/// <summary> /// Checks if the CurrentUser is allowed to access the specified theme in the requested context. /// </summary> /// <param name="theme">The theme access is being requested for.</param> /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( Theme theme, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (theme == null) { Logger.LogError(5, "Access to a NULL Theme cannot be allowed!"); return(false); } List <GroupPermissions> contentAllowedGroups = null; isAllowed = IsContentAccessAllowed(theme.Dlt_ID, SecureRequestContext.ContentType.THEME, out contentAllowedGroups); if (isAllowed) { isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext); } return(isAllowed); }
public bool IsAllowed( SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (requestContext == null) { Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!"); return(false); } if (!requestContext.IsSecurityContextDynamic) { isAllowed = IsRequestContextAllowed(CurrentUserSecurityContext.CurrentUserGroupPermissions, requestContext); } else { AppSecurityContext appSecContext = new AppSecurityContext(AppSecurityContext.StagingDbLcf); UserSecurityContext dynamicSecContext = UserSecurityContext.GetCurrentUserSecurityContext(appSecContext); isAllowed = IsRequestContextAllowed(dynamicSecContext.CurrentUserGroupPermissions, requestContext); } return(isAllowed); }
/// <summary> /// Checks if the CurrentUser is allowed to access the specified layergroup in the requested context. /// </summary> /// <param name="layerGroup">The layerGroup access is being requested for.</param> /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( LayerGroup layerGroup, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (layerGroup == null) { Logger.LogError(5, "Access to a NULL layerGroup cannot be allowed!"); return(false); } List <GroupPermissions> contentAllowedGroups = null; isAllowed = IsContentAccessAllowed(layerGroup.LayerGroup_ID, SecureRequestContext.ContentType.STAT_LAYER_GROUP, out contentAllowedGroups); if (isAllowed) { isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext); } return(isAllowed); }
/// <summary> /// Checks if the CurrentUser is allowed to access the specified facility group in the requested context. /// </summary> /// <param name="stat">The facility group access is being requested for.</param> /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( FacilityGroup fac, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (fac == null) { Logger.LogError(5, "Access to a NULL facilityGroup cannot be allowed!"); return(false); } List <GroupPermissions> contentAllowedGroups = null; isAllowed = IsContentAccessAllowed(fac.Dlf_ID, SecureRequestContext.ContentType.FACILITY_GROUP, out contentAllowedGroups); if (isAllowed) { isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext); } return(isAllowed); }
/// <summary> /// Filters the supplied list of theme objects returning a list of only those /// statistics that are allowed by the security context. /// Other descriptions of content (e.g. ThemeMenuNode) can be translated (into Theme for example) using the ContentIdentityTranslator class. /// </summary> /// <param name="themes">A list of Theme objects to check access is allowed to.</param> /// <param name="reqContext">The context within which the request is being.</param> /// <returns>A list of only those themes that are allowed by the security context.</returns> public List <Theme> GetAllowed( List <Theme> themes, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(themes); } List <Theme> allowedThemes = null; if (themes == null) { Logger.LogError(5, "Cannot filter a NULL list of Themes!"); return(null); } else if (themes.Count == 0) { // Logger.LogWarning("Cannot filter an empty list of Themes!"); return(themes); } allowedThemes = new List <Theme>(); foreach (Theme theme in themes) { if (IsAllowed(theme, requestContext)) { allowedThemes.Add(theme); } } return(allowedThemes); }
