public void TestCheckAccessClaimInUserValid()
{
string claim = "View Documents";
bool expected = true;
bool actual;
aM.user.Name = "Bob";
aM.user.CollectionClaims.Add(claim);
actual = aM.CheckAccess(claim);
Console.WriteLine("Actual Value: " + actual);
Assert.AreEqual(expected, actual);
}
public IHttpActionResult GetCampaign(string id_or_slug)
{
Campaign c = GetCampaignByIdOrSlug(id_or_slug);
if (c.Status.HasFlag(CampaignStatus.Approved))
{
var vm = CampaignToCampaignVM(c);
return(Ok(vm));
}
else if (User.Identity.IsAuthenticated)
{
if (User.Identity.GetUserId() != c.CreatedById.ToString())
{
var auth = new AuthorizationManager();
var haveAccess =
auth.CheckAccess(new AuthorizationContext(ClaimsPrincipal.Current, AuthResource.Campaigns, AuthAction.GetFullDetails));
if (!haveAccess)
{
return(Unauthorized());
}
}
var vm = CampaignToCampaignVM(c);
//Add full details properties
vm.CreatedById = c.CreatedById;
return(Ok(vm));
}
else
{
return(Unauthorized());
}
}
public static void AddItemsToNavigation(NavBarControl ribbon, object owner, string addInTreePath)
{
var adapter = GetUIElementAdapter(ribbon);
var descriptors = AddInTree.BuildItems <NavItemDescriptor>(addInTreePath, owner, false);
List <NavItemDescriptor> removerItem = new List <NavItemDescriptor>();
foreach (var descriptor in descriptors)
{
List <object> subRemoverItem = new List <object>();
foreach (NavItemDescriptor subItem in descriptor.SubItems)
{
if (!AuthorizationManager.CheckAccess(subItem.Codon.Id, "Read"))
{
subRemoverItem.Add(subItem);
}
}
foreach (var item in subRemoverItem)
{
descriptor.SubItems.Remove(item);
}
if (descriptor.SubItems.Count <= 0)
{
removerItem.Add(descriptor);
}
}
foreach (var item in removerItem)
{
descriptors.Remove(item);
}
BuildParts(adapter, descriptors);
}
public async Task <IHttpActionResult> GetUserDocuments(int userId)
{
var user = db.Users.Find(userId);
if (user == null)
{
return(BadRequest("Invalid userId"));
}
var docs = user.UserDocumentMaps.Select(m => m.Document);
var auth = new AuthorizationManager();
var haveAccess =
auth.CheckAccess(new AuthorizationContext(ClaimsPrincipal.Current, AuthResource.UserDocuments, AuthAction.List));
if (haveAccess)
{
return(Ok(await GetDocumentsWithDownloadLinks(docs)));
}
else
{
if (User.Identity.GetUserId() != userId.ToString())
{
return(Unauthorized());
}
return(Ok(docs));
}
}
public bool IsValid(object caller, Condition condition)
{
if (!(caller is IObjectDetailController))
{
return(true);
}
IObjectDetailController detailController = (IObjectDetailController)caller;
if (!string.IsNullOrEmpty(condition.Properties["priviledge"]))
{
bool result = AuthorizationManager.CheckAccess(detailController.ObjectName, condition.Properties["priviledge"]);
if (!result)
{
return(result);
}
}
string itemType = condition.Properties["type"];
bool status = detailController.WorkingMode == EntityDetailWorkingMode.View;
if (itemType == "edit")
{
return(status);
}
else
{
return(!status);
}
}
public IHttpActionResult GetCampaigns(ODataQueryOptions <Campaign> options)
{
IQueryable <object> results;
ODataQuerySettings settings = new ODataQuerySettings();
IQueryable <Campaign> campResults;
var auth = new AuthorizationManager();
var haveAccess =
auth.CheckAccess(new AuthorizationContext(ClaimsPrincipal.Current, AuthResource.Campaigns, AuthAction.List));
/*NOTE:
* Admin access should be different from home page access to campaigns
* Only approved campaigns should come in home page, but Admin should have access to all campaigns
* NOTE II: Access to removed campaign is open to question for admin!*/
if (haveAccess) //Only For Admin
{
Console.WriteLine(options.Filter.RawValue);
settings.PageSize = 20;
var adminquery = db.Campaigns;
campResults = options.ApplyTo(adminquery, settings) as IQueryable <Campaign>;
results = campResults.Select(c => new
{
//TODO: Add other needed properties for Admin
Id = c.Id,
Title = c.Title,
TargetFund = c.TargetFund,
CollectedFund = c.CollectedFund,
CategoryId = c.CampaignCategoryId,
ProjectStageId = c.ProjectStageId,
Story = c.Story,
Tagline = c.Tagline,
Thumbnail = c.ThumbnailFullPath,
Category = c.Category == null ? null : c.Category.Name,
ProjectStage = c.ProjectStage == null ? null : c.ProjectStage.Name
});
Console.WriteLine(results.ToString());
}
else
{
//TODO: Cache the first page. It's the same for all! and it is loaded more!
