internal Access GetAccess(AccessRight right, string role)
{
AccessPermission permission =
//AccessPermissions.SingleOrDefault(x => x.AccessRight == right.Value && x.Role == role) ??
AccessPermissions
.Where(x => x.AccessRight >= right.Value && x.Access != Access.Inherit && x.Role == role)
.OrderBy(x => x.AccessRight)
.FirstOrDefault();
return(permission == null ? Access.Inherit : permission.Access);
}
/// <summary>
/// Checks if principal Users has access to some action (AccessRight).
/// </summary>
/// <param name="secured"> Secured entity. </param>
/// <param name="right"> AccessRight action </param>
/// <param name="principal"> Current principal. </param>
/// <returns> Value indicates if action is approved for selected role. </returns>
//public static bool IsAllowed(this ISecured secured, AccessRight right, IPrincipal principal, IUsersInRolesRepository uic)
//{
// var user = principal.Identity.Name;
// var roles = uic.GetAll();
// var v = roles.Any(role => secured.IsAllowed(right, user));
// return v;
//}
private static Access GetAccess(ISecured secured, AccessRight right, string role)
{
var access = secured.Permissions.GetAccess(right, role);
if (access != Access.Inherit)
{
return(access);
}
var securedChild = secured as ISecuredChild;
return(securedChild == null || securedChild.Parent == null
? Access.Inherit
: GetAccess(securedChild.Parent, right, role));
}
/// <summary>
/// Checks if role has access to some action (AccessRight).
/// </summary>
/// <param name="secured"> Secured entity. </param>
/// <param name="right"> AccessRight action </param>
/// <param name="role"> Role to check against. </param>
/// <returns> Value indicates if action is approved for selected role. </returns>
public static bool IsAllowed(this ISecured secured, AccessRight right, string role)
{
if (CmsContext.UnrestrictedRoles.Any(x => x == role))
{
return(true);
}
var access = GetAccess(secured, right, role);
if (access == Access.Inherit)
{
access = GetApplicationAccess(secured, right, role);
}
return(access == Access.Allow);
}
public IList <PermissionInput> GetPermissions(string role, long securedId)
{
var permissions = securedId == 0
? _cmsContext.GetPermissionsFor <TApplication>()
: _repository.GetById(securedId).Permissions;
var rights = AccessRight.GetAllAccessRights <TAccessRight>();
return(rights
.Select(x => new PermissionInput
{
AccessRightName = x.DisplayName,
AccessRightValue = x.Value,
AccessValue = GetAccess(permissions, x, role).Value
})
.ToList());
}
public void SetPermissions(string role, IEnumerable <PermissionInput> permissionList, long securedId)
{
var entity = securedId == null ? null : _repository.GetById(securedId);
var permissions = entity == null
? _cmsContext.GetPermissionsFor <TApplication>()
: entity.Permissions;
permissions.InheritFor(role);
foreach (var permissionInput in permissionList)
{
var access = Enumeration.FromValue <Access>(permissionInput.AccessValue);
if (access == Access.Inherit)
{
continue;
}
var accessRight = AccessRight.FromAccessRightValue <TAccessRight>(permissionInput.AccessRightValue);
if (access == Access.Allow)
{
permissions.Allow(accessRight).To(role);
}
else
{
permissions.Deny(accessRight).To(role);
}
}
if (entity == null)
{
_cmsContext.SetPermissionsFor <TApplication>(permissions);
}
else
{
entity.Permissions = permissions;
_repository.Save(entity);
}
}
internal AccessPermissionBuilder(IList <AccessPermission> permissions, AccessRight right, Access access)
{
_permissions = permissions;
_right = right;
_access = access;
}
private static Access GetApplicationAccess(ISecured secured, AccessRight right, string role)
{
var application = CmsContext.Current.GetApplication(secured.GetType()) as ISecured;
return(application == null ? Access.Deny : application.Permissions.GetAccess(right, role));
}
public bool IsDefined(AccessRight right, string role)
{
return(AccessPermissions.Any(x => x.AccessRight == right.Value && x.Role == role));
//return (AccessPermissions.Count(x => x.AccessRight == right.Value && x.Role == role) == 0);
}
public AccessPermissionBuilder Deny(AccessRight right)
{
return(new AccessPermissionBuilder(AccessPermissions, right, Access.Deny));
}
public AccessPermissionBuilder Allow(AccessRight right)
{
return(new AccessPermissionBuilder(AccessPermissions, right, Access.Allow));
}