private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.LocalIntranet, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser;
isfp.UserQuota = Int64.MaxValue;
nps.AddPermission(isfp);
nps.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag spf = SecurityPermissionFlag.Execution | SecurityPermissionFlag.Assertion;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// DnsPermission requires stuff outside corlib (System)
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
/// <summary>
/// 保存用户角色关系
/// </summary>
/// <param name="accountId">用户Id</param>
/// <param name="roleIds">角色Id集合</param>
/// <param name="operational">操作信息</param>
/// <returns>结果</returns>
public static Result SavePermissionRole(Guid accountId, List <Guid> roleIds, Operational operational)
{
Result result = new Result();
try
{
using (IPowerUnitOfWork unit = DbContext.CreateIPowerUnitOfWork())
{
IRoleUserRelationshipRepository roleUserRelationshipRepository = DbContext.CreateIRoleUserRelationshipRepository(unit);
roleUserRelationshipRepository.RemoveByAccountId(accountId);
var content = PermissionBuilder.ToMRoleUserRelationship(accountId, roleIds);
roleUserRelationshipRepository.Add(content);
unit.Complete();
}
result.IsSucceed = true;
result.Message = "保存成功";
}
catch (Exception ex)
{
result.IsSucceed = false;
result.Message = Const.ErrorMessage;
LogService.WriteLog(ex, "保存用户角色关系");
}
return(result);
}
/// <summary>
/// 保存权限菜单
/// </summary>
/// <param name="roleId">角色Id</param>
/// <param name="menuIds">菜单Id集合</param>
/// <param name="operational">操作信息</param>
/// <returns>结果</returns>
public static Result SavePermissionMenu(Guid roleId, List <Guid> menuIds, Operational operational)
{
Result result = new Result();
try
{
PermissionValidate.ValidateMenuIds(menuIds);
using (IPowerUnitOfWork unit = DbContext.CreateIPowerUnitOfWork())
{
IRolePermissionsRepository rolePermissionsRepository = DbContext.CreateIRolePermissionsRepository(unit);
rolePermissionsRepository.RemoveByRoleId(roleId);
var content = PermissionBuilder.ToMRolePermissions(roleId, menuIds);
rolePermissionsRepository.Add(content);
unit.Complete();
}
result.IsSucceed = true;
result.Message = "保存成功";
}
catch (CustomException ex)
{
result.IsSucceed = false;
result.Message = ex.Message;
}
catch (Exception ex)
{
result.IsSucceed = false;
result.Message = Const.ErrorMessage;
LogService.WriteLog(ex, "保存权限菜单");
}
return(result);
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Everything", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
SecurityPermissionFlag securityPermissionFlag = SecurityPermissionFlag.AllFlags;
securityPermissionFlag &= ~SecurityPermissionFlag.SkipVerification;
namedPermissionSet.AddPermission(new SecurityPermission(securityPermissionFlag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Drawing.Printing.PrintingPermission, System.Drawing, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.EventLogPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.SocketPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.WebPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Diagnostics.PerformanceCounterPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.DirectoryServices.DirectoryServicesPermission, System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Messaging.MessageQueuePermission, System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.ServiceProcess.ServiceControllerPermission, System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.OleDb.OleDbPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Data.SqlClient.SqlClientPermission, System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
return(namedPermissionSet);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.INSERT);
if (Taxon.Parent != null && Taxon.Parent.ObjectID.HasValue && Taxon.Parent.ObjectID > 0)
{
required.AddBiota(Taxon.Parent.ObjectID.Value, PERMISSION_MASK.INSERT);
}
}
public void WhenSyncingPermissionsThenDanglingPermissionsAreDeleted()
{
var permission = new PermissionBuilder(this.Session).Build();
new Permissions(this.Session).Sync();
Assert.IsTrue(permission.Strategy.IsDeleted);
}
public void Build()
{
var result = PermissionBuilder.CreatePermission("Permission1").Build();
Assert.IsNotNull(result);
Assert.IsInstanceOfType(result, typeof(Permission));
Assert.AreEqual("Permission1", result.Name);
}
internal PlatformBuilder(IServiceCollection services)
{
this.services = services;
var everyoneFunctionBuilder = new ModelFunctionBuilder("Everyone");
everyoneFunctionBuilder.AddPermission("All", opt => { everyone = opt; });
functions.Add(everyoneFunctionBuilder);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.UPDATE);
// don't need biota permission to update a new item...
if (!_isNew)
{
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.UPDATE);
}
}
public void BuildEmptyPermissions()
{
var permissions = new List <Permission>()
{
Permission.Default
};
var result = PermissionBuilder.CreatePermissionsTable(permissions);
Assert.AreEqual(result, "xdmp.defaultPermissions()");
}
/// <summary>
/// Cria todas as permissões do builder caso não existam.
