static SecurityContext()
{
var permissionProvider = new PermissionProvider();
var azManager = new AzManager(new RoleProvider(), permissionProvider);
PermissionResolver = new PermissionResolver(azManager, permissionProvider);
}
public MessageAuthorizer(IPermissionResolver resolver,
IRepository <UserAccount> userAccountRepository,
IRepository <Role> roleRepository,
IRepository <RoleGroup> roleGroupRepository)
{
if (resolver == null)
{
throw new ArgumentNullException("resolver");
}
if (userAccountRepository == null)
{
throw new ArgumentNullException("userAccountRepository");
}
if (roleRepository == null)
{
throw new ArgumentNullException("roleRepository");
}
if (roleGroupRepository == null)
{
throw new ArgumentNullException("roleGroupRepository");
}
_resolver = resolver;
_userAccountRepository = userAccountRepository;
_roleRepository = roleRepository;
_roleGroupRepository = roleGroupRepository;
}
public DefaultAuthorizer(ICommandFactory commandFactory, IPermissionResolver permissionResolver, IHttpContextAccessor contextAccessor, UserManager <ApplicationUser> userManager)
{
this.commandFactory = commandFactory;
this.permissionResolver = permissionResolver;
this.contextAccessor = contextAccessor;
this.userManager = userManager;
}
public MessageAuthorizer(IPermissionResolver resolver,
IRepository<User> userRepository,
IRepository<Role> roleRepository)
{
if (resolver == null) throw new ArgumentNullException("resolver");
if (userRepository == null) throw new ArgumentNullException("userRepository");
if (roleRepository == null) throw new ArgumentNullException("roleRepository");
_resolver = resolver;
_userRepository = userRepository;
_roleRepository = roleRepository;
}
public PermissionContext(IPermissionResolver permissionResolver, AuthContext authContext)
{
PermissionResolver = permissionResolver;
AuthContext = authContext;
}
/// <summary>
/// Returns an expression that checks whether the passed record may be accessed or not.
/// This expression must be translatable to SQL.
/// So this expression can be used for access restriction directly in database queries.
///
/// For more information, see the class documentation of <see cref="PermissionResolverHelper"/>.
/// </summary>
/// <typeparam name="T">The type for the record that the expression should work on. Must be a valid entity type or the expression will return false.</typeparam>
/// <param name="permissionResolver">A <see cref="IPermissionResolver"/> object that defines permissions. Can be null (for system privileges, i.e. always grant).</param>
/// <param name="accessType">Defines the type of access that is requested. See <see cref="AccessType"/>.</param>
/// <returns>True if access is granted.</returns>
public static Expression <Func <T, bool> > GetCanAccessRecordExpression <T>([CanBeNull] IPermissionResolver permissionResolver, AccessType accessType)
{
return(permissionResolver?.GetCanAccessRecordExpression <T>(accessType));
}
/// <summary>
/// Checks whether the passed record may be accessed or not.
/// The record has to have the correct entity type or the test will fail.
///
/// For more information, see the class documentation of <see cref="PermissionResolverHelper"/>.
/// </summary>
/// <param name="permissionResolver">A <see cref="IPermissionResolver"/> object that defines permissions. Can be null (for system privileges, i.e. always grant).</param>
/// <param name="accessType">Defines the type of access that is requested. See <see cref="AccessType"/>.</param>
/// <param name="record">A record that an operation is requested on.</param>
/// <returns>True if access is granted.</returns>
public static bool CanAccessRecord([CanBeNull] IPermissionResolver permissionResolver, AccessType accessType, [NotNull] object record)
{
return(permissionResolver?.CanAccessRecord(accessType, record) ?? true);
}
// Disable "obsolete"-warnings, since the IPermissionResolver methods are flagged as obsolete (which they are not, but they should not be used directly).
#pragma warning disable 618
/// <summary>
/// Checks whether the passed type may be accessed or not.
///
/// For more information, see the class documentation of <see cref="PermissionResolverHelper"/>.
/// </summary>
/// <param name="permissionResolver">A <see cref="IPermissionResolver"/> object that defines permissions. Can be null (for system privileges, i.e. always grant).</param>
/// <param name="accessType">Defines the type of access that is requested. See <see cref="AccessType"/>.</param>
/// <param name="type">The entity type that an operation is requested on.</param>
/// <returns>True if access is granted.</returns>
public static bool CanAccessType([CanBeNull] IPermissionResolver permissionResolver, AccessType accessType, [NotNull] Type type)
{
return(permissionResolver?.CanAccessType(accessType, type) ?? true);
}
static SecurityContext()
{
var azManager = new AzManager(new RoleProvider(), new PermissionProvider());
PermissionResolver = new PermissionResolver(azManager);
}
public RoleController(IPermissionResolver permResolver, ILogger <RoleController> logger)
{
this.permResolver = permResolver;
this.logger = logger;
}
