private void AgregarPermiso(Rol rol, RolParametros parametros, ReflectionClassInfo RefInfo)
{
SecuritySystemTypePermissionObject PermisoDeObjeto = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
PermisoDeObjeto.TargetType = RefInfo.ClassType;
if (parametros.Leer)
{
PermisoDeObjeto.AllowRead = true;
}
if (parametros.Escribir)
{
PermisoDeObjeto.AllowWrite = true;
}
if (parametros.Crear)
{
PermisoDeObjeto.AllowCreate = true;
}
if (parametros.Borrar)
{
PermisoDeObjeto.AllowDelete = true;
}
if (parametros.Navegar)
{
PermisoDeObjeto.AllowNavigate = true;
}
rol.TypePermissions.Add(PermisoDeObjeto);
}
public static SecuritySystemMemberPermissionsObject CreateMemberPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemMemberPermissionsObject> action, bool defaultAllowValues = true)
{
IObjectSpace objectSpace = XPObjectSpace.FindObjectSpaceByObject(securitySystemTypePermissionObject);
var permission = objectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
permission.AllowRead = defaultAllowValues;
permission.AllowWrite = defaultAllowValues;
permission.EffectiveRead = defaultAllowValues;
permission.EffectiveWrite = defaultAllowValues;
securitySystemTypePermissionObject.MemberPermissions.Add(permission);
action.Invoke(permission);
return(permission);
}
private void CreateLogin()
{
#region CreateDefaultAdminRole
ExtendedSecurityRole adminRole = ObjectSpace.FindObject <ExtendedSecurityRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <ExtendedSecurityRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
#endregion CreateDefaultAdminRole
#region CreateDefaultUserRole
ExtendedSecurityRole userRole = ObjectSpace.FindObject <ExtendedSecurityRole>(
new BinaryOperator("Name", "User"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <ExtendedSecurityRole>();
userRole.Name = "User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
userRole.TypePermissions.Add(userTypePermission);
}
#endregion CreateDefaultUserRole
#region CreateDefaultAdminAccount
SecurityApplicationUser defaultEmployeeUserAccount = ObjectSpace.FindObject <SecurityApplicationUser>(new BinaryOperator("UserName", "admin"));
if (defaultEmployeeUserAccount == null)
{
defaultEmployeeUserAccount = ObjectSpace.CreateObject <SecurityApplicationUser>();
defaultEmployeeUserAccount.UserName = "******";
defaultEmployeeUserAccount.ExtendedSecurityRoles.Add(adminRole);
defaultEmployeeUserAccount.SetPassword("@123456");
}
#endregion CreateDefaultAdminAccount
}
public static SecuritySystemObjectPermissionsObject AddNewObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemObjectPermissionsObject> action, bool defaultAllowValues = true)
{
var objectSpace = XPObjectSpace.FindObjectSpaceByObject(securitySystemTypePermissionObject);
var permission = objectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
permission.AllowDelete = defaultAllowValues;
permission.AllowNavigate = defaultAllowValues;
permission.AllowRead = defaultAllowValues;
permission.AllowWrite = defaultAllowValues;
permission.EffectiveDelete = defaultAllowValues;
permission.EffectiveNavigate = defaultAllowValues;
permission.EffectiveRead = defaultAllowValues;
permission.EffectiveWrite = defaultAllowValues;
securitySystemTypePermissionObject.ObjectPermissions.Add(permission);
action?.Invoke(permission);
return(permission);
}
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateDefaultRole()
{
DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole defaultRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Default"));
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>();
defaultRole.Name = "Default";
SecuritySystemTypePermissionObject securityDemoUserPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
securityDemoUserPermissions.TargetType = typeof(SecuritySystemUser);
defaultRole.TypePermissions.Add(securityDemoUserPermissions);
SecuritySystemObjectPermissionsObject myDetailsPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//myDetailsPermission.TargetType = typeof(SecuritySystemUser);
myDetailsPermission.Criteria = "[Oid] = CurrentUserId()";
myDetailsPermission.AllowNavigate = true;
myDetailsPermission.AllowRead = true;
securityDemoUserPermissions.ObjectPermissions.Add(myDetailsPermission);
//defaultRole.PersistentPermissions.Add(myDetailsPermission);
SecuritySystemTypePermissionObject userPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userPermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemUser);
defaultRole.TypePermissions.Add(userPermissions);
