예제 #1
0
 private void FinalizePermissionSet(UserEntityPermissionSet permissionSet)
 {
     foreach (var perm in permissionSet.ConditionalPermissions)
     {
         //complete perm
         var dynGrants = perm.SourceGrants.Select(g => g as DynamicActivityGrant).Where(g => g != null).ToArray();
         perm.DynamicGrants                   = (dynGrants.Length == 0) ? null : dynGrants;
         permissionSet.HasFilter             |= perm.HasFilter;
         permissionSet.HasDynamicPermissions |= perm.DynamicGrants != null;
         if (!permissionSet.HasFilter && !permissionSet.HasDynamicPermissions)
         {
             permissionSet.FixedRecordPermissions.Merge(perm.RecordPermission);
         }
         if (perm.DynamicGrants == null)
         {
             permissionSet.FixedTypePermissions.Merge(perm.RecordPermission);
         }
     }
     if (permissionSet.HasFilter)
     {
         permissionSet.FixedRecordPermissions         = null; // FixedRights are there only if there are no record-level permissions
         permissionSet.FixedTypePermissions.HasFilter = true; // indicate that there are record-level restrictions
     }
     if (permissionSet.HasDynamicPermissions)
     {
         permissionSet.FixedTypePermissions = null;
     }
     // Query filter
     BuildLinqFilter(permissionSet);
     //finalize log
     permissionSet.Log        = permissionSet.LogBuilder.ToString();
     permissionSet.LogBuilder = null;
 }
예제 #2
0
        private void AddEntityPermission(Authority authority, ActivityGrant grant, EntityGroupPermission entPerm)
        {
            // Entity group permission. Go through each entity in groups
            var filter = grant.Filter;

            foreach (var entGroupRes in entPerm.GroupResources)
            {
                foreach (var entRes in entGroupRes.Entities)
                {
                    var entType     = entRes.EntityType;
                    var newRecPerms = new UserRecordPermission(entPerm.AccessType, entRes.MemberMask);
                    //Find/create entity permission set for the entity type
                    UserEntityPermissionSet permSet = authority.GetEntityPermissionSet(entType, create: true);
                    var log = "  Source permission " + entPerm.Name + ":";
                    // Go through each permission and try to merge
                    var compatiblePerm = permSet.ConditionalPermissions.FirstOrDefault(p => p.CanMerge(grant));
                    if (compatiblePerm == null)
                    {
                        //create new cumulative permission
                        var permId  = "P" + permSet.ConditionalPermissions.Count; //artificial Id
                        var newPerm = new CumulativeRecordPermission(permId, entType, newRecPerms, grant);
                        permSet.ConditionalPermissions.Add(newPerm);
                        log += " - added as " + permId;
                    }
                    else
                    {
                        //merge
                        compatiblePerm.RecordPermission.Merge(newRecPerms);
                        compatiblePerm.SourceGrants.Add(grant); //add grant
                        log += " - merged into " + compatiblePerm.Id;
                    }
                    permSet.LogBuilder.AppendLine(log);
                } //foreach entRes
            }     //foreach entGroupRes
        }
예제 #3
0
        private void BuildLinqFilter(UserEntityPermissionSet permissionSet)
        {
            permissionSet.QueryFilterPredicate = null;
            var readPerms = permissionSet.ConditionalPermissions.Where(
                p => p.RecordPermission.AccessTypes.IsSet(AccessType.Peek | AccessType.Read));

            if (readPerms.Any(p => p.QueryPredicate == null)) // if any permission has no linq filter, it means all allowed through this permission
            {
                return;
            }
            var allFilters = readPerms.Where(p => p.QueryPredicate != null).Select(p => p.QueryPredicate).Distinct().ToList();

            if (allFilters.Count == 0)
            {
                return;
            }
            permissionSet.QueryFilterPredicate = QueryFilterHelper.CombinePredicatesWithOR(allFilters);
        }
예제 #4
0
 private void FinalizePermissionSet(UserEntityPermissionSet permissionSet)
 {
     foreach (var perm in permissionSet.ConditionalPermissions) {
     //complete perm
     var dynGrants = perm.SourceGrants.Select(g => g as DynamicActivityGrant).Where(g => g != null).ToArray();
     perm.DynamicGrants = (dynGrants.Length == 0) ? null : dynGrants;
     permissionSet.HasFilter |= perm.HasFilter;
     permissionSet.HasDynamicPermissions |= perm.DynamicGrants != null;
     if (!permissionSet.HasFilter && !permissionSet.HasDynamicPermissions)
       permissionSet.FixedRecordPermissions.Merge(perm.RecordPermission);
     if (perm.DynamicGrants == null)
       permissionSet.FixedTypePermissions.Merge(perm.RecordPermission);
       }
       if (permissionSet.HasFilter) {
     permissionSet.FixedRecordPermissions = null; // FixedRights are there only if there are no record-level permissions
     permissionSet.FixedTypePermissions.HasFilter = true; // indicate that there are record-level restrictions
       }
       if (permissionSet.HasDynamicPermissions)
     permissionSet.FixedTypePermissions = null;
       // Query filter
       BuildLinqFilter(permissionSet);
       //finalize log
       permissionSet.Log = permissionSet.LogBuilder.ToString();
       permissionSet.LogBuilder = null;
 }
예제 #5
0
 private void BuildLinqFilter(UserEntityPermissionSet permissionSet)
 {
     permissionSet.QueryFilterPredicate = null;
       var readPerms = permissionSet.ConditionalPermissions.Where(
                    p => p.RecordPermission.AccessTypes.IsSet(AccessType.Peek | AccessType.Read));
       if(readPerms.Any(p => p.QueryPredicate == null)) // if any permission has no linq filter, it means all allowed through this permission
     return;
       var allFilters = readPerms.Where(p => p.QueryPredicate != null).Select(p => p.QueryPredicate).Distinct().ToList();
       if(allFilters.Count == 0)
     return;
       permissionSet.QueryFilterPredicate = QueryFilterHelper.CombinePredicatesWithOR(allFilters);
 }