public static void AddAclForUser(this AccessControlListQuery query, VirtualRoleRepository <VirtualRoleProviderBase> virtualRoleRepository, PrincipalInfo principal, object context) { if (principal == null) { return; } Validator.ThrowIfNull("virtualRoleRepository", virtualRoleRepository); if (!string.IsNullOrEmpty(principal.Name)) { query.AddUser(principal.Name); } ICollection <string> roleList = principal.RoleList; if (roleList != null) { foreach (string current in roleList) { query.AddRole(current); } } foreach (string current2 in virtualRoleRepository.GetAllRoles()) { VirtualRoleProviderBase virtualRoleProviderBase; if (virtualRoleRepository.TryGetRole(current2, out virtualRoleProviderBase) && virtualRoleProviderBase.IsInVirtualRole(principal.Principal, context)) { query.AddRole(current2); } } }
public static IQueryExpression FilterByACL(this IQueryExpression expression) { var aclQuery = new AccessControlListQuery(); var _virtualRoleRepository = ServiceLocator.Current.GetInstance <IVirtualRoleRepository>(); var principal = PrincipalInfo.Current; var context = HttpContext.Current; if (principal?.Principal == null) { return(expression); } aclQuery.AddUser(principal.Principal.Identity.Name); ClaimsPrincipal claimsPrincipal = principal.Principal as ClaimsPrincipal; IEnumerable <Claim> claims = claimsPrincipal != null?claimsPrincipal.Claims.Where <Claim>(c => c.Type.Equals("http://schemas.microsoft.com/ws/2008/06/identity/claims/role")) : (IEnumerable <Claim>)null; if (claims == null) { return(expression); } foreach (Claim claim in claims) { aclQuery.AddRole(claim.Value); } foreach (string allRole in _virtualRoleRepository.GetAllRoles()) { VirtualRoleProviderBase virtualRole; if (_virtualRoleRepository.TryGetRole(allRole, out virtualRole) && virtualRole.IsInVirtualRole(principal.Principal, context)) { aclQuery.AddRole(allRole); } } return(expression.And(aclQuery)); }