public static void ValidateCanViewFlowByName(NodeVisit visit, string flowName)
{
if (!visit.IsFlowPermittedByName(flowName, FlowRoleType.View))
{
ThrowInsuficientPrivileges();
}
}
internal static bool CanViewFlowByName(string flowName)
{
NodeVisit adminVisit = VisitHelper.GetVisit();
if ((adminVisit != null) && (adminVisit.Account != null))
{
return(adminVisit.IsFlowPermittedByName(flowName, FlowRoleType.View));
}
return(false);
}
protected bool FilterSearchParamsForVisit(ActivitySearchParams search, NodeVisit visit,
out bool addFlowIsNullQuery)
{
if (visit.IsAdmin)
{
addFlowIsNullQuery = false;
}
else
{
IList <string> flowNames = null;
if (CollectionUtils.IsNullOrEmpty(search.FlowNames))
{
addFlowIsNullQuery = true;
flowNames = GetAllFlowNames(visit);
if (CollectionUtils.IsNullOrEmpty(flowNames))
{
flowNames = new List <string>(1);
flowNames.Add("____BOGUS____FLOW____NAME____");
}
}
else
{
addFlowIsNullQuery = false;
flowNames = new List <string>();
foreach (string flowName in search.FlowNames)
{
if (visit.IsFlowPermittedByName(flowName, FlowRoleType.View))
{
flowNames.Add(flowName);
}
}
if (flowNames.Count == 0)
{
// Flows were specified to search on, but none of the flows are allowed for the user,
// so return no results
return(false);
}
}
search.FlowNames = flowNames;
}
return(true);
}
public ICollection <string> GetAllWebMethodNames(NodeVisit visit)
{
ICollection <string> webMethodNames = new List <string>();
DoSimpleQueryWithRowCallbackDelegate(
TABLE_NAME, null, null, "WebMethod",
"DISTINCT FlowName;WebMethod",
delegate(IDataReader reader)
{
string flowName = reader.GetString(0);
string webMethod = reader.GetString(1);
if (!string.IsNullOrEmpty(webMethod))
{
if (string.IsNullOrEmpty(flowName) || visit.IsFlowPermittedByName(flowName, FlowRoleType.View))
{
webMethodNames.Add(webMethod);
}
}
});
return(webMethodNames);
}
protected void ValidateUserPermissions(NodeVisit nodeVisit, string flowName, string serviceName,
NodeMethod webMethod, Activity activity)
{
bool hasPermission = nodeVisit.IsFlowPermittedByName(flowName, FlowRoleType.Endpoint);
if (!hasPermission)
{
string message = string.Format("User \"{0}\" is not authorized to access the flow \"{1}\"",
nodeVisit.Account.NaasAccount, flowName);
activity.AppendFormat("Raising exception: " + message);
throw new UnauthorizedAccessException(message);
}
if (string.IsNullOrEmpty(serviceName))
{
activity.AppendFormat("User {0} authorized for flow {1} and method {2}",
nodeVisit.Account.NaasAccount, flowName, webMethod.ToString());
}
else
{
activity.AppendFormat("User {0} authorized for flow {1} and operation {2} and method {3}",
nodeVisit.Account.NaasAccount, flowName, serviceName, webMethod.ToString());
}
}
protected bool CanUserAccessFlowByName(NodeVisit visit, string flowName, bool checkCanEdit)
{
return(visit.IsFlowPermittedByName(flowName, checkCanEdit ?
FlowRoleType.Modify : FlowRoleType.View));
}