/// <summary> /// Checks if the CurrentUser is allowed to access the specified report in the requested context. /// </summary> /// <param name="report">The report access is being requested for.</param> /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( Report report, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (report == null) { Logger.LogError(5, "Access to a NULL report cannot be allowed!"); return(false); } List <GroupPermissions> contentAllowedGroups = null; isAllowed = IsContentAccessAllowed(report.Report_ID, SecureRequestContext.ContentType.REPORT, out contentAllowedGroups); if (isAllowed) { isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext); } return(isAllowed); }
/// <summary> /// Filters the supplied list of facility group objects returning a list of only those /// statistics that are allowed by the security context. /// Other descriptions of content (e.g. cg_facility_desciption) can be translated (into FacilityGroup for example) using the ContentIdentityTranslator class. /// </summary> /// <param name="statDescs">A list of FacilityGroup objects to check access is allowed to.</param> /// <param name="reqContext">The context within which the request is being.</param> /// <returns>A list of only those statistics that are allowed by the security context.</returns> public List <FacilityGroup> GetAllowed( List <FacilityGroup> facilityGroups, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(facilityGroups); } List <FacilityGroup> allowedFacilityGroups = null; if (facilityGroups == null) { Logger.LogError(5, "Cannot filter a NULL list of facilityGroups!"); return(null); } else if (facilityGroups.Count == 0) { // Logger.LogWarning("Cannot filter an empty list of facilityGroups!"); return(facilityGroups); } allowedFacilityGroups = new List <FacilityGroup>(); foreach (FacilityGroup facilityGroup in facilityGroups) { if (IsAllowed(facilityGroup, requestContext)) { allowedFacilityGroups.Add(facilityGroup); } } return(allowedFacilityGroups); }
public List <Report> GetAllowed( List <Report> reports, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(reports); } List <Report> allowedReports = null; if (reports == null) { Logger.LogError(5, "Cannot filter a NULL list of reports!"); return(reports); } else if (reports.Count == 0) { // Logger.LogWarning("Cannot filter an empty list of reports!"); return(reports); } allowedReports = new List <Report>(); foreach (Report report in reports) { if (IsAllowed(report, requestContext)) { allowedReports.Add(report); } } return(allowedReports); }
/// <summary> /// Filters the supplied list of GeogType/StatLayer Pair objects returning a list of only those /// statistics that are allowed by the security context. /// Other descriptions of content (e.g. cg_statistic_desciption) can be translated (into GeogTypeStatLayerPair for example) using the ContentIdentityTranslator class. /// </summary> /// <param name="statDescs">A list of statistic objects to check access is allowed to.</param> /// <param name="reqContext">The context within which the request is being.</param> /// <returns>A list of only those statistics that are allowed by the security context.</returns> public List <GeogTypeStatLayerPair> GetAllowed( List <GeogTypeStatLayerPair> statDescs, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(statDescs); } List <GeogTypeStatLayerPair> allowedStatDescs = null; if (statDescs == null) { Logger.LogError(5, "Cannot filter a NULL list of stat descs!"); return(null); } else if (statDescs.Count == 0) { // Logger.LogWarning("Cannot filter an empty list of stat descs!"); return(statDescs); } allowedStatDescs = new List <GeogTypeStatLayerPair>(); foreach (GeogTypeStatLayerPair stat in statDescs) { if (IsAllowed(stat, requestContext)) { allowedStatDescs.Add(stat); } } return(allowedStatDescs); }
//public bool IsAllowed( // ZoomLevelInformation zli) //{ // SecureRequestContext requestContext = new SecureRequestContext(SecureRequestContext.DisplayType.MAP); // return IsAllowed(zli, requestContext); //} //public bool IsAllowed( // ZoomLevelInformation zli, // SecureRequestContext requestContext) //{ // bool isAllowed = false; // try // { // if (AppSecContext.ZoomLevelIdGeoTypeIdLookup == null || // AppSecContext.ZoomLevelIdGeoTypeIdLookup.Count < 1) // { // Logger.LogError("Cannot check if ZoomLevelInformation is allowed as ZoomLevelIdGeoTypeIdLookup is NULL or empty!"); // return false; // } // // 1. Get the dlg_ID from the application cache using