public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(User.ENTITY))
{
if (_securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserManagement))
return InspectionResult.Allow;
if(operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsProperty("RecoveryCode"))
return InspectionResult.Deny; //Only users with UserManagement permission can access this property
}
if (operation.Id.HasValue && _securityService.HasModulePermission(_securityService.CurrentUser, AccountModule.Id, Permissions.UserActivation))
{
EntityQuery2 query = new EntityQuery2("User", operation.Id.Value);
query.AddProperty("isActive");
var e = _repository.Read(query);
if (e.GetData<bool>("IsActive") == false)
return InspectionResult.Allow;
}
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.Id.HasValue
&& update.Id.Value == _securityService.CurrentUser.Id
&& !update.ContainsProperty("IsActive"))//TODO: allowing the user to edit his data and relations
return InspectionResult.Allow;
}
}
return InspectionResult.None;
}
private bool RunInspection(EntityOperation operation)
{
int allow = 0;
foreach (var inspector in _inspectors)
{
var result = inspector.Inspect(operation);
if (result == InspectionResult.Allow)
allow++;
else if (result == InspectionResult.Deny)
return false;
}
return allow > 0;
}
private void AppyLogicBefore(EntityOperation operation, EntityOperationContext context)
{
foreach (var logic in _logics)
logic.Before(operation, context);
}
private void AppyLogicAfter(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
foreach (var logic in _logics)
logic.After(operation, context, result);
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate() && _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.Upload))
return InspectionResult.Allow;
else if ((_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageOwn) || _securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll))
&& _fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Owner))
return InspectionResult.Allow;
else if (_securityService.HasModulePermission(_securityService.CurrentUser, FilesModule.Id, Permissions.ManageAll)
&& _fileService.HasAccess(_securityService.CurrentUser, update.Id.Value, FileAccessType.Full))
return InspectionResult.Allow;
}
else if (operation.IsEntity(NbuLibrary.Core.Domain.File.ENTITY) && operation is EntityDelete)
{
//TODO: file delete permission
if (_fileService.HasAccess(_securityService.CurrentUser, operation.Id.Value, FileAccessType.Owner))
return InspectionResult.Allow;
}
else if (operation.IsEntity(User.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsProperty("DiskUsageLimit") && _securityService.CurrentUser.UserType != UserTypes.Admin)
{
return InspectionResult.Deny;
}
}
return InspectionResult.None;
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity("Inquery"))
{
if (_securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use))
{
if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
return InspectionResult.Allow;
else if (_securityService.CurrentUser.UserType == UserTypes.Customer)
{
if (operation is EntityUpdate && (operation as EntityUpdate).IsCreate())
return InspectionResult.Allow;
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.ContainsRelation(User.ENTITY, RelationConsts.Customer))
return InspectionResult.Deny;
var q = new EntityQuery2(Inquery.EntityType, update.Id.Value);
q.AddProperties("Status");
q.Include(User.ENTITY, RelationConsts.Customer);
var inquery = _repository.Read(q);
if (inquery.GetData<QueryStatus>("Status") != QueryStatus.New)
return InspectionResult.Deny;
if (update.ContainsProperty("Status")
&& update.Get<QueryStatus>("Status") != QueryStatus.Canceled)
return InspectionResult.Deny;
var customer = inquery.GetSingleRelation(User.ENTITY, RelationConsts.Customer);
if (customer != null && customer.Entity.Id == _securityService.CurrentUser.Id)
return InspectionResult.Allow;
}
}
}
}
else if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate()
&& update.ContainsRelation(Inquery.EntityType, RelationConsts.Inquery)
&& _securityService.HasModulePermission(_securityService.CurrentUser, AskTheLibModule.Id, Permissions.Use)