/// </summary>
public static void CreatePermissionsIfNotExists(PermissionBuilder builder, ApplicationRoleManager roleManager)
{
Groups = builder.Groups;
foreach (PermissionGroupBuildItem group in Groups)
{
foreach (Building.PermissionBuildItem permission in group.Permissions)
{
CreatePermissionIfNotExists(permission, roleManager);
}
}
}
public void WhenSyncingPermissionsThenObsolotePermissionsAreDeleted()
{
var domain = (Domain)this.Session.Database.MetaPopulation.Find(new Guid("AB41FD0C-C887-4A1D-BEDA-CED69527E69A"));
var count = new Permissions(this.Session).Extent().Count;
var permission = new PermissionBuilder(this.Session).WithConcreteClassPointer(new Guid()).WithOperation(Operations.Execute).WithOperandTypePointer(new Guid()).Build();
new Permissions(this.Session).Sync();
Assert.AreEqual(count, new Permissions(this.Session).Extent().Count);
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("Internet", PermissionState.None);
namedPermissionSet.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser,
UserQuota = 512000L
});
namedPermissionSet.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
namedPermissionSet.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
protected override void OnModelCreating(DbModelBuilder modelBuilder)
{
base.OnModelCreating(modelBuilder);
modelBuilder.Conventions.Remove <PluralizingTableNameConvention>();
modelBuilder.Conventions.Add <OneToManyCascadeDeleteConvention>();
var userBuilder = new UserBuilder(modelBuilder.Entity <UserEntity>());
var roleBuilder = new RoleBuilder(modelBuilder.Entity <RoleEntity>());
var companyBuilder = new CompanyBuilder(modelBuilder.Entity <CompanyEntity>());
var experimentBuilder = new ExperimentBuilder(modelBuilder.Entity <ExperimentEntity>());
var permissionBuilder = new PermissionBuilder(modelBuilder.Entity <PermissionEntity>());
var projectBuilder = new ProjectBuilder(modelBuilder.Entity <ProjectEntity>());
var auditTrailBuilder = new AuditTrailBuilder(modelBuilder.Entity <AuditTrailEntity>());
var auditTrailChangeLogBuilder = new AuditTrailChangeLogBuilder(modelBuilder.Entity <AuditTrailChangeLogEntity>());
var LicenseTypeBuilder = new LicenseTypeBuilder(modelBuilder.Entity <LicenseTypeEntity>());
var LicenseBuilder = new LicenseBuilder(modelBuilder.Entity <LicenseEntity>());
}
private static NamedPermissionSet BuildLocalIntranet()
{
NamedPermissionSet namedPermissionSet = new NamedPermissionSet("LocalIntranet", PermissionState.None);
namedPermissionSet.AddPermission(new EnvironmentPermission(EnvironmentPermissionAccess.Read, "USERNAME;USER"));
namedPermissionSet.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(new IsolatedStorageFilePermission(PermissionState.None)
{
UsageAllowed = IsolatedStorageContainment.AssemblyIsolationByUser,
UserQuota = long.MaxValue
});
namedPermissionSet.AddPermission(new ReflectionPermission(ReflectionPermissionFlag.ReflectionEmit));
SecurityPermissionFlag flag = SecurityPermissionFlag.Assertion | SecurityPermissionFlag.Execution;
namedPermissionSet.AddPermission(new SecurityPermission(flag));
namedPermissionSet.AddPermission(new UIPermission(PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create("System.Net.DnsPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089", PermissionState.Unrestricted));
namedPermissionSet.AddPermission(PermissionBuilder.Create(DefaultPolicies.PrintingPermission("SafePrinting")));
return(namedPermissionSet);
}
private static NamedPermissionSet BuildInternet()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Internet, PermissionState.None);
nps.AddPermission(new FileDialogPermission(FileDialogPermissionAccess.Open));
IsolatedStorageFilePermission isfp = new IsolatedStorageFilePermission(PermissionState.None);
isfp.UsageAllowed = IsolatedStorageContainment.DomainIsolationByUser;
isfp.UserQuota = 512000;
nps.AddPermission(isfp);
nps.AddPermission(new SecurityPermission(SecurityPermissionFlag.Execution));
nps.AddPermission(new UIPermission(UIPermissionWindow.SafeTopLevelWindows, UIPermissionClipboard.OwnClipboard));
// PrintingPermission requires stuff outside corlib (System.Drawing)
nps.AddPermission(PermissionBuilder.Create(PrintingPermission("SafePrinting")));
return(nps);
}
private static NamedPermissionSet BuildEverything()
{
NamedPermissionSet nps = new NamedPermissionSet(ReservedNames.Everything, PermissionState.None);
nps.AddPermission(new EnvironmentPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileDialogPermission(PermissionState.Unrestricted));
nps.AddPermission(new FileIOPermission(PermissionState.Unrestricted));