the ZoomLevelInformation.ID: // if (!AppSecContext.ZoomLevelIdGeoTypeIdLookup.ContainsKey(zli.ID)) // { // // This zoom level is not in the dl_geographies table and therefore is not secured and not securable. // return true; // } // // 2. Check if the dlg_ID access is allowed: // GeogTypeStatLayerPair geogType = new GeogTypeStatLayerPair(); // geogType.GeogTypeID = AppSecContext.ZoomLevelIdGeoTypeIdLookup[zli.ID]; // geogType.IsGeogTypeOnly = true; // isAllowed = IsAllowed(geogType, requestContext); // } // catch (Exception ex) // { // Logger.LogError("Problem checking if requested ZoomLevelInformation (ID = " + zli.ID + ") is allowed at " + ex); // isAllowed = false; // } // return isAllowed; //} /// <summary> /// Checks if the CurrentUser is allowed to access the specified statistic (layer and geography type) in the requested context. /// </summary> /// <param name="stat">The statistic access is being requested for.</param> /// <param name="requestContext">The context of the access request (how the result will be displayed and where)</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( GeogTypeStatLayerPair stat, SecureRequestContext requestContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (stat == null) { Logger.LogError(5, "Access to a NULL stat desc cannot be allowed!"); return(false); } List <GroupPermissions> allowedGeoUserGroups = null; List <GroupPermissions> allowedLayerGroups = null; isAllowed = (stat.IsStatLayerOnly || IsContentAccessAllowed(stat.GeogTypeID, SecureRequestContext.ContentType.GEO_LAYER, out allowedGeoUserGroups)) && (stat.IsGeogTypeOnly || IsContentAccessAllowed(stat.StatLayerID, SecureRequestContext.ContentType.STAT_LAYER, out allowedLayerGroups)); if (isAllowed) { if (stat.IsStatLayerOnly && allowedLayerGroups != null && allowedLayerGroups.Count > 0) { isAllowed = IsRequestContextAllowed(allowedLayerGroups, requestContext); } else if (stat.IsGeogTypeOnly && allowedGeoUserGroups != null && allowedGeoUserGroups.Count > 0) { isAllowed = IsRequestContextAllowed(allowedGeoUserGroups, requestContext); } else if (!stat.IsStatLayerOnly && !stat.IsGeogTypeOnly) { List <GroupPermissions> contentAllowedGroups = GetUserGroupsInCommon(allowedGeoUserGroups, allowedLayerGroups); if (contentAllowedGroups == null || contentAllowedGroups.Count == 0) { isAllowed = false; } else { isAllowed = IsRequestContextAllowed(contentAllowedGroups, requestContext); } } } return(isAllowed); }
public bool IsRequestContextAllowed( List <GroupPermissions> contentAllowedGroups, SecureRequestContext requestContext) { bool isRequestContextAllowed = false; if (!requestContext.IsSpecified) { // If this is a request that has no security context at all, allow it. return(true); } if (contentAllowedGroups == null || contentAllowedGroups.Count == 0) { return(false); } if (requestContext == null) { return(false); } foreach (GroupPermissions group in contentAllowedGroups) { bool displayModeAllowed = false; // TODO: change this to work like the functionality below: if (requestContext.DisplayMode == SecureRequestContext.DisplayType.UNKNOWN || IsContained(group.GroupDisplayPermissions, requestContext.DisplayMode)) { displayModeAllowed = true; } bool functionalityAllowed = false; if (requestContext.Functionality == SecureRequestContext.FunctionalityType.UNKNOWN || IsContained(group.GroupFunctionPermissions, requestContext.Functionality)) { functionalityAllowed = true; } if (displayModeAllowed && functionalityAllowed) { isRequestContextAllowed = true; break; } } return(isRequestContextAllowed); }
/// <summary> /// Checks if the CurrentUser is allowed the requested context. /// </summary> /// <param name="requestContext">The request context access is being checked for.</param> /// <returns>True, if the request is allowed, false otherwise.</returns> public bool IsAllowed( SecureRequestContext requestContext, UserSecurityContext secContext) { if (!IsUseSecurityRules) { return(true); } bool isAllowed = false; if (requestContext == null) { Logger.LogError(5, "Access to a NULL SecureRequestContext cannot be allowed!"); return(false); } isAllowed = IsRequestContextAllowed(secContext.CurrentUserGroupPermissions, requestContext); return(isAllowed); }