&& _securityService.CurrentUser.UserType == UserTypes.Librarian)
{
return InspectionResult.Allow;
}
}
return InspectionResult.None;
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (!operation.IsEntity(Inquery.EntityType))
return;
if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (_securityService.CurrentUser.UserType == UserTypes.Customer && update.IsCreate())
{
update.Attach(User.ENTITY, RelationConsts.Customer, _securityService.CurrentUser.Id);
}
else if (_securityService.CurrentUser.UserType == UserTypes.Librarian)
{
bool attach = false;
if (update.IsCreate())
attach = true;
else
{
var q = new EntityQuery2(User.ENTITY);
q.WhereRelated(new RelationQuery(Inquery.EntityType, RelationConsts.ProcessedBy, update.Id.Value));
var user = _repository.Read(q);
if (user == null)
attach = true;
else if (user.Id != _securityService.CurrentUser.Id)
{
update.Detach(User.ENTITY, RelationConsts.ProcessedBy, user.Id);
attach = true;
}
}
if (attach)
update.Attach(User.ENTITY, RelationConsts.ProcessedBy, _securityService.CurrentUser.Id);
}
}
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
var update = operation as EntityUpdate;
if (update != null)
{
if (operation.IsEntity(EntityConsts.Issue))
{
if (update.IsCreate() && !update.ContainsProperty("Year"))
update.Set("Year", DateTime.Now.Year);
if (update.ContainsProperty("Sent"))//TODO: mymagazines issue send (sent flag used)
{
context.Set<bool>(CTXKEY_SEND_ISSUE, true);
}
}
else if (operation.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive") && update.Id.HasValue)
{
if (update.Get<bool>("IsActive") == false)
{
var q = new EntityQuery2(EntityConsts.Magazine, update.Id.Value);
q.AddProperty("IsActive");
var magazine = _repository.Read(q);
context.Set<bool>(CTXKEY_ISACTIVEOLD, magazine.GetData<bool>("IsActive"));
}
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(EntityConsts.Magazine) || operation.IsEntity(EntityConsts.Issue))
{
if (_securityService.CurrentUser.UserType == UserTypes.Librarian
&& _securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use)
&& operation is EntityUpdate)
{
return InspectionResult.Allow;
}
}
else if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
{
var update = operation as EntityUpdate;
if (update.IsCreate()
&& _securityService.CurrentUser.UserType == UserTypes.Librarian
&& _securityService.HasModulePermission(_securityService.CurrentUser, MyMagazinesModule.Id, Permissions.Use))
return InspectionResult.Allow;
}
return InspectionResult.None;
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (!result.Success)
return;
if (operation.IsEntity(EntityConsts.Issue) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (context.Get<bool>(CTXKEY_SEND_ISSUE))
{
SendIssueToSubscribers(operation as EntityUpdate);
}
if (update.ContainsRelation(File.ENTITY, Roles.Content))
{
var filesAttached = update.GetMultipleRelationUpdates(File.ENTITY, Roles.Content).Where(fu => fu.Operation == RelationOperation.Attach);
if (filesAttached.Count() > 0)
{
var issue = update.ToEntity();
var q = new EntityQuery2(EntityConsts.Magazine);
q.WhereRelated(new RelationQuery(EntityConsts.Issue, Roles.Issue, issue.Id));
q.Include(User.ENTITY, Roles.Subscriber);
var mag = _repository.Read(q);
var subscribers = mag.GetManyRelations(User.ENTITY, Roles.Subscriber).Select(r => new User(r.Entity));
foreach (var subscriber in subscribers)
{
foreach (var fileUpdate in filesAttached)
{
if (!_fileService.HasAccess(subscriber, fileUpdate.Id.Value))
_fileService.GrantAccess(fileUpdate.Id.Value, FileAccessType.Read, subscriber);
}
}
}
}
}
else if (operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsEntity(User.ENTITY) && update.ContainsRelation(EntityConsts.Magazine, Roles.Subscriber))
{
var rus = update.GetMultipleRelationUpdates(EntityConsts.Magazine, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);
foreach (var ru in rus)
{
var q = new EntityQuery2(EntityConsts.Issue);
q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, ru.Id.Value));
q.Include(File.ENTITY, Roles.Content);
var issues = _repository.Search(q);
foreach (var issue in issues)
{
//The user cannot give himself an access to file - only owner or administrator can.
