private void ForceDeleteEntitySchemaRecordRightLevel(Guid adminUnitId, string schemaName, Guid recordId)
{
foreach (EntitySchemaRecordRightOperation operation in Enum.GetValues(typeof(EntitySchemaRecordRightOperation)))
{
DBSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId, operation, schemaName, recordId);
}
}
/// <summary>
/// ###### ##### ####### ############ # ########.
/// ########## ###### # ####### JSON, # ########### ##########.
/// </summary>
/// <param name="adminOperationId">Id ########</param>
/// <param name="adminUnitIds">###### Id #############/#####</param>
/// <param name="canExecute">###### # ########</param>
/// <returns>C##### # ####### JSON.
/// ######## ############### ###### # ######:
/// Success - ########## ########## ######,
/// ExMessage - ##### ######, #### Success = false </returns>
public string SetAdminOperationGrantee(Guid adminOperationId, Guid[] adminUnitIds, bool canExecute)
{
bool success = false;
string exMessage = string.Empty;
try {
if (_userConnection.IsSystemOperationsRestricted)
{
throw new SystemOperationRestrictedException();
}
DBSecurityEngine engine = _userConnection.DBSecurityEngine;
foreach (var unitId in adminUnitIds)
{
engine.SetAdminOperationGrantee(adminOperationId, unitId, canExecute);
}
success = true;
}
catch (Exception ex) {
if (ex is SecurityException)
{
exMessage = ex.Message;
}
else
{
exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper",
"LocalizableStrings.NonSecurityExeption.Value");
}
}
return(JsonConvert.SerializeObject(new {
Success = success,
ExMessage = exMessage
}));
}
/// <summary>
/// Removes operations.
/// Returns a string that is a JSON object representing execution result.
/// </summary>
/// <param name="recordIds">Array of operations identity</param>
/// <returns>JSON-format string.
/// Includes serialized object whith fields:
/// Success - the method is successfully executed.,
/// ExMessage - string with error, if Success = false </returns>
public string DeleteAdminOperation(Guid[] recordIds)
{
bool success = false;
string exMessage = string.Empty;
try {
DBSecurityEngine engine = _userConnection.DBSecurityEngine;
engine.CheckCanChangeAdminOperationGrantee();
EntitySchema adminOperationTableSchema = _userConnection.EntitySchemaManager.GetInstanceByName("SysAdminOperation");
Entity adminOperationEntity = adminOperationTableSchema.CreateEntity(_userConnection);
foreach (var recordId in recordIds)
{
if (adminOperationEntity.FetchFromDB("Id", recordId))
{
adminOperationEntity.Delete();
}
}
success = true;
}
catch (Exception ex) {
if (ex is SecurityException)
{
exMessage = ex.Message;
}
else
{
exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper",
"LocalizableStrings.NonSecurityExeption.Value");
}
}
return(JsonConvert.SerializeObject(new {
Success = success,
ExMessage = exMessage
}));
}
/// <summary>
/// #########, ### ######## ############,
/// ########### ######### #### ####### # ########.
/// ########## ###### # ####### JSON, # ########### ##########.
/// </summary>
/// <returns>C##### # ####### JSON.
/// ######## ############### ###### # ######:
/// Success - ########## ########## ######,
/// ExMessage - ##### ######, #### Success = false </returns>
public string CheckCanChangeAdminOperationGrantee()
{
bool success = false;
string exMessage = String.Empty;
try {
DBSecurityEngine engine = _userConnection.DBSecurityEngine;
engine.CheckCanChangeAdminOperationGrantee();
success = true;
}
catch (Exception ex) {
if (ex is SecurityException)
{
exMessage = ex.Message;
}
else
{
exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper",
"LocalizableStrings.NonSecurityExeption.Value");
}
}
return(JsonConvert.SerializeObject(new {
Success = success,
ExMessage = exMessage
}));
}
/// <summary>
/// ####### ##### ####### # ########.
/// ########## ###### # ####### JSON, # ########### ##########.
