public bool IsAllowed(
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (requestContext == null)
{
Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!");
return(false);
}
if (!requestContext.IsSecurityContextDynamic)
{
isAllowed = IsRequestContextAllowed(CurrentUserSecurityContext.CurrentUserGroupPermissions, requestContext);
}
else
{
AppSecurityContext appSecContext = new AppSecurityContext(AppSecurityContext.StagingDbLcf);
UserSecurityContext dynamicSecContext = UserSecurityContext.GetCurrentUserSecurityContext(appSecContext);
isAllowed = IsRequestContextAllowed(dynamicSecContext.CurrentUserGroupPermissions, requestContext);
}
return(isAllowed);
}
public static UserSecurityContext GetCurrentUserSecurityContext(AppSecurityContext appSecContext)
{
UserSecurityContext currentUserSecContext = new UserSecurityContext(appSecContext.Lcf);
currentUserSecContext.CurrentUser = Authorisation.CurrentUser;
if (currentUserSecContext.CurrentUser != null)
{
currentUserSecContext.CurrentUserGroups = currentUserSecContext.GetUserGroups(currentUserSecContext.CurrentUser);
currentUserSecContext.CurrentUserGroupPermissions = currentUserSecContext.GetUserGroupPermissions(currentUserSecContext.CurrentUserGroups, appSecContext);
}
return(currentUserSecContext);
}
private void Initialise(ConfigurationInfo lcf)
{
if (lcf == null)
{
string msg = "SecureContentWrapper detected NULL LCF in ctor!";
Logger.LogError(5, msg);
throw new Exception(msg);
}
Lcf = lcf;
AppSecContext = new AppSecurityContext(lcf);
if (!IsUsingStagingDB) // If using the staging, then leave CurrentUserSecurityContext null, and late bind it later
{
CurrentUserSecurityContext = UserSecurityContext.GetCurrentUserSecurityContext(AppSecContext);
}
}
public List <GroupPermissions> GetUserGroupPermissions(
List <MGGroup> userGroups,
AppSecurityContext appSecContext)
{
if (userGroups == null)
{
Logger.LogError(5, "Cannot get UserGroupPermissions for NULL userGroups list!");
return(null);
}
List <GroupPermissions> userGroupPermissions = new List <GroupPermissions>();
if (userGroups.Count == 0)
{
Logger.LogWarning("UserGroup List is empty, returning empty UserGroupPermissionsList!");
return(userGroupPermissions);
}
if (appSecContext == null)
{
Logger.LogError(5, "Cannot get UserGroupPermissions with NULL AppSecurityContext!");
return(null);
}
// Store appSecContext.AllGroupPermissions locally so we only read it once from DB.
// TODO: if the Staging database context, read the permissions only for this group.
bool isUsingStagingDb =
(Lcf.DbConInfo.NAME == AppSecurityContext.StagingDbLcf.DbConInfo.NAME);
Dictionary <int, GroupPermissions> allGroupPerms = null;
if (!isUsingStagingDb)
{
allGroupPerms = appSecContext.AllGroupPermissions;
if (allGroupPerms == null)
{
Logger.LogError(5, "Cannot get UserGroupPermissions with NULL AppSecurityContext.AllGroupPermissions!");
return(null);
}
if (allGroupPerms.Count == 0)
{
Logger.LogError(5, "AppSecurityContext.AllGroupPermissions is empty, returning empty UserGroupPermissionsList!");
return(userGroupPermissions);
}
}
GroupPermissions groupPerms = null;
foreach (MGGroup userGroup in userGroups)
{
if (userGroup == null)
{
Logger.LogError(5, "NULL UserGroup detected, skipping it ...");
continue;
}
else if (userGroup.ID < 1)
{
Logger.LogError(5, "Invalid UserGroup.ID detected, skipping it ...");
continue;
}
if (!isUsingStagingDb)
{
if (!allGroupPerms.ContainsKey(userGroup.ID))
{
Logger.LogError(5, "UserGroup.ID " + userGroup.ID + " not present in AppSecurityContext.AllGroupPermissions, skipping it ...");
continue;
}
groupPerms = allGroupPerms[userGroup.ID];
if (groupPerms == null)
{
Logger.LogError(5, "NULL GroupPermissions for userGroup.ID = " + userGroup.ID + " detected, skipping adding it ...");
continue;
}
}
else
{
groupPerms = appSecContext.GetGroupPermissions(userGroup);
}
if (userGroupPermissions.Contains(groupPerms))
{
Logger.LogError(5, "GroupPermissions for userGroup.ID = " + userGroup.ID + " already added, skipping adding it ...");
continue;
}
userGroupPermissions.Add(groupPerms);
}
return(userGroupPermissions);
}
