/// <summary>
/// Checks if the CurrentUser is allowed to access the specified theme in the requested context.
/// </summary>
/// <param name="theme">The theme access is being requested for.</param>
/// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
Theme theme,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (theme == null)
{
Logger.LogError(5, "Access to a NULL Theme cannot be allowed!");
return(false);
}
List <GroupPermissions> contentAllowedGroups = null;
isAllowed =
IsContentAccessAllowed(theme.Dlt_ID, SecureRequestContext.ContentType.THEME, out contentAllowedGroups);
if (isAllowed)
{
isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
}
return(isAllowed);
}
public bool IsAllowed(
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (requestContext == null)
{
Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!");
return(false);
}
if (!requestContext.IsSecurityContextDynamic)
{
isAllowed = IsRequestContextAllowed(CurrentUserSecurityContext.CurrentUserGroupPermissions, requestContext);
}
else
{
AppSecurityContext appSecContext = new AppSecurityContext(AppSecurityContext.StagingDbLcf);
UserSecurityContext dynamicSecContext = UserSecurityContext.GetCurrentUserSecurityContext(appSecContext);
isAllowed = IsRequestContextAllowed(dynamicSecContext.CurrentUserGroupPermissions, requestContext);
}
return(isAllowed);
}
/// <summary>
/// Checks if the CurrentUser is allowed to access the specified layergroup in the requested context.
/// </summary>
/// <param name="layerGroup">The layerGroup access is being requested for.</param>
/// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
LayerGroup layerGroup,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (layerGroup == null)
{
Logger.LogError(5, "Access to a NULL layerGroup cannot be allowed!");
return(false);
}
List <GroupPermissions> contentAllowedGroups = null;
isAllowed =
IsContentAccessAllowed(layerGroup.LayerGroup_ID, SecureRequestContext.ContentType.STAT_LAYER_GROUP, out contentAllowedGroups);
if (isAllowed)
{
isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
}
return(isAllowed);
}
/// <summary>
/// Checks if the CurrentUser is allowed to access the specified facility group in the requested context.
/// </summary>
/// <param name="stat">The facility group access is being requested for.</param>
/// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
FacilityGroup fac,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (fac == null)
{
Logger.LogError(5, "Access to a NULL facilityGroup cannot be allowed!");
return(false);
}
List <GroupPermissions> contentAllowedGroups = null;
isAllowed =
IsContentAccessAllowed(fac.Dlf_ID, SecureRequestContext.ContentType.FACILITY_GROUP, out contentAllowedGroups);
if (isAllowed)
{
isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
}
return(isAllowed);
}
/// <summary>
/// Filters the supplied list of theme objects returning a list of only those
/// statistics that are allowed by the security context.
/// Other descriptions of content (e.g. ThemeMenuNode) can be translated (into Theme for example) using the ContentIdentityTranslator class.
/// </summary>
/// <param name="themes">A list of Theme objects to check access is allowed to.</param>
/// <param name="reqContext">The context within which the request is being.</param>
/// <returns>A list of only those themes that are allowed by the security context.</returns>
public List <Theme> GetAllowed(
List <Theme> themes,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(themes);
}
List <Theme> allowedThemes = null;
if (themes == null)
{
Logger.LogError(5, "Cannot filter a NULL list of Themes!");
return(null);
}
else if (themes.Count == 0)
{
// Logger.LogWarning("Cannot filter an empty list of Themes!");
return(themes);
}
allowedThemes = new List <Theme>();
foreach (Theme theme in themes)
{
if (IsAllowed(theme, requestContext))
{
allowedThemes.Add(theme);
}
}
return(allowedThemes);
}
/// <summary>
/// Checks if the CurrentUser is allowed to access the specified report in the requested context.
/// </summary>
/// <param name="report">The report access is being requested for.</param>
/// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
Report report,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (report == null)
{
Logger.LogError(5, "Access to a NULL report cannot be allowed!");
return(false);
}
List <GroupPermissions> contentAllowedGroups = null;
isAllowed =
IsContentAccessAllowed(report.Report_ID, SecureRequestContext.ContentType.REPORT, out contentAllowedGroups);
if (isAllowed)
{
isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
}
return(isAllowed);
}
/// <summary>
/// Filters the supplied list of facility group objects returning a list of only those
/// statistics that are allowed by the security context.
