/// <summary> /// Get Security Result base on Security Hierachy /// </summary> /// <param name="role">Role</param> /// <param name="securable">Securable</param> /// <param name="action">Action</param> /// <returns>Allowed</returns> private SecurityResultModel GetSecurityResult(SecurityRole role, SecuritySecurable securable, SecurityAction action) { if (securable == null || action == null || role == null) { return(new SecurityResultModel() { Allowed = false, Message = "An invalid securable, action, or role was specified to check the security on." }); } var accessItems = _repository.GetAll <SecurityAccess>().Where(a => a.SecurityActionId == action.SecurityActionId && a.SecuritySecurableId == securable.SecuritySecurableId && a.SecurityRoleId == role.SecurityRoleId).ToList(); // //If there is not security setup directly on the current security access item, then check the parent securable // if (accessItems.Count == 0) { // get security for parent item if (securable.ParentSecuritySecurableId == null) { // no security is setup. default to less accessible return(new SecurityResultModel() { SecuritySecurable = securable, Allowed = false, Message = String.Format("No security access record has been setup on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name) }); } var parent = _repository.GetAll <SecuritySecurable>().FirstOrDefault(s => s.SecuritySecurableId == securable.ParentSecuritySecurableId); var result = GetSecurityResult(role, parent, action); return(result); } // //If the user has any access item that permits access, then return true // if (accessItems.Exists(a => a.Allowed == true)) { return(new SecurityResultModel() { SecuritySecurable = securable, Allowed = true, Message = String.Format("Allow on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name) }); } return(new SecurityResultModel() { SecuritySecurable = securable, Allowed = false, Message = String.Format("Deny on securable {0} for action {1} and role {2}.", securable.Name, action.Name, role.Name) }); }
/// <summary> /// Get the effective permissions for all of the roles for a securable. /// </summary> /// <param name="request"></param> /// <returns></returns> public SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse GetEffectivePermissionsForSecurable( SecurityAccessMaintenanceGetEffectivePermissionsForSecurableRequest request) { // //Validation // if (request == null || request.SecuritySecurableId == null) { return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse() { IsSuccessful = true, Message = "Unable to get the effective permissions for securable. The request object must contain a valid security securable ID." }); } var securitySecurable = _repository.GetAll <SecuritySecurable>() .FirstOrDefault(p => p.SecuritySecurableId == request.SecuritySecurableId); if (securitySecurable == null) { return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse() { IsSuccessful = true, Message = String.Format("Unable to get the effective permissions for securable. The security securable record at ID {0} could not be found.", request.SecuritySecurableId) }); } // //Get all of the actions available on this securable // var securitySecurableActions = _repository.GetAll <SecuritySecurableAction>(p => p.SecurityAction, p => p.SecuritySecurable).Where(p => p.SecuritySecurableId == request.SecuritySecurableId).OrderBy(p => p.SecurityAction.Name).ToList(); // //Get all of the roles, and for each role determine its effective permissions on the securable // var effectivePermissionsForRoleList = new List <EffectivePermissionsForRoleModel>(); var rolesQueryable = _repository.GetAll <SecurityRole>().Where(p => p.Active == true); //Limit the roles to only those selected by the form. if (request.SelectedRoleIds != null && request.SelectedRoleIds.Count > 0) { rolesQueryable = rolesQueryable.Where(p => request.SelectedRoleIds.Contains(p.SecurityRoleId)); } var roles = rolesQueryable.OrderBy(p => p.Name).ToList(); foreach (var role in roles) { // //For each action, determine the roles and their permission to do that action on the securable // var effectivePermissionsList = new List <EffectivePermissionModel>(); foreach (var securitySecurableAction in securitySecurableActions) { var securityResult = GetSecurityResult(role, securitySecurable, securitySecurableAction.SecurityAction); // //Determine if the security was inherited. If it came from a securable that is not //equal to the securable we are checking permissions for, then it was inherited. // bool isInheritedSecurity = false; SecuritySecurable securitySecurableInheritedFrom = null; if (securityResult != null && securityResult.SecuritySecurable != null) { isInheritedSecurity = (securityResult.SecuritySecurable.SecuritySecurableId != securitySecurable.SecuritySecurableId); if (isInheritedSecurity) { securitySecurableInheritedFrom = securityResult.SecuritySecurable; } } // //Create the effective permission model for the securable describing the permissions the //role has on the securable. // var effectivePermissionModel = new EffectivePermissionModel() { SecuritySecurableAction = securitySecurableAction, Allowed = securityResult.Allowed, Inherited = isInheritedSecurity, SecuritySecurableInheritedFrom = securitySecurableInheritedFrom, Message = securityResult.Message }; effectivePermissionsList.Add(effectivePermissionModel); } // //Add the model to the list of effective permissions for the role/securable // var effectivePermissionsForRoleModel = new EffectivePermissionsForRoleModel() { SecurityRole = role, EffectivePermissions = effectivePermissionsList }; effectivePermissionsForRoleList.Add(effectivePermissionsForRoleModel); } // //Return the effective permissions list // return(new SecurityAccessMaintenanceGetEffectivePermissionsForSecurableResponse() { IsSuccessful = true, SecuritySecurable = securitySecurable, EffectivePermissionsForRoles = effectivePermissionsForRoleList }); }