private async Task <bool> CheckAccess(AuthorizationTree authorizationTree) { bool result = true; // check authorization at the service level bool allowServiceAccess = await CheckAccessCore(authorizationTree.DataServiceAuthorization); if (authorizationTree.MethodsAuthorization.Any()) { result = await CheckMethodAccess(allowServiceAccess, authorizationTree.MethodsAuthorization); if (!result) { return(result); } } else if (!authorizationTree.DataManagersAuthorization.Any()) { return(allowServiceAccess); } foreach (DataManagerAuthorization ownerAuthorization in authorizationTree.DataManagersAuthorization) { bool allowOwnerAccess = await CheckOwnerAccess(allowServiceAccess, ownerAuthorization); result = await CheckMethodAccess(allowOwnerAccess, ownerAuthorization.MethodsAuthorization); if (!result) { break; } } return(result); }
/// <summary> /// throws AccesDeniedExeption if user have no rights to execute operation /// </summary> /// <param name="changeSet"></param> public async Task CheckUserRightsToExecute(IEnumerable <MethodInfoData> methods) { AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(methods); if (!await CheckAccess(authorizationTree)) { throw new AccessDeniedException(string.Format(ErrorStrings.ERR_USER_ACCESS_DENIED, UserName)); } }
/// <summary> /// throws AccesDeniedExeption if user have no rights to execute operation /// </summary> /// <param name="changeSet"></param> public async Task CheckUserRightsToExecute(IEnumerable <MethodInfoData> methods) { AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(methods); if (!await CheckAccess(authorizationTree)) { string user = User == null || User.Identity == null || !User.Identity.IsAuthenticated ? ANONYMOUS_USER : User.Identity.Name; throw new AccessDeniedException(string.Format(ErrorStrings.ERR_USER_ACCESS_DENIED, user)); } }
public Task <bool> CanAccessMethod(MethodInfoData method) { AuthorizationTree authorizationTree = GetServiceAuthorization().GetAuthorizationTree(new[] { method }); return(CheckAccess(authorizationTree)); }