/// Other descriptions of content (e.g. cg_facility_desciption) can be translated (into FacilityGroup for example) using the ContentIdentityTranslator class.
/// </summary>
/// <param name="statDescs">A list of FacilityGroup objects to check access is allowed to.</param>
/// <param name="reqContext">The context within which the request is being.</param>
/// <returns>A list of only those statistics that are allowed by the security context.</returns>
public List <FacilityGroup> GetAllowed(
List <FacilityGroup> facilityGroups,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(facilityGroups);
}
List <FacilityGroup> allowedFacilityGroups = null;
if (facilityGroups == null)
{
Logger.LogError(5, "Cannot filter a NULL list of facilityGroups!");
return(null);
}
else if (facilityGroups.Count == 0)
{
// Logger.LogWarning("Cannot filter an empty list of facilityGroups!");
return(facilityGroups);
}
allowedFacilityGroups = new List <FacilityGroup>();
foreach (FacilityGroup facilityGroup in facilityGroups)
{
if (IsAllowed(facilityGroup, requestContext))
{
allowedFacilityGroups.Add(facilityGroup);
}
}
return(allowedFacilityGroups);
}
public List <Report> GetAllowed(
List <Report> reports,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(reports);
}
List <Report> allowedReports = null;
if (reports == null)
{
Logger.LogError(5, "Cannot filter a NULL list of reports!");
return(reports);
}
else if (reports.Count == 0)
{
// Logger.LogWarning("Cannot filter an empty list of reports!");
return(reports);
}
allowedReports = new List <Report>();
foreach (Report report in reports)
{
if (IsAllowed(report, requestContext))
{
allowedReports.Add(report);
}
}
return(allowedReports);
}
/// <summary>
/// Filters the supplied list of GeogType/StatLayer Pair objects returning a list of only those
/// statistics that are allowed by the security context.
/// Other descriptions of content (e.g. cg_statistic_desciption) can be translated (into GeogTypeStatLayerPair for example) using the ContentIdentityTranslator class.
/// </summary>
/// <param name="statDescs">A list of statistic objects to check access is allowed to.</param>
/// <param name="reqContext">The context within which the request is being.</param>
/// <returns>A list of only those statistics that are allowed by the security context.</returns>
public List <GeogTypeStatLayerPair> GetAllowed(
List <GeogTypeStatLayerPair> statDescs,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(statDescs);
}
List <GeogTypeStatLayerPair> allowedStatDescs = null;
if (statDescs == null)
{
Logger.LogError(5, "Cannot filter a NULL list of stat descs!");
return(null);
}
else if (statDescs.Count == 0)
{
// Logger.LogWarning("Cannot filter an empty list of stat descs!");
return(statDescs);
}
allowedStatDescs = new List <GeogTypeStatLayerPair>();
foreach (GeogTypeStatLayerPair stat in statDescs)
{
if (IsAllowed(stat, requestContext))
{
allowedStatDescs.Add(stat);
}
}
return(allowedStatDescs);
}
//public bool IsAllowed(
// ZoomLevelInformation zli)
//{
// SecureRequestContext requestContext = new SecureRequestContext(SecureRequestContext.DisplayType.MAP);
// return IsAllowed(zli, requestContext);
//}
//public bool IsAllowed(
// ZoomLevelInformation zli,
// SecureRequestContext requestContext)
//{
// bool isAllowed = false;
// try
// {
// if (AppSecContext.ZoomLevelIdGeoTypeIdLookup == null ||
// AppSecContext.ZoomLevelIdGeoTypeIdLookup.Count < 1)
// {
// Logger.LogError("Cannot check if ZoomLevelInformation is allowed as ZoomLevelIdGeoTypeIdLookup is NULL or empty!");
// return false;
// }
// // 1. Get the dlg_ID from the application cache using the ZoomLevelInformation.ID:
// if (!AppSecContext.ZoomLevelIdGeoTypeIdLookup.ContainsKey(zli.ID))
// {
// // This zoom level is not in the dl_geographies table and therefore is not secured and not securable.