var query = db.Campaigns.Where(c =>
(c.TargetFund ?? -1) > 0 &&
c.Status.HasFlag(CampaignStatus.Approved) //It could be Running/Fulfilled/Unfulfilled
);
//Restrict Options Here!
System.Diagnostics.Debug.WriteLine(query.ToString());
settings.PageSize = 4;
results = options.ApplyTo(query, settings) as IQueryable <Campaign>;
results.Load(); //TODO: improve model and remove this to prevent multiple lazy loadings
}
return(Ok(new PageResult <object>(
results as IEnumerable <object>,
Request.ODataProperties().NextLink,
Request.ODataProperties().TotalCount)));
}
private void RegisterRelatedEntityCommand()
{
var allRelationshipRoles = MetadataProvider.Instance.EntityRelationshipRoles;
var relationshipRoles =
allRelationshipRoles.Where(
role => role.Entity.PhysicalName == EntityName && role.NavPanelDisplayOption == 1);
if (relationshipRoles.Any())
{
var relatedEntityButtons = new List <BarButtonItemEx>();
foreach (var relationshipRole in relationshipRoles)
{
var entityRelation = relationshipRole.EntityRelationship;
var relatedRole = entityRelation.EntityRelationshipRoles
.FirstOrDefault(r => r != relationshipRole &&
r.RelationshipRoleType == (int)RelationshipRoleType.ManyToOne);
if (relatedRole == null)
{
continue;
}
var name = relatedRole.Entity.PhysicalName;
if (!AuthorizationManager.CheckAccess(name, "Read"))
{
continue;
}
var relationship = entityRelation.EntityRelationshipRelationships.First().Relationship;
var localizedCaption = Properties.Resources.ResourceManager.GetString(name);
var buttonItem = new BarButtonItemEx(name, "Search")
{
Caption = localizedCaption
};
buttonItem.ItemClick += (s, e) => { ShowRelatedEntityList(relationship, name); };
buttonItem.Name = name;
if (relationshipRoles.Count() > 1)
{
buttonItem.RibbonStyle = DevExpress.XtraBars.Ribbon.RibbonItemStyles.SmallWithText |
DevExpress.XtraBars.Ribbon.RibbonItemStyles.SmallWithoutText;
}
buttonItem.ButtonStyle = BarButtonStyle.Check;
relatedEntityButtons.Add(buttonItem);
}
if (relatedEntityButtons.Any())
{
var generalGroup =
UIExtensionSites["DetailHomePage"].Add(new RibbonPageGroup(GetLocalizedCaption("Related")));
UIExtensionSites.RegisterSite("DetailRelatedGroup", generalGroup);
foreach (var button in relatedEntityButtons)
{
UIExtensionSites["DetailRelatedGroup"].Add(button);
}
}
}
}
public void BindRole(List <Guid> selectedRoles)
{
if (!AuthorizationManager.CheckAccess("User", "Write"))
{
roleLookUpEdit.Enabled = false;
}
roleLookUpEdit.Properties.DisplayMember = "RoleName";
roleLookUpEdit.Properties.BindDataAsync("Role", "RoleId", selectedRoles);
roleLookUpEdit.Properties.View.OptionsSelection.MultiSelect = true;
}
public void Should_ReturnTrue_When_PrincipalHasClaim()
{
// Arrange
var username = "******";
var claims = new List <Claim> {
new Claim("Username", username)
};
var identity = new ClaimsIdentity(claims);
var principal = new ClaimsPrincipal(identity);
var resource = ResourceConstant.PREFERENCES;
var action = ActionConstant.UPDATE;
var context = new AuthorizationContext(principal, resource, action);
// Act
var result = manager.CheckAccess(context);
// Assert
result.Should().BeTrue();
}
private void SetCommandStatus(string commandName, string priviledge)
{
if (AuthorizationManager.CheckAccess(EntityName, priviledge))
{