SecuritySystemMemberPermissionsObject ownPasswordPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//ownPasswordPermission.TargetType = typeof(SecurityUser);
ownPasswordPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword";
ownPasswordPermission.AllowWrite = true;
userPermissions.MemberPermissions.Add(ownPasswordPermission);
//defaultRole.PersistentPermissions.Add(ownPasswordPermission);
SecuritySystemTypePermissionObject securityRolePermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
securityRolePermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole);
defaultRole.TypePermissions.Add(userPermissions);
SecuritySystemObjectPermissionsObject defaultRolePermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//defaultRolePermission.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole);
defaultRolePermission.Criteria = "[Name] = 'Default'";
defaultRolePermission.AllowNavigate = true;
defaultRolePermission.AllowRead = true;
securityRolePermissions.ObjectPermissions.Add(defaultRolePermission);
//defaultRole.PersistentPermissions.Add(defaultRolePermission);
}
return(defaultRole);
}
// Grant full access if permission object not found for the owner
// note that if you want to grant full access, you need to delete the existing permissions object
private void GrantFullAcccess(Type targetType, SecuritySystemRole role)
{
var opArArtfRecon = CriteriaOperator.Parse("TargetType = ? And Owner = ?",
targetType, role);
SecuritySystemTypePermissionObject typePermission = ObjectSpace.FindObject <SecuritySystemTypePermissionObject>(opArArtfRecon);
if (typePermission == null)
{
typePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
typePermission.TargetType = targetType;
typePermission.AllowCreate = true;
typePermission.AllowDelete = true;
typePermission.AllowNavigate = true;
typePermission.AllowRead = true;
typePermission.AllowWrite = true;
role.TypePermissions.Add(typePermission);
}
}
private void PermisosTipos(List <Type> tipos, SecuritySystemRole rol, bool create, bool del, bool navigate, bool read, bool write)
{
foreach (Type tp in tipos)
{
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = tp;
userTypePermission.AllowCreate = create;
userTypePermission.AllowDelete = del;
userTypePermission.AllowNavigate = navigate;
userTypePermission.AllowRead = read;
userTypePermission.AllowWrite = write;
rol.TypePermissions.Add(userTypePermission);
}
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
// Administrative role
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
// Administrator user
SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Administrator"));
if (adminUser == null)
{
adminUser = ObjectSpace.CreateObject <SecuritySystemUser>();
adminUser.UserName = "******";
adminUser.SetPassword("");
adminUser.Roles.Add(adminRole);
}
// A role whith type-level permissions
SecuritySystemRole contactsManagerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contacts Manager"));
if (contactsManagerRole == null)
{
contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactsManagerRole.Name = "Contacts Manager";
SecuritySystemTypePermissionObject contactTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactTypePermission.TargetType = typeof(Contact);
contactTypePermission.AllowCreate = true;
contactTypePermission.AllowDelete = true;
contactTypePermission.AllowNavigate = true;
contactTypePermission.AllowRead = true;
contactTypePermission.AllowWrite = true;
contactsManagerRole.TypePermissions.Add(contactTypePermission);
}
SecuritySystemUser userSam =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Sam"));
if (userSam == null)
{
userSam = ObjectSpace.CreateObject <SecuritySystemUser>();
userSam.UserName = "******";
userSam.SetPassword("");
userSam.Roles.Add(contactsManagerRole);
}
// A role with object-level permissions
SecuritySystemRole basicUserRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Basic User"));
if (basicUserRole == null)
{
basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>();
basicUserRole.Name = "Basic User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
basicUserRole.TypePermissions.Add(userTypePermission);
}
SecuritySystemUser userJohn =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "John"));
if (userJohn == null)
{
userJohn = ObjectSpace.CreateObject <SecuritySystemUser>();
userJohn.UserName = "******";
userJohn.SetPassword("");
userJohn.Roles.Add(basicUserRole);
}
// A role with member-level permissions
SecuritySystemRole contactViewerRole =
