コード例 #1
0
        /***************************** Context **************************/

        /// <summary>
        /// Creates a new instance of the SecurityContext using the passed user instance and the SecuritySystem.
        /// </summary>
        public SecurityContext(ISecurityUser currentUser, SecuritySystem securitySystem)
        {
            CurrentUser      = currentUser;
            SecuritySystem   = securitySystem;
            Evaluator        = new PermissionEvaluator(this);
            _permissionQuery = SecuritySystem.PermissionQuery;
        }
コード例 #2
0
        internal PermissionEvaluator(SecurityContext securityContext)
        {
            _securityContext = securityContext;
            _cache           = securityContext.SecuritySystem.Cache;
            _entityManager   = securityContext.SecuritySystem.EntityManager;
            _permissionQuery = securityContext.SecuritySystem.PermissionQuery;

            var config = securityContext.SecuritySystem.Configuration;

            _systemUserId    = config.SystemUserId;
            _visitorUserId   = config.VisitorUserId;
            _everyoneGroupId = config.EveryoneGroupId;
            _ownerGroupId    = config.OwnerGroupId;
        }
コード例 #3
0
        private IEnumerable <int> FlattenDynamicGroups(IEnumerable <int> extension)
        {
            var flattened = new List <int>();

            foreach (var groupId in extension)
            {
                if (!flattened.Contains(groupId))
                {
                    flattened.Add(groupId);
                }
                foreach (var id in PermissionQuery.GetParentGroups(_securityContext, groupId, false))
                {
                    if (!flattened.Contains(id))
                    {
                        flattened.Add(id);
                    }
                }
            }
            return(flattened);
        }
コード例 #4
0
        public void Start()
        {
            GeneralSecurityContext = null;

            // The message provider must receive ongoing activities at this time.
            StartedAt = DateTime.UtcNow;

            var uncompleted = DataHandler.LoadCompletionState(out var lastActivityIdFromDb);

            PermissionTypeBase.InferForcedRelations();

            using (var op = SnTrace.Security.StartOperation("Security initial loading."))
            {
                var cache = new SecurityCache(DataHandler);
                cache.Initialize();
                Cache         = cache;
                op.Successful = true;
            }

            EntityManager             = new SecurityEntityManager(Cache, DataHandler, MissingEntityHandler);
            Cache.EntityManager       = EntityManager; // Property injection
            DataHandler.EntityManager = EntityManager; // Property injection

            PermissionQuery        = new PermissionQuery(EntityManager, Cache);
            CommunicationMonitor   = new CommunicationMonitor(DataHandler, Options.Create(MessagingOptions));
            GeneralSecurityContext = new SecurityContext(SystemUser, this);

            SecurityActivityQueue = new SecurityActivityQueue(this, CommunicationMonitor, DataHandler, ActivityHistory);
            SecurityActivityQueue.Startup(uncompleted, lastActivityIdFromDb);
            ActivityHistory.SecurityActivityQueue = SecurityActivityQueue; // Property injection

            MessageProvider.MessageReceived += MessageProvider_MessageReceived;
            MessageProvider.Initialize();
            MessageProvider.Start(StartedAt);