/// </summary>
/// <param name="recordIds">###### Id #### #######</param>
/// <returns>C##### # ####### JSON.
/// ######## ############### ###### # ######:
/// Success - ########## ########## ######,
/// ExMessage - ##### ######, #### Success = false </returns>
public string DeleteAdminOperationGrantee(Guid[] recordIds)
{
bool success = false;
string exMessage = string.Empty;
try {
DBSecurityEngine engine = _userConnection.DBSecurityEngine;
foreach (var recordId in recordIds)
{
engine.DeleteAdminOperationGrantee(recordId);
}
success = true;
}
catch (Exception ex) {
if (ex is SecurityException)
{
exMessage = ex.Message;
}
else
{
exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper",
"LocalizableStrings.NonSecurityExeption.Value");
}
}
return(JsonConvert.SerializeObject(new {
Success = success,
ExMessage = exMessage
}));
}
protected bool CheckReadFileAccess(EntitySchema entitySchema, Guid recordId)
{
DBSecurityEngine securityEngine = UserConnection.DBSecurityEngine;
SchemaRecordRightLevels rights = securityEngine.GetEntitySchemaRecordRightLevel(entitySchema, recordId);
return((rights & SchemaRecordRightLevels.CanRead) == SchemaRecordRightLevels.CanRead);
}
public SspEntityRepository(UserConnection uc)
{
_userConnection = uc;
_entitySchemaManager = _userConnection.EntitySchemaManager;
_securityEngine = _userConnection.DBSecurityEngine;
_resourceStorage = uc.ResourceStorage;
_utils = new SchemaDesignerUtilities(_userConnection);
_packageUId = GetCurrentPackageUId();
}
public virtual void DeleteRecordRight(DBSecurityEngine dbSecurityEngine, Guid entityRecordId,
string entitySchemaName, Dictionary <string, object> recordRight)
{
bool canRead = (bool)recordRight["CanRead"];
bool canEdit = (bool)recordRight["CanEdit"];
bool canDelete = (bool)recordRight["CanDelete"];
switch ((string)recordRight["Grantee"])
{
case "Role":
case "Employee":
case "DataSourceFilter":
List <KeyValuePair <Guid, string> > adminUnitIds = GetAdminUnitIds(recordRight);
foreach (KeyValuePair <Guid, string> adminUnitId in adminUnitIds)
{
if (canRead)
{
dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key,
EntitySchemaRecordRightOperation.Read, entitySchemaName, entityRecordId);
}
if (canEdit)
{
dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key,
EntitySchemaRecordRightOperation.Edit, entitySchemaName, entityRecordId);
}
if (canDelete)
{
dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key,
EntitySchemaRecordRightOperation.Delete, entitySchemaName, entityRecordId);
}
}
break;
case "AllRolesAndUsers":
if (canRead)
{
dbSecurityEngine
.ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Read,
entitySchemaName, entityRecordId);
}
if (canEdit)
{
dbSecurityEngine
.ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Edit,
entitySchemaName, entityRecordId);
}
if (canDelete)
{
dbSecurityEngine
.ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Delete,
entitySchemaName, entityRecordId);
}
break;
}
}
/// <summary>
/// Checks if the user has rights to manage ssp users.