using (_securityService.BeginSystemContext())
{
GiveFileAccessForIssue(issue, new User(update.ToEntity()));
}
}
}
}
else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsRelation(User.ENTITY, Roles.Subscriber))
{
var rus = update.GetMultipleRelationUpdates(User.ENTITY, Roles.Subscriber).Where(ru => ru.Operation == RelationOperation.Attach);
if (rus.Count() > 0)
{
var q = new EntityQuery2(EntityConsts.Issue);
q.WhereRelated(new RelationQuery(EntityConsts.Magazine, Roles.Issue, update.Id.Value));
q.Include(File.ENTITY, Roles.Content);
var issues = _repository.Search(q);
foreach (var ru in rus)
{
foreach (var issue in issues)
GiveFileAccessForIssue(issue, new User(ru.Id.Value));
}
}
}
else if (update.IsEntity(EntityConsts.Magazine) && update.ContainsProperty("IsActive"))
{
var isActiveNew = update.Get<bool>("IsActive");
if (isActiveNew == false && context.Get<bool>(CTXKEY_ISACTIVEOLD))
{
SendMagazineNotActiveToSubscribers(update);
}
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate())
return InspectionResult.Allow;
else if (update.PropertyUpdates.Count == 1 && (update.ContainsProperty("Received") || update.ContainsProperty("Archived")))
{
EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
q.Include(User.ENTITY, Roles.Recipient);
var recipient = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Recipient);
if (recipient != null && recipient.Entity.Id == _securityService.CurrentUser.Id)
return InspectionResult.Allow;
}
else if (update.PropertyUpdates.Count == 1 && update.ContainsProperty("ArchivedSent"))
{
EntityQuery2 q = new EntityQuery2(Notification.ENTITY, update.Id.Value);
q.Include(User.ENTITY, Roles.Sender);
var sender = _repository.Read(q).GetSingleRelation(User.ENTITY, Roles.Sender);
if (sender != null && sender.Entity.Id == _securityService.CurrentUser.Id)
return InspectionResult.Allow;
}
}
return InspectionResult.None;
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (operation.IsEntity(Notification.ENTITY) && operation is EntityUpdate)
{
var update = operation as EntityUpdate;
if (update.IsCreate())
{
update.Set("Date", DateTime.Now);
var sender = update.GetRelationUpdate(User.ENTITY, Roles.Sender);
if (sender == null)
update.Attach(User.ENTITY, Roles.Sender, _securityService.CurrentUser.Id);
else
sender.Id = _securityService.CurrentUser.Id;
context.Set<bool>(CTXKEY_CREATENOTIFICATION, true);
}
if (update.ContainsProperty("Body"))
{
var text = System.Web.HttpUtility.HtmlEncode(update.Get<string>("Body"));
var newText = HtmlProcessor.ProcessEncodedHtml(text);
update.Set("Body", newText);
}
}
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (operation.IsEntity(Notification.ENTITY)
&& operation is EntityUpdate
&& context.Get<bool>(CTXKEY_CREATENOTIFICATION)
&& result.Success)
{
var update = operation as EntityUpdate;
var method = ReplyMethods.ByNotification;//default
if (update.ContainsProperty("Method"))
method = update.Get<ReplyMethods>("Method");
var recipientUpdate = update.GetRelationUpdate(User.ENTITY, Roles.Recipient);
var attachments = update.GetMultipleRelationUpdates(NbuLibrary.Core.Domain.File.ENTITY, Roles.Attachment);
if (attachments != null)
foreach (var att in attachments)
{
_fileService.GrantAccess(att.Id.Value, FileAccessType.Read, new User(recipientUpdate.Id.Value));
}
var recipientQuery = new EntityQuery2(User.ENTITY, recipientUpdate.Id.Value);
recipientQuery.AddProperty("Email");
var recipient = _repository.Read(recipientQuery);
var to = recipient.GetData<string>("Email");
var body = update.Get<string>("Body");
var subject = update.Get<string>("Subject");
}
}
public void Before(EntityOperation operation, EntityOperationContext context)
{
if (operation is EntityUpdate && operation.IsEntity(User.ENTITY))
