser(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
//first look for item specific rules, and null item rules
SearchFilterOf<StoreAccessRule> filter = new SearchFilterOf<StoreAccessRule>((x) =>
{
if (x.RuleType == ruleType &&
(x.Item == null || x.Item.Id.Equals(storeItem.Id)))
return true;
return false;
});
var list = RuleStore.Search<StoreAccessRule>(filter);
List<IHasDependencyOf<StoreAccessRule>> unsortedList = list.ConvertListTo<IHasDependencyOf<StoreAccessRule>, StoreAccessRule>();
//now order the list by dependency from least to most
var sortedList = DependencyUtil.SortHasADependency(unsortedList);
//return
var sortedConvertedList = sortedList.ConvertListTo<StoreAccessRule, IHasDependencyOf<StoreAccessRule>>();
//add ALL overriding rules to the first on the list
//RULE 1: The owner will always have full access to item
sortedConvertedList.Insert(0, new StoreAccessRule("OWNER", ruleType, (ihasId, accessUser) =>
{
if (accessUser.Id.Equals(user.Id))
{
return true;
}
return null;
}));
return sortedConvertedList;
}
protected bool HasAccessToItem(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
var rules = this.GetItemRulesForUser(ruleType, storeItem, user);
//if no rules are present, default to no access
if (rules == null || rules.Count == 0)
return false;
foreach (var each in rules)
{
var res = each.HasAccess(storeItem, user);
//if it's doesn't have a value the rule is skipped
if (!res.HasValue)
{
continue;
}
return res.Value;
}
return false;
}
protected void HasAccessToItemAndThrow(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
if (!this.HasAccessToItem(ruleType, storeItem, user))
{
throw new StoreSecurityException(storeItem, user, ruleType);
}
}
/// <summary>
/// for a particular stored item, accessing user, and access mode, get all applicable rules, in order of least
/// dependent rule to most
/// </summary>
/// <param name="ruleType"></param>
/// <param name="storeItem"></param>
/// <param name="user"></param>
/// <returns></returns>
protected List <StoreAccessRule> GetItemRulesForUser(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
//first look for item specific rules, and null item rules
SearchFilterOf <StoreAccessRule> filter = new SearchFilterOf <StoreAccessRule>((x) =>
{
if (x.RuleType == ruleType &&
(x.Item == null || x.Item.Id.Equals(storeItem.Id)))
{
return(true);
}
return(false);
});
var list = RuleStore.Search <StoreAccessRule>(filter);
List <IHasDependencyOf <StoreAccessRule> > unsortedList = list.ConvertListTo <IHasDependencyOf <StoreAccessRule>, StoreAccessRule>();
//now order the list by dependency from least to most
var sortedList = DependencyUtil.SortHasADependency(unsortedList);
//return
var sortedConvertedList = sortedList.ConvertListTo <StoreAccessRule, IHasDependencyOf <StoreAccessRule> >();
//add ALL overriding rules to the first on the list
//RULE 1: The owner will always have full access to item
sortedConvertedList.Insert(0, new StoreAccessRule("OWNER", ruleType, (ihasId, accessUser) =>
{
if (accessUser.Id.Equals(user.Id))
{
return(true);
}
return(null);
}));
return(sortedConvertedList);
}
protected bool HasAccessToItem(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
var rules = this.GetItemRulesForUser(ruleType, storeItem, user);
//if no rules are present, default to no access
if (rules == null || rules.Count == 0)
{
return(false);
}
foreach (var each in rules)
{
var res = each.HasAccess(storeItem, user);
//if it's doesn't have a value the rule is skipped
if (!res.HasValue)
{
continue;
}
return(res.Value);
}
return(false);
}
protected void HasAccessToItemAndThrow(StoredItemAccessMode ruleType, IHasId storeItem, IUserInfoStore user)
{
if (!this.HasAccessToItem(ruleType, storeItem, user))
{
throw new StoreSecurityException(storeItem, user, ruleType);
}
}