bool initSatus = _entityListView.EntityGridView.DataSource == null && _entityListView.Context.BindingSource.ToArrayList().Count > 0;
initSatus = initSatus || (_entityListView.SelectedEntity != null && _entityListView.EntityGridView.RowCount != 0);
Commands[commandName].Status =
initSatus ? CommandStatus.Enabled : CommandStatus.Disabled;
}
else
{
Commands[commandName].Status = CommandStatus.Unavailable;
}
}
private List <Codon> GetSubItems(string entityName, AddIn addin, BuildItemArgs args)
{
List <Codon> codonList = new List <Codon>();
if (string.IsNullOrEmpty(entityName))
{
return(codonList);
}
var allRelationshipRoles = MetadataRepository.EntityRelationshipRoles;
var relationshipRoles = allRelationshipRoles.Where(role => role.Entity.PhysicalName == entityName && role.NavPanelDisplayOption == 1);
if (relationshipRoles.Any())
{
foreach (var relationshipRole in relationshipRoles)
{
var entityRelation = relationshipRole.EntityRelationship;
var relatedRole = entityRelation.EntityRelationshipRoles
.FirstOrDefault(r => r != relationshipRole &&
r.RelationshipRoleType != (int)RelationshipRoleType.Relationship);
if (relatedRole == null)
{
continue;
}
var commandName = relatedRole.Entity.PhysicalName;
if (!AuthorizationManager.CheckAccess(commandName, "Read"))
{
continue;
}
ICSharpCode.Core.Properties properies = new ICSharpCode.Core.Properties();
properies.Set <string>("id", commandName);
properies.Set <string>("type", "Item");
properies.Set <string>("label", "${res:" + commandName + "}");
properies.Set <string>("imageName", commandName);
properies.Set <string>("overlay", "overlay_search");
properies.Set <string>("Parameter", commandName);
properies.Set <string>("groupName", "Related");
properies.Set <string>("class", "Katrin.Win.RelatedModule.Commands.RelatedCommand");
properies.Set <string>("builderid", "BarButtonItemBuilder");
if (relationshipRoles.Count() > 1)
{
properies.Set <string>("RibbonStyle", "Small");
}
Codon codon = new Codon(addin, "MenuItem", properies, args.Conditions.ToArray());
codonList.Add(codon);
}
}
return(codonList);
}
public bool IsValid(object caller, Condition condition)
{
if (string.IsNullOrEmpty(condition.Properties["priviledge"]))
{
return(true);
}
if (!(caller is ListController))
{
return(true);
}
ListController listController = (ListController)caller;
return(AuthorizationManager.CheckAccess(listController.ObjectName, condition.Properties["priviledge"]));
}
protected override void InitConvert()
{
List <ColumnMapping> mappingList = MetadataProvider.Instance.MappingList
.Where(c => c.SourceEntityName == EntityName).ToList();
var toConverList = mappingList.Select(c => c.TargetEntityName).Distinct();
foreach (string commandName in toConverList)
{
if (!AuthorizationManager.CheckAccess(commandName, "Write"))
{
continue;
}
RegisterPoupMenuItem(commandName, "Covert", commandName, OnConvertEntity);
}
}
public void OnRefreshCommandStatus(object sender, EventArgs e)
{
var status = (OpportunityStatus)DynamicEntity.StatusCode;
var canWrite = AuthorizationManager.CheckAccess(EntityName, "Write");
WorkItem.Commands["Recyle"].Status = canWrite && status == OpportunityStatus.Lost
? CommandStatus.Enabled
: CommandStatus.Unavailable;
var wonStatus = WorkingMode == EntityDetailWorkingMode.Edit &&
status == OpportunityStatus.InProgress && canWrite
? CommandStatus.Enabled
