void OnBeforeSave(object sender, OnBeforeSaveEventArgs e) { if (e.SkipSecurity) return; var authentication = ApplicationSettings.Container.Resolve<IAuthentication>(); var claims = authentication.GetCurrentUserClaims(); var dataset = e.Entity.ObjectsDataSet as ObjectsDataSet; string message; if (AppSettings.Get<bool>("DataSetAuthorizationCheckModeRemoveFromDataSet")) { // If 'remove from dataset' option is enabled, do an explicit check of the main entity first // so that we don't just quietly skip saves of the context/main entity SecurityPredicate predicate; var permissionLevel = ApplicationSettings.Container.Resolve<IAuthorizations>().CanUpdate(e.Entity, claims, out message, out predicate); if (permissionLevel != PermissionLevel.Authorized) authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access"))); } // Perform authorization check on full dataset because could embed multiple saves and deletes { var permissionLevel = ApplicationSettings.Container.Resolve<IAuthorizations>().CheckWriteAuthorizationsOnDataSet(dataset, claims, e.Parameters, out message); if (permissionLevel != PermissionLevel.Authorized) authentication.ThrowAccessDenied(new GOServerException("accessDenied", String.IsNullOrEmpty(message) ? "unauthorized access" : message, new ForbiddenAccessException("forbidden access"))); } // Note that because Save() may involve multiple save / deletes in a single savesset, we do not set e.FiltrExpression here // (because there may be a different security data filter for different entities in the saveset) // instead, the CheckWriteAuthorizationsOnDataSet has already checked the filter(s) (for the entire dataset) }
/// <summary> /// IDataProviderExtension<GOUserDataObject> OnBeforeSave extension /// Hook into GOUserDataObject.Save() so that we can MD5 hash the password prior to saving /// </summary> void OnBeforeSaveGOUser(object sender, OnBeforeSaveEventArgs e) { if (e.Entity != null) { var userToSave = e.Entity as GOUserDataObject; if (userToSave != null) { if (userToSave.IsNew) { userToSave.Password = GetMD5Hash(userToSave.Password); } else if (!e.Parameters.ContainsKey(ValidatingUser)) { if (DataFacade.GOUserDataProvider.GetCollection(null, "UserName = \"" + userToSave.UserName + "\" && Password = \"" + userToSave.Password + "\"", null, parameters: e.Parameters, skipSecurity: true).Any()) { // The password is correct in the Database, we don't need to do anything } else { userToSave.Password = GetMD5Hash(userToSave.Password); } } } } }