/// </summary>
/// <param name="securityEngine">Security engine <see cref="DBSecurityEngine"/></param>
public static void CheckCanManageSspUsers(this DBSecurityEngine securityEngine)
{
bool canAdministrate = securityEngine.GetCanExecuteOperation("CanManageUsers") ||
securityEngine.GetCanExecuteOperation("CanAdministratePortalUsers");
if (!canAdministrate)
{
throw new SecurityException(string.Format(new LocalizableString("Terrasoft.Core",
"DBSecurityEngine.Exception.CurrentUserCannotExecuteAdminOperation"), "CanAdministratePortalUsers"));
}
}
public bool CheckForecastItemRights(Guid forecastItemId, SchemaRecordRightLevels rightLevel)
{
bool result = true;
DBSecurityEngine dbSecurityEngine = _userConnection.DBSecurityEngine;
SchemaRecordRightLevels forecastItemRightLevel
= dbSecurityEngine.GetEntitySchemaRecordRightLevel("ForecastItem", forecastItemId);
if ((forecastItemRightLevel & rightLevel) != rightLevel)
{
result = false;
}
return(result);
}
private void InnerCheckCanUnsubscribe(SocialSubscription socialSubscription)
{
if (!socialSubscription.CanUnsubscribe)
{
throw new InvalidOperationException(new LocalizableString(UserConnection.Workspace.ResourceStorage,
"SocialSubscriptionService", "LocalizableStrings.SubscriptionCanNotBeCancelled.Value"));
}
var canDeleteRight = Terrasoft.Core.DB.SchemaRecordRightLevels.CanDelete;
var schemaRightLevel = DBSecurityEngine.GetEntitySchemaRecordRightLevel("SocialSubscription", socialSubscription.Id);
if ((schemaRightLevel & canDeleteRight) != canDeleteRight)
{
throw new SecurityException(new LocalizableString(UserConnection.Workspace.ResourceStorage,
"SocialSubscriptionService", "LocalizableStrings.SubscriptionCanNotBeDeleted.Value"));
}
}
private void DeleteSubscriberEditRight(SocialSubscription socialSubscription)
{
SysUserInfo currentUser = UserConnection.CurrentUser;
Guid sysAdminUnitId = socialSubscription.SysAdminUnitId;
Guid socialChannelOwnerId = GetSocialChannelOwnerId(socialSubscription.Id, socialSubscription.EntityId);
bool currentUserIsOwner = socialChannelOwnerId.Equals(currentUser.ContactId);
bool currentUserIsSubscriber = sysAdminUnitId.Equals(currentUser.Id);
if ((currentUserIsSubscriber && currentUserIsOwner) || !currentUserIsSubscriber)
{
return;
}
var schemaName = "SocialSubscription";
var schema = UserConnection.EntitySchemaManager.GetInstanceByName(schemaName);
if (!schema.AdministratedByRecords)
{
return;
}
DBSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(sysAdminUnitId, EntitySchemaRecordRightOperation.Edit, schemaName, socialSubscription.Id);
}
/// <summary>
/// Updates or inserts operation.
/// </summary>
/// <param name="recordId">Operation Id</param>
/// <param name="name">Operation name</param>
/// <param name="code">Operation code</param>
/// <param name="description">Operation description</param>
/// <returns>JSON-format string.
/// Includes serialized object whith fields:
/// Success - the method is successfully executed.,
/// ExMessage - string with error, if Success = false </returns>
public string UpsertAdminOperation(Guid recordId, String name, String code, String description)
{
bool success = false;
string exMessage = string.Empty;
try {
DBSecurityEngine engine = _userConnection.DBSecurityEngine;
engine.CheckCanChangeAdminOperationGrantee();
EntitySchema adminOperationTableSchema = _userConnection.EntitySchemaManager.GetInstanceByName("SysAdminOperation");
Entity adminOperationEntity = adminOperationTableSchema.CreateEntity(_userConnection);
if (!adminOperationEntity.FetchFromDB(recordId))
{
adminOperationEntity.SetDefColumnValues();
}
adminOperationEntity.SetColumnValue("Id", recordId);
adminOperationEntity.SetColumnValue("Name", name);
adminOperationEntity.SetColumnValue("Code", code);
adminOperationEntity.SetColumnValue("Description", description);