ObjectSpace.FindObject <SecuritySystemRole>(
new BinaryOperator("Name", "Contact Viewer"));
if (contactViewerRole == null)
{
contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
contactViewerRole.Name = "Contact Viewer";
SecuritySystemTypePermissionObject contactLimitedTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
contactLimitedTypePermission.TargetType = typeof(Contact);
contactLimitedTypePermission.AllowNavigate = true;
SecuritySystemMemberPermissionsObject contactMemberPermission =
ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
contactMemberPermission.Members = "Name";
contactMemberPermission.AllowRead = true;
contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission);
contactViewerRole.TypePermissions.Add(contactLimitedTypePermission);
}
SecuritySystemUser userBill =
ObjectSpace.FindObject <SecuritySystemUser>(
new BinaryOperator("UserName", "Bill"));
if (userBill == null)
{
userBill = ObjectSpace.CreateObject <SecuritySystemUser>();
userBill.UserName = "******";
userBill.SetPassword("");
userBill.Roles.Add(contactViewerRole);
}
// Contact objects are created for demo purposes
Contact contactMary = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "Mary Tellitson"));
if (contactMary == null)
{
contactMary = ObjectSpace.CreateObject <Contact>();
contactMary.Name = "Mary Tellitson";
contactMary.Email = "*****@*****.**";
}
Contact contactJohn = ObjectSpace.FindObject <Contact>(
new BinaryOperator("Name", "John Nilsen"));
if (contactJohn == null)
{
contactJohn = ObjectSpace.CreateObject <Contact>();
contactJohn.Name = "John Nilsen";
contactJohn.Email = "*****@*****.**";
}
ObjectSpace.CommitChanges();
}
private void CreatePermissionRule(ExtendedSecurityRole role, Type type,
bool create = true, bool delete = true, bool read = true, bool write = true, bool navigate = true)
{
var permission = new SecuritySystemTypePermissionObject(Session) { TargetType = type,
AllowCreate = create,
AllowDelete = delete,
AllowRead = read,
AllowWrite = write,
AllowNavigate = navigate };
role.TypePermissions.Add(permission);
}
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateSecurityDemoRole()
{
DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole securityDemoRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Demo"));
if (securityDemoRole == null)
{
securityDemoRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>();
securityDemoRole.Name = "Demo";
// Type Operation Permissions
SecuritySystemTypePermissionObject fullAccessPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
fullAccessPermission.TargetType = typeof(FullAccessObject);
fullAccessPermission.AllowCreate = true;
fullAccessPermission.AllowDelete = true;
fullAccessPermission.AllowNavigate = true;
fullAccessPermission.AllowRead = true;
fullAccessPermission.AllowWrite = true;
fullAccessPermission.Save();
securityDemoRole.TypePermissions.Add(fullAccessPermission);
SecuritySystemTypePermissionObject protectedContentPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
protectedContentPermission.TargetType = typeof(ProtectedContentObject);
protectedContentPermission.AllowNavigate = true;
protectedContentPermission.Save();
securityDemoRole.TypePermissions.Add(protectedContentPermission);
SecuritySystemTypePermissionObject readOnlyPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
readOnlyPermission.TargetType = typeof(ReadOnlyObject);
readOnlyPermission.AllowNavigate = true;
readOnlyPermission.AllowRead = true;
readOnlyPermission.Save();
securityDemoRole.TypePermissions.Add(readOnlyPermission);
SecuritySystemTypePermissionObject irremovablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
irremovablePermission.TargetType = typeof(IrremovableObject);
irremovablePermission.AllowCreate = true;
irremovablePermission.AllowNavigate = true;
irremovablePermission.AllowRead = true;
irremovablePermission.AllowWrite = true;
irremovablePermission.Save();
securityDemoRole.TypePermissions.Add(irremovablePermission);
SecuritySystemTypePermissionObject uncreatablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
uncreatablePermission.TargetType = typeof(UncreatableObject);
uncreatablePermission.AllowDelete = true;
uncreatablePermission.AllowNavigate = true;
uncreatablePermission.AllowRead = true;
uncreatablePermission.AllowWrite = true;
uncreatablePermission.Save();
securityDemoRole.TypePermissions.Add(uncreatablePermission);
// Member Operation Permissions
SecuritySystemTypePermissionObject navigateMemberLevelOperationObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
