/// <summary> /// See if user authorized /// </summary> /// <param name="userName"></param> /// <param name="domainName"></param> /// <returns></returns> public static bool IsAuthorized( string userName, string domainName, out UserInfo ui) { bool isAuthorized = false; if (Security.IsSpecialMobiusAccount(userName) || // see if special Mobius system account UAL.DbConnectionMx.NoDatabaseAccessIsAvailable) // or if we aren't accessing any real databases { ui = CreateDefaultMobiusAccountUserInfo(userName); isAuthorized = true; } else if (UseActiveDirectory) // ActiveDirectory is new method { isAuthorized = ActiveDirectoryDao.IsAuthorizedAD(userName, domainName, out ui); } else { isAuthorized = IsAuthorizedOldMethod(userName, domainName, out ui); } if (isAuthorized) { RestrictedDatabaseView v = RestrictedDatabaseView.GetRestrictedViewForUser(userName); if (v != null) { ui.RestrictedViewUsers = v.Userids; ui.RestrictedViewAllowedMetaTables = v.MetaTables; ui.RestrictedViewAllowedCorpIds = v.CorpIds; } ui.GenerallyRestrictedMetatables = RestrictedMetatable.GetUsersGenerallyRestrictedMetatables(userName, domainName); } return(isAuthorized); }
/// <summary> /// Do initial read of the list of restricted metatables and determine which metatables are restricted to the current user. /// </summary> public static HashSet <string> GetUsersGenerallyRestrictedMetatables(string userName, string domainName) { StreamReader sr; HashSet <string> generallyRestrictedMetatables = new HashSet <string>(); bool metatableRestrictionsActive = ServicesIniFile.ReadBool("UseGenerallyRestrictedMetatables", false); if (!metatableRestrictionsActive) { return(null); } string dirName = ServicesDirs.MetaDataDir + @"\RestrictedMetatables"; if (!Directory.Exists(dirName)) { return(null); } string fileName = dirName + @"\GenerallyRestrictedMetatables.txt"; if (!File.Exists(fileName)) { return(null); } try { sr = new StreamReader(fileName); } catch (Exception ex) { return(null); } List <string> userADGroups = ActiveDirectoryDao.GetGroupCommonNamesUserIsMemberOf(userName, domainName, false); while (true) { string txt = sr.ReadLine(); if (txt == null) { break; } if (Lex.IsUndefined(txt) || txt.StartsWith(";")) { continue; } string restrictedMetatableName = txt.Trim().ToUpper(); if (!generallyRestrictedMetatables.Contains(restrictedMetatableName)) { if (IsGenerallyRestrictedMetatable(restrictedMetatableName, userName, userADGroups)) { generallyRestrictedMetatables.Add(restrictedMetatableName); } } } sr.Close(); return(generallyRestrictedMetatables.Count > 0 ? generallyRestrictedMetatables : null); }