adminOperationEntity.Save();
success = true;
}
catch (Exception ex) {
if (ex is SecurityException)
{
exMessage = ex.Message;
}
else
{
exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper",
"LocalizableStrings.NonSecurityExeption.Value");
}
}
return(JsonConvert.SerializeObject(new {
Success = success,
ExMessage = exMessage
}));
}
public virtual void AddRecordRight(DBSecurityEngine dbSecurityEngine, Guid entityRecordId,
string entitySchemaName, bool useDenyRecordRight, Dictionary <string, object> recordRight)
{
bool canRead = (bool)recordRight["CanRead"];
bool canEdit = (bool)recordRight["CanEdit"];
bool canDelete = (bool)recordRight["CanDelete"];
var rightLevel = (EntitySchemaRecordRightLevel)(int.Parse((string)recordRight["OperationRightLevel"]));
List <KeyValuePair <Guid, string> > adminUnitIds = GetAdminUnitIds(recordRight);
foreach (KeyValuePair <Guid, string> adminUnitId in adminUnitIds)
{
try {
if (canRead)
{
dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName,
entityRecordId, EntitySchemaRecordRightOperation.Read, rightLevel, useDenyRecordRight,
true);
}
if (canEdit)
{
dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName,
entityRecordId, EntitySchemaRecordRightOperation.Edit, rightLevel, useDenyRecordRight,
true);
}
if (canDelete)
{
dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName,
entityRecordId, EntitySchemaRecordRightOperation.Delete, rightLevel, useDenyRecordRight,
true);
}
} catch (DbException e) {
Log.Warn($"Error while executing ChangeAdminRightsUserTask \"{Name}\" in process \"{Owner.Name}\":" +
$" can not add rights to {adminUnitId.Value}, SysAdminUnit \"{adminUnitId.Key}\".", e);
}
}
}
protected override bool InternalExecute(ProcessExecutingContext context)
{
if (EntitySchemaUId == Guid.Empty)
{
return(true);
}
var deleteRights = !string.IsNullOrEmpty(DeleteRights)
? Json.Deserialize <List <Dictionary <string, object> > >(DeleteRights)
: new List <Dictionary <string, object> >(0);
var addRights = !string.IsNullOrEmpty(AddRights)
? Json.Deserialize <List <Dictionary <string, object> > >(AddRights)
: new List <Dictionary <string, object> >(0);
if (deleteRights.Count == 0 && addRights.Count == 0)
{
return(true);
}
EntitySchema entitySchema = UserConnection.EntitySchemaManager.FindInstanceByUId(EntitySchemaUId);
if (entitySchema == null)
{
return(true);
}
if (!entitySchema.AdministratedByRecords)
{
return(true);
}
var entitySchemaQuery = new EntitySchemaQuery(entitySchema)
{
UseAdminRights = false
};
entitySchemaQuery.PrimaryQueryColumn.IsAlwaysSelect = true;
if (!string.IsNullOrEmpty(DataSourceFilters))
{
ProcessUserTaskUtilities.SpecifyESQFilters(UserConnection, this, entitySchema, entitySchemaQuery,
DataSourceFilters);
bool isEmptyFilter = entitySchemaQuery.Filters.Count == 0;
if (!isEmptyFilter && entitySchemaQuery.Filters.Count == 1)
{
var filterGroup = entitySchemaQuery.Filters[0] as EntitySchemaQueryFilterCollection;
if (filterGroup != null && filterGroup.Count == 0)
{
return(true);
}
}
}
Select selectQuery = entitySchemaQuery.GetSelectQuery(UserConnection);
var entityRecordIdList = new List <Guid>();
selectQuery.ExecuteReader(reader => {
Guid entityRecordId = reader.GetGuid(0);
entityRecordIdList.Add(entityRecordId);
});
DBSecurityEngine dbSecurityEngine = UserConnection.DBSecurityEngine;
string schemaName = entitySchema.Name;
bool useDenyRecordRights = entitySchema.UseDenyRecordRights;
foreach (Guid entityRecordId in entityRecordIdList)
{
foreach (Dictionary <string, object> deleteRight in deleteRights)
{
DeleteRecordRight(dbSecurityEngine, entityRecordId, schemaName, deleteRight);
}
for (int i = addRights.Count - 1; i >= 0; i--)
{
AddRecordRight(dbSecurityEngine, entityRecordId, schemaName, useDenyRecordRights, addRights[i]);
}
}
return(true);
}