navigateMemberLevelOperationObjectPermission.TargetType = typeof(MemberLevelSecurityObject);
navigateMemberLevelOperationObjectPermission.AllowCreate = true;
navigateMemberLevelOperationObjectPermission.AllowDelete = true;
navigateMemberLevelOperationObjectPermission.AllowNavigate = true;
navigateMemberLevelOperationObjectPermission.Save();
securityDemoRole.TypePermissions.Add(navigateMemberLevelOperationObjectPermission);
SecuritySystemMemberPermissionsObject readWriteMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//readWriteMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
readWriteMemberPermission.Members = "ReadWriteProperty; Name; oid; Oid; OptimisticLockField"; // TODO - Slava D - service fields - XPO responsibility
readWriteMemberPermission.AllowRead = true;
readWriteMemberPermission.AllowWrite = true;
readWriteMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readWriteMemberPermission);
//securityDemoRole.TypePermissions.Add(readWriteMemberPermission);
SecuritySystemMemberPermissionsObject protectedContentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//protectedContentMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
protectedContentMemberPermission.Members = "ProtectedContentProperty; ProtectedContentCollection";
protectedContentMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(protectedContentMemberPermission);
//securityDemoRole.TypePermissions.Add(protectedContentMemberPermission);
SecuritySystemMemberPermissionsObject readOnlyMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
//readOnlyMemberPermission.TargetType = typeof(MemberLevelSecurityObject);
readOnlyMemberPermission.Members = "ReadOnlyProperty; ReadOnlyCollection";
readOnlyMemberPermission.AllowRead = true;
readOnlyMemberPermission.Save();
navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readOnlyMemberPermission);
//securityDemoRole.TypePermissions.Add(readOnlyMemberPermission);
SecuritySystemTypePermissionObject memberLevelReferencedObject1Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
memberLevelReferencedObject1Permission.TargetType = typeof(MemberLevelReferencedObject1);
memberLevelReferencedObject1Permission.AllowRead = true;
memberLevelReferencedObject1Permission.AllowWrite = true;
memberLevelReferencedObject1Permission.AllowCreate = true;
memberLevelReferencedObject1Permission.AllowDelete = true;
memberLevelReferencedObject1Permission.Save();
securityDemoRole.TypePermissions.Add(memberLevelReferencedObject1Permission);
SecuritySystemTypePermissionObject memberLevelReferencedObject2Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
memberLevelReferencedObject2Permission.TargetType = typeof(MemberLevelReferencedObject2);
memberLevelReferencedObject2Permission.AllowRead = true;
memberLevelReferencedObject2Permission.AllowWrite = true;
memberLevelReferencedObject2Permission.AllowCreate = true;
memberLevelReferencedObject2Permission.AllowDelete = true;
memberLevelReferencedObject2Permission.Save();
securityDemoRole.TypePermissions.Add(memberLevelReferencedObject2Permission);
// Object Operation Permissions
SecuritySystemTypePermissionObject navigateObjectLevelSecurityObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
navigateObjectLevelSecurityObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
navigateObjectLevelSecurityObjectPermission.AllowNavigate = true;
navigateObjectLevelSecurityObjectPermission.Save();
securityDemoRole.TypePermissions.Add(navigateObjectLevelSecurityObjectPermission);
SecuritySystemObjectPermissionsObject fullAccessObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//fullAccessObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
fullAccessObjectPermission.Criteria = "[Name] Like '%Fully Accessible%'";
//fullAccessObjectPermission.AllowCreate = true;
fullAccessObjectPermission.AllowDelete = true;
fullAccessObjectPermission.AllowNavigate = true;
fullAccessObjectPermission.AllowRead = true;
fullAccessObjectPermission.AllowWrite = true;
fullAccessObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(fullAccessObjectPermission);
//securityDemoRole.TypePermissions.Add(fullAccessObjectPermission);
SecuritySystemObjectPermissionsObject protectedContentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//protectedContentObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
protectedContentObjectPermission.Criteria = "[Name] Like '%Protected%'";
protectedContentObjectPermission.AllowNavigate = true;
protectedContentObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(protectedContentObjectPermission);
//securityDemoRole.TypePermissions.Add(protectedContentObjectPermission);
SecuritySystemObjectPermissionsObject readOnlyObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//readOnlyObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
readOnlyObjectPermission.Criteria = "[Name] Like '%Read-Only%'";
readOnlyObjectPermission.AllowNavigate = true;
readOnlyObjectPermission.AllowRead = true;
readOnlyObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(readOnlyObjectPermission);
//securityDemoRole.TypePermissions.Add(readOnlyObjectPermission);
SecuritySystemObjectPermissionsObject irremovableObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
//irremovableObjectPermission.TargetType = typeof(ObjectLevelSecurityObject);
irremovableObjectPermission.Criteria = "[Name] Like '%Protected Deletion%'";
//irremovableObjectPermission.AllowCreate = true;
irremovableObjectPermission.AllowNavigate = true;
irremovableObjectPermission.AllowRead = true;
irremovableObjectPermission.AllowWrite = true;
irremovableObjectPermission.Save();
navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(irremovableObjectPermission);
//securityDemoRole.TypePermissions.Add(irremovableObjectPermission);
securityDemoRole.Save();
}
return(securityDemoRole);
}
public static SecuritySystemObjectPermissionsObject CreateObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, bool defaultAllowValues = true)
{
return(CreateObjectPermission(securitySystemTypePermissionObject, null, defaultAllowValues));
}
public override void UpdateDatabaseAfterUpdateSchema()
{
base.UpdateDatabaseAfterUpdateSchema();
if (ObjectSpace.CreateCollection(typeof(Company)).Count == 0)
{
SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName));
if (adminRole == null)
{
adminRole = ObjectSpace.CreateObject <SecuritySystemRole>();
adminRole.Name = SecurityStrategy.AdministratorRoleName;
adminRole.IsAdministrative = true;
}
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "User"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "User";
SecuritySystemTypePermissionObject userTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(SecuritySystemUser);
SecuritySystemObjectPermissionsObject currentUserObjectPermission =
ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()";
currentUserObjectPermission.AllowNavigate = true;
currentUserObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(currentUserObjectPermission);
userRole.TypePermissions.Add(userTypePermission);
SecuritySystemTypePermissionObject validatedObjectTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
validatedObjectTypePermission.TargetType = typeof(ValidatedObject);
validatedObjectTypePermission.AllowWrite = true;
validatedObjectTypePermission.AllowNavigate = true;
validatedObjectTypePermission.AllowCreate = true;
validatedObjectTypePermission.AllowDelete = true;
validatedObjectTypePermission.AllowRead = true;
userRole.TypePermissions.Add(validatedObjectTypePermission);
SecuritySystemTypePermissionObject companyTypePermission =
ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
companyTypePermission.TargetType = typeof(Company);
companyTypePermission.AllowRead = true;
userRole.TypePermissions.Add(companyTypePermission);
}
Employee admin = ObjectSpace.CreateObject <Employee>();
admin.UserName = "******";
admin.SetPassword("");
admin.Roles.Add(adminRole);
admin.Save();
Company company1 = ObjectSpace.CreateObject <Company>();
company1.Name = "Company 1";
company1.Employees.Add(admin);
company1.Save();
Employee user = ObjectSpace.CreateObject <Employee>();
user.UserName = "******";
user.SetPassword("");
user.Roles.Add(userRole);
user.Save();
Employee user2 = ObjectSpace.CreateObject <Employee>();
user2.UserName = "******";
user2.SetPassword("");
user2.Roles.Add(userRole);
user2.Save();
Company company2 = ObjectSpace.CreateObject <Company>();
company2.Name = "Company 2";
company2.Employees.Add(user);
company2.Employees.Add(user2);
company2.Save();
}
}
public static SecuritySystemObjectPermissionsObject CreateObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemObjectPermissionsObject> action, bool defaultAllowValues = true)
{
return(AddNewObjectPermission(securitySystemTypePermissionObject, action, defaultAllowValues));
}
//Managers can access and fully edit (including create and delete capabilities) data from their own department. However, they cannot access data from other departments.