: CommandStatus.Unavailable;
WorkItem.Commands["Won"].Status = WorkItem.Commands["Fail"].Status = wonStatus;
}
protected virtual void UpdateCommandStatus()
{
Commands["EditMode"].Status = WorkingMode == EntityDetailWorkingMode.View &&
AuthorizationManager.CheckAccess(EntityName, "Write")
? CommandStatus.Enabled
: CommandStatus.Unavailable;
if (WorkingMode == EntityDetailWorkingMode.View)
{
Commands["SaveAndClose"].Status = CommandStatus.Unavailable;
Commands["Save"].Status = CommandStatus.Unavailable;
}
else
{
Commands["SaveAndClose"].Status = HasChanges ? CommandStatus.Enabled : CommandStatus.Disabled;
Commands["Save"].Status = HasChanges ? CommandStatus.Enabled : CommandStatus.Disabled;
}
OnRefreshCommandStatus(EventArgs.Empty);
}
private void AddShowNavBarGroups()
{
_moduleGroups.Add("Sales", new List <string>(new[]
{
"Lead",
"Opportunity", "Quote",
"Contract", "Invoice",
"Account", "Contact"
}));
_moduleGroups.Add("ProjectManagement", new List <string>(new[] { "Project", "ProjectTask", "ProjectWeekReport", "Attendance" }));
_moduleGroups.Add("Reports", new List <string>(new[] { "OpportunityReport", "ProjectReport" }));
_moduleGroups.Add("Services", new List <string>(new[] { "Product", "Task" }));
_moduleGroups.Add("Administration", new List <string>(new[] { "User", "Role" }));
foreach (var moduleGroup in _moduleGroups)
{
var group = new NavBarGroup(GetLocalizedCaption(moduleGroup.Key));
foreach (var module in moduleGroup.Value)
{
if (!AuthorizationManager.CheckAccess(module, "Read"))
{
continue;
}
var localizedCaption = GetLocalizedCaption(module);
var item = new NavBarItem(localizedCaption);
string moduleName = module;
item.LinkClicked += (s, e) => ShowEntityList(moduleName);
item.Name = module;
item.LargeImage = GetBitmapByName(module, new Size(32, 32));
item.SmallImage = GetBitmapByName(module, new Size(32, 32));
group.ItemLinks.Add(item);
}
if (group.ItemLinks.Count == 0)
{
continue;
}
group.LargeImage = GetBitmapByName(moduleGroup.Key, new Size(32, 32));
group.SmallImage = GetBitmapByName(moduleGroup.Key, new Size(32, 32));
UIExtensionSites[ExtensionSiteNames.ShellNavBar].Add(group);
UIExtensionSites.RegisterSite(moduleGroup.Key, group);
}
}
private List <Codon> GetSubItems(string entityName, AddIn addin, BuildItemArgs args)
{
List <Codon> codonList = new List <Codon>();
if (string.IsNullOrEmpty(entityName))
{
return(codonList);
}
List <ColumnMapping> mappingList = MetadataRepository.MappingList
.Where(c => c.SourceEntityName == entityName).ToList();
var toConverList = mappingList.Select(c => c.TargetEntityName).Distinct();
if (toConverList.Any())
{
foreach (string commandName in toConverList)
{
if (!AuthorizationManager.CheckAccess(commandName, "Write"))
{
continue;
}
ICSharpCode.Core.Properties properies = new ICSharpCode.Core.Properties();
properies.Set <string>("id", "Convert" + commandName);
properies.Set <string>("type", "Item");
properies.Set <string>("label", "${res:" + commandName + "}");
properies.Set <string>("imageName", commandName);
properies.Set <string>("Parameter", commandName);
properies.Set <string>("groupName", "Convert");
properies.Set <string>("overlay", "overlay_convert");
properies.Set <string>("class", "Katrin.Win.ConvertModule.Commands.CovertCommand");
properies.Set <string>("builderid", "BarButtonItemBuilder");
