private void ForceDeleteEntitySchemaRecordRightLevel(Guid adminUnitId, string schemaName, Guid recordId) { foreach (EntitySchemaRecordRightOperation operation in Enum.GetValues(typeof(EntitySchemaRecordRightOperation))) { DBSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId, operation, schemaName, recordId); } }
/// <summary> /// ###### ##### ####### ############ # ########. /// ########## ###### # ####### JSON, # ########### ##########. /// </summary> /// <param name="adminOperationId">Id ########</param> /// <param name="adminUnitIds">###### Id #############/#####</param> /// <param name="canExecute">###### # ########</param> /// <returns>C##### # ####### JSON. /// ######## ############### ###### # ######: /// Success - ########## ########## ######, /// ExMessage - ##### ######, #### Success = false </returns> public string SetAdminOperationGrantee(Guid adminOperationId, Guid[] adminUnitIds, bool canExecute) { bool success = false; string exMessage = string.Empty; try { if (_userConnection.IsSystemOperationsRestricted) { throw new SystemOperationRestrictedException(); } DBSecurityEngine engine = _userConnection.DBSecurityEngine; foreach (var unitId in adminUnitIds) { engine.SetAdminOperationGrantee(adminOperationId, unitId, canExecute); } success = true; } catch (Exception ex) { if (ex is SecurityException) { exMessage = ex.Message; } else { exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper", "LocalizableStrings.NonSecurityExeption.Value"); } } return(JsonConvert.SerializeObject(new { Success = success, ExMessage = exMessage })); }
/// <summary> /// Removes operations. /// Returns a string that is a JSON object representing execution result. /// </summary> /// <param name="recordIds">Array of operations identity</param> /// <returns>JSON-format string. /// Includes serialized object whith fields: /// Success - the method is successfully executed., /// ExMessage - string with error, if Success = false </returns> public string DeleteAdminOperation(Guid[] recordIds) { bool success = false; string exMessage = string.Empty; try { DBSecurityEngine engine = _userConnection.DBSecurityEngine; engine.CheckCanChangeAdminOperationGrantee(); EntitySchema adminOperationTableSchema = _userConnection.EntitySchemaManager.GetInstanceByName("SysAdminOperation"); Entity adminOperationEntity = adminOperationTableSchema.CreateEntity(_userConnection); foreach (var recordId in recordIds) { if (adminOperationEntity.FetchFromDB("Id", recordId)) { adminOperationEntity.Delete(); } } success = true; } catch (Exception ex) { if (ex is SecurityException) { exMessage = ex.Message; } else { exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper", "LocalizableStrings.NonSecurityExeption.Value"); } } return(JsonConvert.SerializeObject(new { Success = success, ExMessage = exMessage })); }
/// <summary> /// #########, ### ######## ############, /// ########### ######### #### ####### # ########. /// ########## ###### # ####### JSON, # ########### ##########. /// </summary> /// <returns>C##### # ####### JSON. /// ######## ############### ###### # ######: /// Success - ########## ########## ######, /// ExMessage - ##### ######, #### Success = false </returns> public string CheckCanChangeAdminOperationGrantee() { bool success = false; string exMessage = String.Empty; try { DBSecurityEngine engine = _userConnection.DBSecurityEngine; engine.CheckCanChangeAdminOperationGrantee(); success = true; } catch (Exception ex) { if (ex is SecurityException) { exMessage = ex.Message; } else { exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper", "LocalizableStrings.NonSecurityExeption.Value"); } } return(JsonConvert.SerializeObject(new { Success = success, ExMessage = exMessage })); }
/// <summary> /// ####### ##### ####### # ########. /// ########## ###### # ####### JSON, # ########### ##########. /// </summary> /// <param name="recordIds">###### Id #### #######</param> /// <returns>C##### # ####### JSON. /// ######## ############### ###### # ######: /// Success - ########## ########## ######, /// ExMessage - ##### ######, #### Success = false </returns> public string DeleteAdminOperationGrantee(Guid[] recordIds) { bool success = false; string exMessage = string.Empty; try { DBSecurityEngine engine = _userConnection.DBSecurityEngine; foreach (var recordId in recordIds) { engine.DeleteAdminOperationGrantee(recordId); } success = true; } catch (Exception ex) { if (ex is SecurityException) { exMessage = ex.Message; } else { exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper", "LocalizableStrings.NonSecurityExeption.Value"); } } return(JsonConvert.SerializeObject(new { Success = success, ExMessage = exMessage })); }
