public bool IsAllowed( SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (requestContext == null) { Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!"); return(false); } if (!requestContext.IsSecurityContextDynamic) { isAllowed = IsRequestContextAllowed(CurrentUserSecurityContext.CurrentUserGroupPermissions, requestContext); } else { AppSecurityContext appSecContext = new AppSecurityContext(AppSecurityContext.StagingDbLcf); UserSecurityContext dynamicSecContext = UserSecurityContext.GetCurrentUserSecurityContext(appSecContext); isAllowed = IsRequestContextAllowed(dynamicSecContext.CurrentUserGroupPermissions, requestContext); } return(isAllowed); }
public static UserSecurityContext GetCurrentUserSecurityContext(AppSecurityContext appSecContext) { UserSecurityContext currentUserSecContext = new UserSecurityContext(appSecContext.Lcf); currentUserSecContext.CurrentUser = Authorisation.CurrentUser; if (currentUserSecContext.CurrentUser != null) { currentUserSecContext.CurrentUserGroups = currentUserSecContext.GetUserGroups(currentUserSecContext.CurrentUser); currentUserSecContext.CurrentUserGroupPermissions = currentUserSecContext.GetUserGroupPermissions(currentUserSecContext.CurrentUserGroups, appSecContext); } return(currentUserSecContext); }
private void Initialise(ConfigurationInfo lcf) { if (lcf == null) { string msg = "SecureContentWrapper detected NULL LCF in ctor!"; Logger.LogError(5, msg); throw new Exception(msg); } Lcf = lcf; AppSecContext = new AppSecurityContext(lcf); if (!IsUsingStagingDB) // If using the staging, then leave CurrentUserSecurityContext null, and late bind it later { CurrentUserSecurityContext = UserSecurityContext.GetCurrentUserSecurityContext(AppSecContext); } }
public List <GroupPermissions> GetUserGroupPermissions( List <MGGroup> userGroups, AppSecurityContext appSecContext) { if (userGroups == null) { Logger.LogError(5, "Cannot get UserGroupPermissions for NULL userGroups list!"); return(null); } List <GroupPermissions> userGroupPermissions = new List <GroupPermissions>(); if (userGroups.Count == 0) { Logger.LogWarning("UserGroup List is empty, returning empty UserGroupPermissionsList!"); return(userGroupPermissions); } if (appSecContext == null) { Logger.LogError(5, "Cannot get UserGroupPermissions with NULL AppSecurityContext!"); return(null); } // Store appSecContext.AllGroupPermissions locally so we only read it once from DB. // TODO: if the Staging database context, read the permissions only for this group. bool isUsingStagingDb = (Lcf.DbConInfo.NAME == AppSecurityContext.StagingDbLcf.DbConInfo.NAME); Dictionary <int, GroupPermissions> allGroupPerms = null; if (!isUsingStagingDb) { allGroupPerms = appSecContext.AllGroupPermissions; if (allGroupPerms == null) { Logger.LogError(5, "Cannot get UserGroupPermissions with NULL AppSecurityContext.AllGroupPermissions!"); return(null); } if (allGroupPerms.Count == 0) { Logger.LogError(5, "AppSecurityContext.AllGroupPermissions is empty, returning empty UserGroupPermissionsList!"); return(userGroupPermissions); } } GroupPermissions groupPerms = null; foreach (MGGroup userGroup in userGroups) { if (userGroup == null) { Logger.LogError(5, "NULL UserGroup detected, skipping it ..."); continue; } else if (userGroup.ID < 1) { Logger.LogError(5, "Invalid UserGroup.ID detected, skipping it ..."); continue; } if (!isUsingStagingDb) { if (!allGroupPerms.ContainsKey(userGroup.ID)) { Logger.LogError(5, "UserGroup.ID " + userGroup.ID + " not present in AppSecurityContext.AllGroupPermissions, skipping it ..."); continue; } groupPerms = allGroupPerms[userGroup.ID]; if (groupPerms == null) { Logger.LogError(5, "NULL GroupPermissions for userGroup.ID = " + userGroup.ID + " detected, skipping adding it ..."); continue; } } else { groupPerms = appSecContext.GetGroupPermissions(userGroup); } if (userGroupPermissions.Contains(groupPerms)) { Logger.LogError(5, "GroupPermissions for userGroup.ID = " + userGroup.ID + " already added, skipping adding it ..."); continue; } userGroupPermissions.Add(groupPerms); } return(userGroupPermissions); }