private SecuritySystemRole GetManagerRole()
{
SecuritySystemRole managerRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Managers"));
if (managerRole == null)
{
managerRole = ObjectSpace.CreateObject <SecuritySystemRole>();
managerRole.Name = "Managers";
managerRole.ChildRoles.Add(GetUserRole());
SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
departmentTypePermission.TargetType = typeof(Department);
departmentTypePermission.AllowNavigate = true;
managerRole.TypePermissions.Add(departmentTypePermission);
SecuritySystemObjectPermissionsObject canEditOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canEditOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditOwnDepartmentObjectPermission.AllowNavigate = true;
canEditOwnDepartmentObjectPermission.AllowRead = true;
canEditOwnDepartmentObjectPermission.AllowWrite = true;
canEditOwnDepartmentObjectPermission.AllowDelete = true;
canEditOwnDepartmentObjectPermission.Save();
departmentTypePermission.ObjectPermissions.Add(canEditOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject employeeTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
employeeTypePermission.TargetType = typeof(Employee);
employeeTypePermission.AllowNavigate = true;
employeeTypePermission.AllowCreate = true;
managerRole.TypePermissions.Add(employeeTypePermission);
SecuritySystemObjectPermissionsObject canEditEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Employees[Oid=CurrentUserId()]";
//canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("Department")) | new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString();
canEditEmployeesFromOwnDepartmentObjectPermission.AllowWrite = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowDelete = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true;
canEditEmployeesFromOwnDepartmentObjectPermission.AllowRead = true;
canEditEmployeesFromOwnDepartmentObjectPermission.Save();
employeeTypePermission.ObjectPermissions.Add(canEditEmployeesFromOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
taskTypePermission.TargetType = typeof(EmployeeTask);
taskTypePermission.AllowNavigate = true;
taskTypePermission.AllowCreate = true;
managerRole.TypePermissions.Add(taskTypePermission);
SecuritySystemObjectPermissionsObject canEditTasksOnlyFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Employees[Oid=CurrentUserId()]";
//canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("AssignedTo")) | new NullOperator(new OperandProperty("AssignedTo.Department")) | new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString();
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowNavigate = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowRead = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowWrite = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowDelete = true;
canEditTasksOnlyFromOwnDepartmentObjectPermission.Save();
taskTypePermission.ObjectPermissions.Add(canEditTasksOnlyFromOwnDepartmentObjectPermission);
}
return(managerRole);
}
//Users can access and partially edit data (no create and delete capabilities) from their own department.
private SecuritySystemRole GetUserRole()
{
SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users"));
if (userRole == null)
{
userRole = ObjectSpace.CreateObject <SecuritySystemRole>();
userRole.Name = "Users";
SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
userTypePermission.TargetType = typeof(Employee);
userRole.TypePermissions.Add(userTypePermission);
SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true;
canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true;
userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;";
canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()";
canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString();
canEditOwnUserMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission);
SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;";
canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]";
//canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true;
userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission);
SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
roleTypePermission.TargetType = typeof(SecuritySystemRole);
roleTypePermission.AllowRead = true;
userRole.TypePermissions.Add(roleTypePermission);
SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
taskTypePermission.TargetType = typeof(EmployeeTask);
taskTypePermission.AllowNavigate = true;
userRole.TypePermissions.Add(taskTypePermission);
SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditTaskAssociationsMemberPermission.Members = "AssignedTo;";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditTaskAssociationsMemberPermission.AllowWrite = true;
taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission);
SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]";
//canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true;
canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true;
taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission);
SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>();
departmentTypePermission.TargetType = typeof(Department);
userRole.TypePermissions.Add(departmentTypePermission);
SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>();
canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canViewOwnDepartmentObjectPermission.AllowNavigate = true;
canViewOwnDepartmentObjectPermission.AllowRead = true;
canViewOwnDepartmentObjectPermission.Save();
departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission);
SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>();
canEditAssociationsMemberPermission.Members = "Employees;";
canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)";
canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]";
//canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString();
canEditAssociationsMemberPermission.AllowWrite = true;
departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission);
}
return(userRole);
}