{
var update = operation as EntityUpdate;
if (update.IsCreate() && !update.ContainsProperty("Password")) //generate random password
{
update.Set("Password", GenerateRandomPassword());
}
if (update.ContainsProperty("password"))
{
var newPassword = update.PropertyUpdates["password"] as string;
context.Set<string>(CTXKEY_PASSWORD_UPDATE, newPassword);
string hash = null;
using (SHA1 sha1 = SHA1.Create())
{
hash = Convert.ToBase64String(sha1.ComputeHash(Encoding.UTF8.GetBytes(newPassword)));
}
update.Set("password", hash);
update.Set("FailedLoginsCount", 0);
}
if (update.ContainsProperty("RecoveryCode"))
{
context.Set<bool>(CTXKEY_USER_PASSWORDRECOVERY, true);
}
if (update.IsCreate())
context.Set<bool>(CTXKEY_USER_CREATION, true);
else if (update.Id.Value == _securityService.CurrentUser.Id)
context.Set<int>(CTXKEY_UPDATE_PROFILE, _securityService.CurrentUser.Id);
}
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (!result.Success)
return;
}
public void After(EntityOperation operation, EntityOperationContext context, EntityOperationResult result)
{
if (!result.Success)
return;
if (!operation.IsEntity(User.ENTITY))
return;
var update = operation as EntityUpdate;
if (update == null)
return;
if (context.Get<bool>(CTXKEY_USER_PASSWORDRECOVERY))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value) { AllProperties = true }));
var template = _templateService.Get(new Guid(NotificationTemplates.USER_PASSWORDRECOVERY));
string subject = null, body = null;
Dictionary<string, Entity> templateContext = new Dictionary<string, Entity>(StringComparer.InvariantCultureIgnoreCase);
templateContext.Add("User", user);
_templateService.Render(template, templateContext, out subject, out body);
//TODO: async execution
_notificationService.SendEmail(user.Email, subject, body, null);
}
if (context.Get<bool>(CTXKEY_USER_CREATION))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value) { AllProperties = true }));
var pwd = context.Get<string>(CTXKEY_PASSWORD_UPDATE);
user.SetData<String>("Password", pwd);
var template = _templateService.Get(new Guid(NotificationTemplates.USER_CREATED));
string subject = null, body = null;
Dictionary<string, Entity> templateContext = new Dictionary<string, Entity>(StringComparer.InvariantCultureIgnoreCase);
templateContext.Add("User", user);
_templateService.Render(template, templateContext, out subject, out body);
//TODO: async execution
_notificationService.SendEmail(user.Email, subject, body, null);
if (update.ContainsProperty("IsActive") && update.Get<bool>("IsActive"))
SendUserActivationEmail(user);
}
else if (update.ContainsProperty("IsActive") && update.Get<bool>("IsActive"))
{
var user = new User(_repository.Read(new EntityQuery2(update.Entity, update.Id.Value) { AllProperties = true }));
SendUserActivationEmail(user);
}
else if (context.Get<int>(CTXKEY_UPDATE_PROFILE) > 0)
{
if (update.ContainsRelation("UserGroup", "UserGroup")
|| update.ContainsProperty("FacultyNumber")
|| update.ContainsProperty("CardNumber"))
{
var user = new User(context.Get<int>(CTXKEY_UPDATE_PROFILE));
user.IsActive = false;
_repository.Update(user);
_securityService.Logout();
result.Data.Add("account_warning_logged_out", true);
}
if (update.ContainsProperty("Email"))
{
_securityService.UpdateCurrentUserEmail(update.Get<string>("Email"));
result.Data.Add("account_event_email_changed", update.Get<string>("Email"));
}
}
}
public InspectionResult Inspect(EntityOperation operation)
{
if (_securityService.HasModulePermission(_securityService.CurrentUser, NomenclatureModule.Id, Permissions.Manage))
{
var em = _domainService.Domain.Entities[operation.Entity];
if (em.IsNomenclature)
return InspectionResult.Allow;
}
return InspectionResult.None;
}
