private void FinalizePermissionSet(UserEntityPermissionSet permissionSet)
{
foreach (var perm in permissionSet.ConditionalPermissions)
{
//complete perm
var dynGrants = perm.SourceGrants.Select(g => g as DynamicActivityGrant).Where(g => g != null).ToArray();
perm.DynamicGrants = (dynGrants.Length == 0) ? null : dynGrants;
permissionSet.HasFilter |= perm.HasFilter;
permissionSet.HasDynamicPermissions |= perm.DynamicGrants != null;
if (!permissionSet.HasFilter && !permissionSet.HasDynamicPermissions)
{
permissionSet.FixedRecordPermissions.Merge(perm.RecordPermission);
}
if (perm.DynamicGrants == null)
{
permissionSet.FixedTypePermissions.Merge(perm.RecordPermission);
}
}
if (permissionSet.HasFilter)
{
permissionSet.FixedRecordPermissions = null; // FixedRights are there only if there are no record-level permissions
permissionSet.FixedTypePermissions.HasFilter = true; // indicate that there are record-level restrictions
}
if (permissionSet.HasDynamicPermissions)
{
permissionSet.FixedTypePermissions = null;
}
// Query filter
BuildLinqFilter(permissionSet);
//finalize log
permissionSet.Log = permissionSet.LogBuilder.ToString();
permissionSet.LogBuilder = null;
}
private void AddEntityPermission(Authority authority, ActivityGrant grant, EntityGroupPermission entPerm)
{
// Entity group permission. Go through each entity in groups
var filter = grant.Filter;
foreach (var entGroupRes in entPerm.GroupResources)
{
foreach (var entRes in entGroupRes.Entities)
{
var entType = entRes.EntityType;
var newRecPerms = new UserRecordPermission(entPerm.AccessType, entRes.MemberMask);
//Find/create entity permission set for the entity type
UserEntityPermissionSet permSet = authority.GetEntityPermissionSet(entType, create: true);
var log = " Source permission " + entPerm.Name + ":";
// Go through each permission and try to merge
var compatiblePerm = permSet.ConditionalPermissions.FirstOrDefault(p => p.CanMerge(grant));
if (compatiblePerm == null)
{
//create new cumulative permission
var permId = "P" + permSet.ConditionalPermissions.Count; //artificial Id
var newPerm = new CumulativeRecordPermission(permId, entType, newRecPerms, grant);
permSet.ConditionalPermissions.Add(newPerm);
log += " - added as " + permId;
}
else
{
//merge
compatiblePerm.RecordPermission.Merge(newRecPerms);
compatiblePerm.SourceGrants.Add(grant); //add grant
log += " - merged into " + compatiblePerm.Id;
}
permSet.LogBuilder.AppendLine(log);
} //foreach entRes
} //foreach entGroupRes
}
private void BuildLinqFilter(UserEntityPermissionSet permissionSet)
{
permissionSet.QueryFilterPredicate = null;
var readPerms = permissionSet.ConditionalPermissions.Where(
p => p.RecordPermission.AccessTypes.IsSet(AccessType.Peek | AccessType.Read));
if (readPerms.Any(p => p.QueryPredicate == null)) // if any permission has no linq filter, it means all allowed through this permission
{
return;
}
var allFilters = readPerms.Where(p => p.QueryPredicate != null).Select(p => p.QueryPredicate).Distinct().ToList();
if (allFilters.Count == 0)
{
return;
}
permissionSet.QueryFilterPredicate = QueryFilterHelper.CombinePredicatesWithOR(allFilters);
}
private void FinalizePermissionSet(UserEntityPermissionSet permissionSet)
{
foreach (var perm in permissionSet.ConditionalPermissions) {
//complete perm
var dynGrants = perm.SourceGrants.Select(g => g as DynamicActivityGrant).Where(g => g != null).ToArray();
perm.DynamicGrants = (dynGrants.Length == 0) ? null : dynGrants;
permissionSet.HasFilter |= perm.HasFilter;
permissionSet.HasDynamicPermissions |= perm.DynamicGrants != null;
if (!permissionSet.HasFilter && !permissionSet.HasDynamicPermissions)
permissionSet.FixedRecordPermissions.Merge(perm.RecordPermission);
if (perm.DynamicGrants == null)
permissionSet.FixedTypePermissions.Merge(perm.RecordPermission);
}
if (permissionSet.HasFilter) {
permissionSet.FixedRecordPermissions = null; // FixedRights are there only if there are no record-level permissions
permissionSet.FixedTypePermissions.HasFilter = true; // indicate that there are record-level restrictions
}
if (permissionSet.HasDynamicPermissions)
permissionSet.FixedTypePermissions = null;
// Query filter
BuildLinqFilter(permissionSet);
//finalize log
permissionSet.Log = permissionSet.LogBuilder.ToString();
permissionSet.LogBuilder = null;
}
private void BuildLinqFilter(UserEntityPermissionSet permissionSet)
{
permissionSet.QueryFilterPredicate = null;
var readPerms = permissionSet.ConditionalPermissions.Where(
p => p.RecordPermission.AccessTypes.IsSet(AccessType.Peek | AccessType.Read));
if(readPerms.Any(p => p.QueryPredicate == null)) // if any permission has no linq filter, it means all allowed through this permission
return;
var allFilters = readPerms.Where(p => p.QueryPredicate != null).Select(p => p.QueryPredicate).Distinct().ToList();
if(allFilters.Count == 0)
return;
permissionSet.QueryFilterPredicate = QueryFilterHelper.CombinePredicatesWithOR(allFilters);
}