            _killed = false;
        }
コード例 #5
0
 /// <summary>
 /// Returns Ids of all groups where the given user or group is member directly or indirectly.
 /// </summary>
 /// <param name="identityId">Id of the group or user.</param>
 /// <param name="directOnly">Switch of the direct or indirect membership.</param>
 protected IEnumerable <int> GetParentGroups(int identityId, bool directOnly)
 {
     return(PermissionQuery.GetParentGroups(this, identityId, directOnly));
 }
コード例 #6
0
 /// <summary>
 /// Returns Ids of all users that have all given permission on the entity.
 /// User will be resulted even if the permissions are granted on a group where she is member directly or indirectly.
 /// </summary>
 /// <param name="entityId">Id of the entity.</param>
 /// <param name="permissions">Only those users appear in the output that have permission settings in connection with the given permissions.</param>
 protected IEnumerable <int> GetAllowedUsers(int entityId, IEnumerable <PermissionTypeBase> permissions)
 {
     return(PermissionQuery.GetAllowedUsers(this, entityId, permissions));
 }
コード例 #7
0
 /// <summary>
 /// Returns all entity ids in the requested entity's direct children that have any permission setting
 /// filtered by permission value, user or group, and a permission mask
 /// </summary>
 /// <param name="entityId">Id of the entity.</param>
 /// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
 /// <param name="identityId">Id of the group or user.</param>
 /// <param name="permissions">Only those entities appear in the output that have permission settings in connection with the given permissions.</param>
 protected IEnumerable <int> GetRelatedEntitiesOneLevel(int entityId, PermissionLevel level, int identityId, IEnumerable <PermissionTypeBase> permissions)
 {
     return(PermissionQuery.GetRelatedEntitiesOneLevel(this, entityId, level, identityId, permissions));
 }
コード例 #8
0
 /// <summary>
 /// Returns all entity ids in the requested entity's subtree that have any permission setting
 /// filtered by permission value, user or group, and a permission mask
 /// </summary>
 /// <param name="entityId">Id of the entity.</param>
 /// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
 /// <param name="explicitOnly">Filter parameter for future use only. The currently allowed value is true.</param>
 /// <param name="identityId">Id of the group or user.</param>
 /// <param name="permissions">Only those entities appear in the output that have permission settings in connection with the given permissions.</param>
 protected IEnumerable <int> GetRelatedEntities(int entityId, PermissionLevel level, bool explicitOnly, int identityId, IEnumerable <PermissionTypeBase> permissions)
 {
     return(PermissionQuery.GetRelatedEntities(this, entityId, level, explicitOnly, identityId, permissions));
 }
コード例 #9
0
 /// <summary>
 /// Collects all permission settings on the given entity and its subtree related to the specified user or group.
 /// Output is grouped by permission types and can be filtered by the permission value.
 /// </summary>
 /// <param name="entityId">Id of the entity.</param>
 /// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
 /// <param name="explicitOnly">Filter parameter for future use only. Allowed value is true.</param>
 /// <param name="identityId">Id of the group or user.</param>
 /// <param name="isEnabled">Filter method that can enable or disable any entity.</param>
 protected Dictionary <PermissionTypeBase, int> GetRelatedPermissions(int entityId, PermissionLevel level, bool explicitOnly, int identityId, Func <int, bool> isEnabled)
 {
     return(PermissionQuery.GetRelatedPermissions(this, entityId, level, explicitOnly, identityId, isEnabled));
 }
コード例 #10
0
 /// <summary>
 /// Returns all user and group ids that have any explicit permissions on the given entity or its subtree.
 /// </summary>
 /// <param name="entityId">Id of the entity.</param>
 /// <param name="level">Filtering by the permission value. It can be Allowed, Denied, AllowedOrDenied.</param>
 protected IEnumerable <int> GetRelatedIdentities(int entityId, PermissionLevel level)
 {
     return(PermissionQuery.GetRelatedIdentities(this, entityId, level));
 }
コード例 #11
0
        /*********************** Permission query API **********************/

        /// <summary>
        /// Collects all permission settings on the given entity and its subtree related to the specified user or group set.
        /// Output is grouped by permission types and can be filtered by the permission value.
        /// </summary>
        /// <param name="entityId">Id of the entity.</param>
        /// <param name="identities">Id of the groups or users.</param>
        /// <param name="includeRoot">Determines whether the provided root entity's permissions should be included in the result set.</param>
        protected Dictionary <PermissionTypeBase, int> GetExplicitPermissionsInSubtree(int entityId, int[] identities, bool includeRoot)
        {
            return(PermissionQuery.GetExplicitPermissionsInSubtree(this, entityId, identities, includeRoot));
        }