// return true;
// }
// // 2. Check if the dlg_ID access is allowed:
// GeogTypeStatLayerPair geogType = new GeogTypeStatLayerPair();
// geogType.GeogTypeID = AppSecContext.ZoomLevelIdGeoTypeIdLookup[zli.ID];
// geogType.IsGeogTypeOnly = true;
// isAllowed = IsAllowed(geogType, requestContext);
// }
// catch (Exception ex)
// {
// Logger.LogError("Problem checking if requested ZoomLevelInformation (ID = " + zli.ID + ") is allowed at " + ex);
// isAllowed = false;
// }
// return isAllowed;
//}
/// <summary>
/// Checks if the CurrentUser is allowed to access the specified statistic (layer and geography type) in the requested context.
/// </summary>
/// <param name="stat">The statistic access is being requested for.</param>
/// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
GeogTypeStatLayerPair stat,
SecureRequestContext requestContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (stat == null)
{
Logger.LogError(5, "Access to a NULL stat desc cannot be allowed!");
return(false);
}
List <GroupPermissions> allowedGeoUserGroups = null;
List <GroupPermissions> allowedLayerGroups = null;
isAllowed =
(stat.IsStatLayerOnly || IsContentAccessAllowed(stat.GeogTypeID, SecureRequestContext.ContentType.GEO_LAYER, out allowedGeoUserGroups)) &&
(stat.IsGeogTypeOnly || IsContentAccessAllowed(stat.StatLayerID, SecureRequestContext.ContentType.STAT_LAYER, out allowedLayerGroups));
if (isAllowed)
{
if (stat.IsStatLayerOnly && allowedLayerGroups != null && allowedLayerGroups.Count > 0)
{
isAllowed = IsRequestContextAllowed(allowedLayerGroups, requestContext);
}
else if (stat.IsGeogTypeOnly && allowedGeoUserGroups != null && allowedGeoUserGroups.Count > 0)
{
isAllowed = IsRequestContextAllowed(allowedGeoUserGroups, requestContext);
}
else if (!stat.IsStatLayerOnly && !stat.IsGeogTypeOnly)
{
List <GroupPermissions> contentAllowedGroups = GetUserGroupsInCommon(allowedGeoUserGroups, allowedLayerGroups);
if (contentAllowedGroups == null || contentAllowedGroups.Count == 0)
{
isAllowed = false;
}
else
{
isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext);
}
}
}
return(isAllowed);
}
public bool IsRequestContextAllowed(
List <GroupPermissions> contentAllowedGroups,
SecureRequestContext requestContext)
{
bool isRequestContextAllowed = false;
if (!requestContext.IsSpecified)
{ // If this is a request that has no security context at all, allow it.
return(true);
}
if (contentAllowedGroups == null || contentAllowedGroups.Count == 0)
{
return(false);
}
if (requestContext == null)
{
return(false);
}
foreach (GroupPermissions group in contentAllowedGroups)
{
bool displayModeAllowed = false;
// TODO: change this to work like the functionality below:
if (requestContext.DisplayMode == SecureRequestContext.DisplayType.UNKNOWN ||
IsContained(group.GroupDisplayPermissions, requestContext.DisplayMode))
{
displayModeAllowed = true;
}
bool functionalityAllowed = false;
if (requestContext.Functionality == SecureRequestContext.FunctionalityType.UNKNOWN ||
IsContained(group.GroupFunctionPermissions, requestContext.Functionality))
{
functionalityAllowed = true;
}
if (displayModeAllowed && functionalityAllowed)
{
isRequestContextAllowed = true;
break;
}
}
return(isRequestContextAllowed);
}
/// <summary>
/// Checks if the CurrentUser is allowed the requested context.
/// </summary>
/// <param name="requestContext">The request context access is being checked for.</param>
/// <returns>True, if the request is allowed, false otherwise.</returns>
public bool IsAllowed(
SecureRequestContext requestContext,
UserSecurityContext secContext)
{
if (!IsUseSecurityRules)
{
return(true);
}
bool isAllowed = false;
if (requestContext == null)
{
Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!");
return(false);
}
isAllowed = IsRequestContextAllowed(secContext.CurrentUserGroupPermissions, requestContext);
return(isAllowed);
}
