public virtual bool PrincipalHasAccess(IPrincipal principal, AccessAttribute attr) { if (attr.InternalUsage || principal == null || !principal.Identity.IsAuthenticated) { return(false); } if (attr.Users != null) { var users = attr.Users.ToLower().Split(new char[] { ',' }); if (!users.Contains(principal.Identity.Name.ToLower())) { return(false); } } if (attr.Roles != null) { var roles = attr.Roles.ToLower().Split(new char[] { ',' }); if (!roles.Any(role => principal.IsInRole(role))) { return(false); } } return(true); }
public virtual void HandleViolation(AccessAttribute attr, EntityContext context, PropertyInfo property = null) { if (attr.ViolationBehavior == ViolationBehavior.IgnoreUserInput) { // Ignore changes in violation, set states to unchanged/not modified if (property == null) { context.Entry.State = EntityState.Unchanged; } else { context.Entry.Property(property.Name).IsModified = false; } } else { throw new DataServicesAccessViolationException(); } }