public static void AddAclForUser(this AccessControlListQuery query, VirtualRoleRepository <VirtualRoleProviderBase> virtualRoleRepository, PrincipalInfo principal, object context)
{
if (principal == null)
{
return;
}
Validator.ThrowIfNull("virtualRoleRepository", virtualRoleRepository);
if (!string.IsNullOrEmpty(principal.Name))
{
query.AddUser(principal.Name);
}
ICollection <string> roleList = principal.RoleList;
if (roleList != null)
{
foreach (string current in roleList)
{
query.AddRole(current);
}
}
foreach (string current2 in virtualRoleRepository.GetAllRoles())
{
VirtualRoleProviderBase virtualRoleProviderBase;
if (virtualRoleRepository.TryGetRole(current2, out virtualRoleProviderBase) && virtualRoleProviderBase.IsInVirtualRole(principal.Principal, context))
{
query.AddRole(current2);
}
}
}
public static IQueryExpression FilterByACL(this IQueryExpression expression)
{
var aclQuery = new AccessControlListQuery();
var _virtualRoleRepository = ServiceLocator.Current.GetInstance <IVirtualRoleRepository>();
var principal = PrincipalInfo.Current;
var context = HttpContext.Current;
if (principal?.Principal == null)
{
return(expression);
}
aclQuery.AddUser(principal.Principal.Identity.Name);
ClaimsPrincipal claimsPrincipal = principal.Principal as ClaimsPrincipal;
IEnumerable <Claim> claims = claimsPrincipal != null?claimsPrincipal.Claims.Where <Claim>(c => c.Type.Equals("http://schemas.microsoft.com/ws/2008/06/identity/claims/role")) : (IEnumerable <Claim>)null;
if (claims == null)
{
return(expression);
}
foreach (Claim claim in claims)
{
aclQuery.AddRole(claim.Value);
}
foreach (string allRole in _virtualRoleRepository.GetAllRoles())
{
VirtualRoleProviderBase virtualRole;
if (_virtualRoleRepository.TryGetRole(allRole, out virtualRole) && virtualRole.IsInVirtualRole(principal.Principal, context))
{
aclQuery.AddRole(allRole);
}
}
return(expression.And(aclQuery));
}
