/// <summary> /// Resolves the permissions. /// </summary> /// <param name="scope">The scope.</param> /// <param name="recordSet">The record set.</param> /// <param name="sids">The sids.</param> /// <returns></returns> private static PermissionRecord ResolvePermissions(string scope, PermissionRecordSet recordSet, string[] sids) { //string[] roles = ProfileContext.Current.GetRolesForUser(); PermissionRecord returnPR = new PermissionRecord(); PermissionRecord pr = null; if (sids != null) { foreach (string sid in sids) { pr = recordSet[PermissionHelper.CreatePermissionKey(scope, sid)]; if (pr != null) { returnPR.Merge(pr); } } } return(returnPR); }
/// <summary> /// Checks the anonymous. /// </summary> /// <param name="scope">The scope.</param> /// <param name="permission">The permission.</param> /// <param name="recordSet">The record set.</param> /// <returns></returns> private static bool CheckAnonymous(string scope, Permission permission, PermissionRecordSet recordSet) { return(true); }
/// <summary> /// Checks permissions in the following order: /// 1. Check permissions for the organization active user belongs to. /// 2. Check permissions for the role user belongs to. /// 3. Check permissions for the user himself. /// /// The later check overrides the previous one if permission is explicitely defined. /// </summary> /// <param name="scope"></param> /// <param name="permission"></param> /// <param name="recordSet"></param> /// <returns></returns> public static bool CheckPermission(string scope, Permission permission, PermissionRecordSet recordSet) { bool allow = true; PermissionRecord permissionRecord = null; // Administrator has unlimited access rights if (Roles.IsUserInRole("Administrator")) { return(true); } //return true; // for development return true always // Step 1: check organization CustomerProfile profile = ProfileContext.Current.Profile; if (profile != null) { // check if user is anonymous, if so just check roles if (profile.IsAnonymous) { return(CheckAnonymous(scope, permission, recordSet)); //string[] roles = ProfileContext.Current.GetRolesForUser(); } Account account = profile.Account; if (account == null) // if no account exists, continue to check as if user is anonymous { return(CheckAnonymous(scope, permission, recordSet)); } permissionRecord = ResolvePermissions(scope, recordSet, new string[1] { account.Organization.PrincipalId.ToString() }); if (permissionRecord != null) { allow = permissionRecord.GetBit(permission); } } // Step 2: check roles string[] roles = ProfileContext.Current.GetRolesForUser(); if (roles != null) { permissionRecord = ResolvePermissions(scope, recordSet, roles); if (permissionRecord != null) { allow = permissionRecord.GetBit(permission); } } // Step 3: check user permissionRecord = ResolvePermissions(scope, recordSet, new string[1] { ProfileContext.Current.UserId.ToString() }); if (permissionRecord != null) { allow = permissionRecord.GetBit(permission); } //ProfileContext.Current.GetAccount() return(allow); }