void OnBeforeDelete(object sender, OnBeforeDeleteEventArgs e)
{
if (e.SkipSecurity)
{
return;
}
// Security is applied during delete traversal stage only (since predicates require relations to be loaded etc, can't work during commit phase)
if (e.IsCommitPhase)
{
return;
}
var authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
var claims = authentication.GetCurrentUserClaims();
string message = null;
SecurityPredicate predicate = null;
var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanDelete(e.Entity, claims, out message, out predicate);
if (permissionLevel != PermissionLevel.Authorized)
{
authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
}
// If there is filter defined => we should verify the data accessed complies with the filter
if (predicate != null)
{
e.FilterExpression = predicate.Filter;
}
}
void OnBeforeCount(object sender, OnBeforeCountEventArgs e)
{
if (e.SkipSecurity)
{
return;
}
var authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
var claims = authentication.GetCurrentUserClaims();
string message = null;
SecurityPredicate predicate = null;
var permissionLevel = ApplicationSettings.Container.Resolve <IAuthorizations>().CanRead(new GORoleDataObject(), claims, out message, out predicate);
if (permissionLevel != PermissionLevel.Authorized)
{
authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
}
// If there is filter defined => add it to existing predicate
if (predicate != null)
{
e.FilterExpression = predicate.Filter;
}
}
void OnBeforeGet(object sender, OnBeforeGetEventArgs e)
{
if (e.SkipSecurity)
return;
var authentication = ApplicationSettings.Container.Resolve<IAuthentication>();
var claims = authentication.GetCurrentUserClaims();
string message = null;
SecurityPredicate predicate = null;
var permissionLevel = ApplicationSettings.Container.Resolve<IAuthorizations>().CanRead(e.Entity, claims, out message, out predicate);
if (permissionLevel != PermissionLevel.Authorized)
authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access")));
// If there is filter defined => we should verify the data accessed complies with the filter
if (predicate != null)
{
e.FilterExpression = predicate.Filter;
}
}
