/// <summary> /// Enforces that current user can invoke <paramref name="handler"/> with specific /// <paramref name="request"/> object. /// </summary> /// <typeparam name="TRequest">Type of request in <see cref="IRequestHandler{TRequest,TResponse}"/>.</typeparam> /// <typeparam name="TResponse">Type of response in <see cref="IRequestHandler{TRequest,TResponse}"/>.</typeparam> /// <param name="handler">Instance of <see cref="IRequestHandler{TRequest,TResponse}"/> or /// <see cref="IAsyncRequestHandler{TRequest,TResponse}"/>.</param> /// <param name="request">Instance of <typeparamref name="TRequest"/>.</param> /// <param name="dependencyInjectionContainer"></param> /// <param name="userContext">User to check permissions for.</param> /// <param name="permissionManager">Instance of <see cref="SystemPermissionManager"/>.</param> public void EnforceSecurity <TRequest, TResponse>( object handler, TRequest request, DependencyInjectionContainer dependencyInjectionContainer, UserContext userContext, SystemPermissionManager permissionManager) where TRequest : IRequest <TResponse> { if (this.ContextCommand != null) { // Call GetPermission from IContextCommand.GetPermission. var permission = this.GetPermission.Invoke(handler, null); // Get context. var repository = (IEntityRepository)dependencyInjectionContainer.GetInstance(this.EntitySecurityConfiguration.Repository); var context = repository.Find(((ISecureHandlerRequest)request).ContextId); // Enforce permission. var pm = dependencyInjectionContainer.GetInstance(this.EntitySecurityConfiguration.PermissionManager); this.EnforceContextPermission.Invoke(pm, new[] { permission, userContext, context }); } // If command implements ISecureHandler. if (this.SystemCommand != null) { var permission = this.GetPermission.Invoke(handler, null); permissionManager.EnforceCanDo((SystemAction)permission, userContext); } }
public UserSecurityContext( UserContext userContext, SystemPermissionManager systemPermissionManager, DependencyInjectionContainer dependencyInjectionContainer, EntitySecurityConfigurationRegister entityConfigurationRegister, ObjectSecurityConfigurationRegister objectSecurityConfigurationRegister) { this.UserContext = userContext; this.systemPermissionManager = systemPermissionManager; this.dependencyInjectionContainer = dependencyInjectionContainer; this.entityConfigurationRegister = entityConfigurationRegister; this.objectSecurityConfigurationRegister = objectSecurityConfigurationRegister; }