if (toConverList.Count() > 1)
{
properies.Set <string>("RibbonStyle", "Small");
}
Codon codon = new Codon(addin, "MenuItem", properies, args.Conditions.ToArray());
codonList.Add(codon);
}
}
return(codonList);
}
private void InitConvert()
{
List <ColumnMapping> mappingList = MetadataProvider.Instance.MappingList
.Where(c => c.SourceEntityName == EntityName).ToList();
var toConverList = mappingList.Select(c => c.TargetEntityName).Distinct();
if (toConverList.Any())
{
var convertEntityButtons = new List <BarButtonItemEx>();
foreach (string commandName in toConverList)
{
if (!AuthorizationManager.CheckAccess(commandName, "Write"))
{
continue;
}
var localizedCaption = GetLocalizedCaption(commandName);
var buttonItem = new BarButtonItemEx(commandName, "convert")
{
Caption = localizedCaption
};
buttonItem.Name = commandName;
if (toConverList.Count() > 1)
{
buttonItem.RibbonStyle = DevExpress.XtraBars.Ribbon.RibbonItemStyles.SmallWithText |
DevExpress.XtraBars.Ribbon.RibbonItemStyles.SmallWithoutText;
}
buttonItem.ItemClick += (s, e) => { ShowRelatedEntityDetail(e.Item.Name, Guid.Empty, EntityDetailWorkingMode.Convert); };
convertEntityButtons.Add(buttonItem);
}
if (convertEntityButtons.Count > 0)
{
var convertGroup = UIExtensionSites["DetailHomePage"].Add(new RibbonPageGroup(GetLocalizedCaption("ConvertTitle")));
UIExtensionSites.RegisterSite("DetailConvertGroup", convertGroup);
foreach (var button in convertEntityButtons)
{
UIExtensionSites["DetailConvertGroup"].Add(button);
}
}
}
}
public async Task <IHttpActionResult> GetCampaignDocuments(int campaignId)
{
var camp = await db.SafelyGetCampaignById(campaignId);
var userId = User.Identity.GetUserId();
var docs = camp.CampaignDocumentMaps.Select(m => m.Document);
var auth = new AuthorizationManager();
var haveAccess =
auth.CheckAccess(new AuthorizationContext(ClaimsPrincipal.Current, AuthResource.CampaignDocuments, AuthAction.List));
if (haveAccess)
{
return(Ok(await GetDocumentsWithDownloadLinks(docs)));
}
else
{
if (camp.CreatedById.ToString() != userId)
{
return(Unauthorized());
}
return(Ok(docs));
}
}
protected virtual void UpdateCommandStatus()
{
Commands["Add"].Status = AuthorizationManager.CheckAccess(EntityName, "Create")
? CommandStatus.Enabled
: CommandStatus.Unavailable;
SetCommandStatus("Edit", "Write");
SetCommandStatus("View", "Read");
SetCommandStatus("Delete", "Delete");
if (!UIExtensionSites.Contains("RelatedGroup"))
{
return;
}
var relatedItems = UIExtensionSites["RelatedGroup"];
if (relatedItems != null)
{
var buttons = relatedItems.OfType <BarButtonItemEx>();
foreach (var button in buttons)
{
button.Enabled = _entityListView.SelectedEntity != null && _entityListView.EntityGridView.RowCount != 0;
}
}
var convertSiteName = UIExtensionSites.Where(c => c.ToString() == "ConvertGroup");
if (convertSiteName.ToList().Count > 0)
{
var convertItems = UIExtensionSites["ConvertGroup"];
var buttons = convertItems.OfType <BarButtonItemEx>();
foreach (var button in buttons)
{
button.Enabled = _entityListView.SelectedEntity != null && _entityListView.EntityGridView.RowCount != 0;
}
}
}
public AuthorizationManager.AccessRights CheckAccess(PemsCity city, string controller, string action, string userName)
{
return(_azManager.CheckAccess(city, controller, action, userName));
}