nps.AddPermission(new IsolatedStorageFilePermission(PermissionState.Unrestricted));
nps.AddPermission(new ReflectionPermission(PermissionState.Unrestricted));
nps.AddPermission(new RegistryPermission(PermissionState.Unrestricted));
nps.AddPermission(new KeyContainerPermission(PermissionState.Unrestricted));
// not quite all in this case
SecurityPermissionFlag spf = SecurityPermissionFlag.AllFlags;
spf &= ~SecurityPermissionFlag.SkipVerification;
nps.AddPermission(new SecurityPermission(spf));
nps.AddPermission(new UIPermission(PermissionState.Unrestricted));
// others requires stuff outside corlib
#if !MOBILE
nps.AddPermission(PermissionBuilder.Create(DnsPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(PrintingPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(EventLogPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SocketPermissionClass, PermissionState.Unrestricted));
#endif
nps.AddPermission(PermissionBuilder.Create(WebPermissionClass, PermissionState.Unrestricted));
#if !MOBILE
nps.AddPermission(PermissionBuilder.Create(PerformanceCounterPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(DirectoryServicesPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(MessageQueuePermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(ServiceControllerPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(OleDbPermissionClass, PermissionState.Unrestricted));
nps.AddPermission(PermissionBuilder.Create(SqlClientPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (DataProtectionPermissionClass, PermissionState.Unrestricted));
// nps.AddPermission (PermissionBuilder.Create (StorePermissionClass, PermissionState.Unrestricted));
#endif
return(nps);
}
internal bool CheckDeny(CodeAccessPermission denied)
{
if (denied == null)
{
return(true);
}
Type t = denied.GetType();
if (t != this.GetType())
{
return(true);
}
IPermission inter = Intersect(denied);
if (inter == null)
{
return(true);
}
// sadly that's not enough :( at this stage we must also check
// if an empty (PermissionState.None) is a subset of the denied
// (which is like a empty intersection looks like for flag based
// permissions, e.g. AspNetHostingPermission).
return(denied.IsSubsetOf(PermissionBuilder.Create(t)));
}
protected override void BindPermissions(PermissionBuilder required)
{
required.None();
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.INSERT);
if (Taxon.Parent != null && Taxon.Parent.ObjectID.HasValue && Taxon.Parent.ObjectID > 0) {
required.AddBiota(Taxon.Parent.ObjectID.Value, PERMISSION_MASK.INSERT);
}
}
public PlatformModuleBuilder(IServiceCollection services, PermissionBuilder everyone)
{
Everyone = everyone;
this.services = services;
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.DELETE);
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.DELETE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.USERMANAGER_USER, PERMISSION_MASK.DELETE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SUPPORT_PHRASES, PERMISSION_MASK.DELETE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPARC_MATERIAL, PERMISSION_MASK.UPDATE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.None();
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_EXPLORER, PERMISSION_MASK.ALLOW);
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.UPDATE);
required.AddBiota(NewParent.TaxaID.Value, PERMISSION_MASK.UPDATE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SUPPORT_CATEGORIES, PERMISSION_MASK.UPDATE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPARC_EXPLORER, PERMISSION_MASK.ALLOW);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_EXPLORER, PERMISSION_MASK.ALLOW);
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.UPDATE);
required.AddBiota(NewParent.TaxaID.Value, PERMISSION_MASK.UPDATE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPARC_SITE, PERMISSION_MASK.INSERT);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.UPDATE);
required.AddBiota(Model.BiotaID, PERMISSION_MASK.UPDATE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SUPPORT_REFS, PERMISSION_MASK.INSERT);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.UPDATE);
// don't need biota permission to update a new item...
if (!_isNew) {
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.UPDATE);
}
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPARC_SITEGROUP, PERMISSION_MASK.DELETE);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.OWNER);
}
protected override void BindPermissions(PermissionBuilder required)
{
required.Add(PermissionCategory.SPIN_TAXON, PERMISSION_MASK.DELETE);
required.AddBiota(Taxon.TaxaID.Value, PERMISSION_MASK.DELETE);
}