/// <summary>
/// Get Security Result base on Security Hierachy
/// </summary>
/// <param name="role">Role</param>
/// <param name="securable">Securable</param>
/// <param name="action">Action</param>
/// <returns>Allowed</returns>
private SecurityResultModel GetSecurityResult(SecurityRole role, SecuritySecurable securable, SecurityAction action)
{
if (securable == null || action == null || role == null)
{
return(new SecurityResultModel()
{
Allowed = false,
Message = "An invalid securable, action, or role was specified to check the security on."
});
}
var accessItems = _repository.GetAll <SecurityAccess>().Where(a => a.SecurityActionId == action.SecurityActionId && a.SecuritySecurableId == securable.SecuritySecurableId && a.SecurityRoleId == role.SecurityRoleId).ToList();
//
//If there is not security setup directly on the current security access item, then check the parent securable
//
if (accessItems.Count == 0)
{
// get security for parent item
if (securable.ParentSecuritySecurableId == null)
{
// no security is setup. default to less accessible
return(new SecurityResultModel()
{
SecuritySecurable = securable,
Allowed = false,
Message = String.Format("No security access record has been setup on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name)
});
}
var parent = _repository.GetAll <SecuritySecurable>().FirstOrDefault(s => s.SecuritySecurableId == securable.ParentSecuritySecurableId);
var result = GetSecurityResult(role, parent, action);
return(result);
}
//
//If the user has any access item that permits access, then return true
//
if (accessItems.Exists(a => a.Allowed == true))
{
return(new SecurityResultModel()
{
SecuritySecurable = securable,
Allowed = true,
Message = String.Format("Allow on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name)
});
}
return(new SecurityResultModel()
{
SecuritySecurable = securable,
Allowed = false,
Message = String.Format("Deny on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name)
});
}
/// <summary>
/// Get the effective permissions for all of the roles for a securable.
/// </summary>
/// <param name="request"></param>
/// <returns></returns>
public SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse GetEffectivePermissionsForSecurable(
SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest request)
{
//
//Validation
//
if (request == null || request.SecuritySecurableId == null)
{
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
Message = "Unable to get the effective permissions for securable. The request object must contain a valid security securable ID."
});
}
var securitySecurable =
_repository.GetAll <SecuritySecurable>()
.FirstOrDefault(p => p.SecuritySecurableId == request.SecuritySecurableId);
if (securitySecurable == null)
{
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
Message = String.Format("Unable to get the effective permissions for securable. The security securable record at ID {0} could not be found.", request.SecuritySecurableId)
});
}
//
//Get all of the actions available on this securable
//
var securitySecurableActions = _repository.GetAll <SecuritySecurableAction>(p => p.SecurityAction, p => p.SecuritySecurable).Where(p => p.SecuritySecurableId == request.SecuritySecurableId).OrderBy(p => p.SecurityAction.Name).ToList();
//
//Get all of the roles, and for each role determine its effective permissions on the securable
//
var effectivePermissionsForRoleList = new List <EffectivePermissionsForRoleModel>();
var rolesQueryable = _repository.GetAll <SecurityRole>().Where(p => p.Active == true);
//Limit the roles to only those selected by the form.
if (request.SelectedRoleIds != null && request.SelectedRoleIds.Count > 0)
{
rolesQueryable = rolesQueryable.Where(p => request.SelectedRoleIds.Contains(p.SecurityRoleId));
}
var roles = rolesQueryable.OrderBy(p => p.Name).ToList();
foreach (var role in roles)
{
//
//For each action, determine the roles and their permission to do that action on the securable
//
var effectivePermissionsList = new List <EffectivePermissionModel>();
foreach (var securitySecurableAction in securitySecurableActions)
{
var securityResult = GetSecurityResult(role, securitySecurable, securitySecurableAction.SecurityAction);
//
//Determine if the security was inherited. If it came from a securable that is not
//equal to the securable we are checking permissions for, then it was inherited.
//
bool isInheritedSecurity = false;
SecuritySecurable securitySecurableInheritedFrom = null;
if (securityResult != null && securityResult.SecuritySecurable != null)
{
isInheritedSecurity = (securityResult.SecuritySecurable.SecuritySecurableId !=
securitySecurable.SecuritySecurableId);
if (isInheritedSecurity)
{
securitySecurableInheritedFrom = securityResult.SecuritySecurable;
}
}
//
//Create the effective permission model for the securable describing the permissions the
//role has on the securable.
//
var effectivePermissionModel = new EffectivePermissionModel()
{
SecuritySecurableAction = securitySecurableAction,
Allowed = securityResult.Allowed,
Inherited = isInheritedSecurity,
SecuritySecurableInheritedFrom = securitySecurableInheritedFrom,
Message = securityResult.Message
};
effectivePermissionsList.Add(effectivePermissionModel);
}
//
//Add the model to the list of effective permissions for the role/securable
//
var effectivePermissionsForRoleModel = new EffectivePermissionsForRoleModel()
{
SecurityRole = role,
EffectivePermissions = effectivePermissionsList
};
effectivePermissionsForRoleList.Add(effectivePermissionsForRoleModel);
}
//
//Return the effective permissions list
//
return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse()
{
IsSuccessful = true,
SecuritySecurable = securitySecurable,
EffectivePermissionsForRoles = effectivePermissionsForRoleList
});
}
