/***************************** Context **************************/
/// <summary>
/// Creates a new instance of the SecurityContext using the passed user instance and the SecuritySystem.
/// </summary>
public SecurityContext(ISecurityUser currentUser, SecuritySystem securitySystem)
{
CurrentUser = currentUser;
SecuritySystem = securitySystem;
Evaluator = new PermissionEvaluator(this);
_permissionQuery = SecuritySystem.PermissionQuery;
}
internal PermissionEvaluator(SecurityContext securityContext)
{
_securityContext = securityContext;
_cache = securityContext.SecuritySystem.Cache;
_entityManager = securityContext.SecuritySystem.EntityManager;
_permissionQuery = securityContext.SecuritySystem.PermissionQuery;
var config = securityContext.SecuritySystem.Configuration;
_systemUserId = config.SystemUserId;
_visitorUserId = config.VisitorUserId;
_everyoneGroupId = config.EveryoneGroupId;
_ownerGroupId = config.OwnerGroupId;
}
private IEnumerable <int> FlattenDynamicGroups(IEnumerable <int> extension)
{
var flattened = new List <int>();
foreach (var groupId in extension)
{
if (!flattened.Contains(groupId))
{
flattened.Add(groupId);
}
foreach (var id in PermissionQuery.GetParentGroups(_securityContext, groupId, false))
{
if (!flattened.Contains(id))
{
flattened.Add(id);
}
}
}
return(flattened);
}
public void Start()
{
GeneralSecurityContext = null;
// The message provider must receive ongoing activities at this time.
StartedAt = DateTime.UtcNow;
var uncompleted = DataHandler.LoadCompletionState(out var lastActivityIdFromDb);
PermissionTypeBase.InferForcedRelations();
using (var op = SnTrace.Security.StartOperation("Security initial loading."))
{
var cache = new SecurityCache(DataHandler);
cache.Initialize();
Cache = cache;
op.Successful = true;
}
EntityManager = new SecurityEntityManager(Cache, DataHandler, MissingEntityHandler);
Cache.EntityManager = EntityManager; // Property injection
DataHandler.EntityManager = EntityManager; // Property injection
PermissionQuery = new PermissionQuery(EntityManager, Cache);
CommunicationMonitor = new CommunicationMonitor(DataHandler, Options.Create(MessagingOptions));
GeneralSecurityContext = new SecurityContext(SystemUser, this);
SecurityActivityQueue = new SecurityActivityQueue(this, CommunicationMonitor, DataHandler, ActivityHistory);
SecurityActivityQueue.Startup(uncompleted, lastActivityIdFromDb);
ActivityHistory.SecurityActivityQueue = SecurityActivityQueue; // Property injection
MessageProvider.MessageReceived += MessageProvider_MessageReceived;
MessageProvider.Initialize();
MessageProvider.Start(StartedAt);
_killed = false;
}
/// <summary>
/// Returns Ids of all groups where the given user or group is member directly or indirectly.
/// </summary>
/// <param name="identityId">Id of the group or user.</param>
/// <param name="directOnly">Switch of the direct or indirect membership.</param>
protected IEnumerable <int> GetParentGroups(int identityId, bool directOnly)
{
return(PermissionQuery.GetParentGroups(this, identityId, directOnly));
}
/// <summary>
/// Returns Ids of all users that have all given permission on the entity.
/// User will be resulted even if the permissions are granted on a group where she is member directly or indirectly.
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="permissions">Only those users appear in the output that have permission settings in connection with the given permissions.</param>
protected IEnumerable <int> GetAllowedUsers(int entityId, IEnumerable <PermissionTypeBase> permissions)
{
return(PermissionQuery.GetAllowedUsers(this, entityId, permissions));
}
/// <summary>
/// Returns all entity ids in the requested entity's direct children that have any permission setting
/// filtered by permission value, user or group, and a permission mask
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
/// <param name="identityId">Id of the group or user.</param>
/// <param name="permissions">Only those entities appear in the output that have permission settings in connection with the given permissions.</param>
protected IEnumerable <int> GetRelatedEntitiesOneLevel(int entityId, PermissionLevel level, int identityId, IEnumerable <PermissionTypeBase> permissions)
{
return(PermissionQuery.GetRelatedEntitiesOneLevel(this, entityId, level, identityId, permissions));
}
/// <summary>
/// Returns all entity ids in the requested entity's subtree that have any permission setting
/// filtered by permission value, user or group, and a permission mask
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
/// <param name="explicitOnly">Filter parameter for future use only. The currently allowed value is true.</param>
/// <param name="identityId">Id of the group or user.</param>
/// <param name="permissions">Only those entities appear in the output that have permission settings in connection with the given permissions.</param>
protected IEnumerable <int> GetRelatedEntities(int entityId, PermissionLevel level, bool explicitOnly, int identityId, IEnumerable <PermissionTypeBase> permissions)
{
return(PermissionQuery.GetRelatedEntities(this, entityId, level, explicitOnly, identityId, permissions));
}
/// <summary>
/// Collects all permission settings on the given entity and its subtree related to the specified user or group.
/// Output is grouped by permission types and can be filtered by the permission value.
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
/// <param name="explicitOnly">Filter parameter for future use only. Allowed value is true.</param>
/// <param name="identityId">Id of the group or user.</param>
/// <param name="isEnabled">Filter method that can enable or disable any entity.</param>
protected Dictionary <PermissionTypeBase, int> GetRelatedPermissions(int entityId, PermissionLevel level, bool explicitOnly, int identityId, Func <int, bool> isEnabled)
{
return(PermissionQuery.GetRelatedPermissions(this, entityId, level, explicitOnly, identityId, isEnabled));
}
/// <summary>
/// Returns all user and group ids that have any explicit permissions on the given entity or its subtree.
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
protected IEnumerable <int> GetRelatedIdentities(int entityId, PermissionLevel level)
{
return(PermissionQuery.GetRelatedIdentities(this, entityId, level));
}
/*********************** Permission query API **********************/
/// <summary>
/// Collects all permission settings on the given entity and its subtree related to the specified user or group set.
/// Output is grouped by permission types and can be filtered by the permission value.
/// </summary>
/// <param name="entityId">Id of the entity.</param>
/// <param name="identities">Id of the groups or users.</param>
/// <param name="includeRoot">Determines whether the provided root entity's permissions should be included in the result set.</param>
protected Dictionary <PermissionTypeBase, int> GetExplicitPermissionsInSubtree(int entityId, int[] identities, bool includeRoot)
{
return(PermissionQuery.GetExplicitPermissionsInSubtree(this, entityId, identities, includeRoot));
}