protected bool CheckReadFileAccess(EntitySchema entitySchema, Guid recordId) { DBSecurityEngine securityEngine = UserConnection.DBSecurityEngine; SchemaRecordRightLevels rights = securityEngine.GetEntitySchemaRecordRightLevel(entitySchema, recordId); return((rights & SchemaRecordRightLevels.CanRead) == SchemaRecordRightLevels.CanRead); }
public SspEntityRepository(UserConnection uc) { _userConnection = uc; _entitySchemaManager = _userConnection.EntitySchemaManager; _securityEngine = _userConnection.DBSecurityEngine; _resourceStorage = uc.ResourceStorage; _utils = new SchemaDesignerUtilities(_userConnection); _packageUId = GetCurrentPackageUId(); }
public virtual void DeleteRecordRight(DBSecurityEngine dbSecurityEngine, Guid entityRecordId, string entitySchemaName, Dictionary <string, object> recordRight) { bool canRead = (bool)recordRight["CanRead"]; bool canEdit = (bool)recordRight["CanEdit"]; bool canDelete = (bool)recordRight["CanDelete"]; switch ((string)recordRight["Grantee"]) { case "Role": case "Employee": case "DataSourceFilter": List <KeyValuePair <Guid, string> > adminUnitIds = GetAdminUnitIds(recordRight); foreach (KeyValuePair <Guid, string> adminUnitId in adminUnitIds) { if (canRead) { dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key, EntitySchemaRecordRightOperation.Read, entitySchemaName, entityRecordId); } if (canEdit) { dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key, EntitySchemaRecordRightOperation.Edit, entitySchemaName, entityRecordId); } if (canDelete) { dbSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(adminUnitId.Key, EntitySchemaRecordRightOperation.Delete, entitySchemaName, entityRecordId); } } break; case "AllRolesAndUsers": if (canRead) { dbSecurityEngine .ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Read, entitySchemaName, entityRecordId); } if (canEdit) { dbSecurityEngine .ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Edit, entitySchemaName, entityRecordId); } if (canDelete) { dbSecurityEngine .ForceDeleteAllEntitySchemaRecordRightLevel(EntitySchemaRecordRightOperation.Delete, entitySchemaName, entityRecordId); } break; } }
/// <summary> /// Checks if the user has rights to manage ssp users. /// </summary> /// <param name="securityEngine">Security engine <see cref="DBSecurityEngine"/></param> public static void CheckCanManageSspUsers(this DBSecurityEngine securityEngine) { bool canAdministrate = securityEngine.GetCanExecuteOperation("CanManageUsers") || securityEngine.GetCanExecuteOperation("CanAdministratePortalUsers"); if (!canAdministrate) { throw new SecurityException(string.Format(new LocalizableString("Terrasoft.Core", "DBSecurityEngine.Exception.CurrentUserCannotExecuteAdminOperation"), "CanAdministratePortalUsers")); } }
public bool CheckForecastItemRights(Guid forecastItemId, SchemaRecordRightLevels rightLevel) { bool result = true; DBSecurityEngine dbSecurityEngine = _userConnection.DBSecurityEngine; SchemaRecordRightLevels forecastItemRightLevel = dbSecurityEngine.GetEntitySchemaRecordRightLevel("ForecastItem", forecastItemId); if ((forecastItemRightLevel & rightLevel) != rightLevel) { result = false; } return(result); }
private void InnerCheckCanUnsubscribe(SocialSubscription socialSubscription) { if (!socialSubscription.CanUnsubscribe) { throw new InvalidOperationException(new LocalizableString(UserConnection.Workspace.ResourceStorage, "SocialSubscriptionService", "LocalizableStrings.SubscriptionCanNotBeCancelled.Value")); } var canDeleteRight = Terrasoft.Core.DB.SchemaRecordRightLevels.CanDelete; var schemaRightLevel = DBSecurityEngine.GetEntitySchemaRecordRightLevel("SocialSubscription", socialSubscription.Id); if ((schemaRightLevel & canDeleteRight) != canDeleteRight) { throw new SecurityException(new LocalizableString(UserConnection.Workspace.ResourceStorage, "SocialSubscriptionService", "LocalizableStrings.SubscriptionCanNotBeDeleted.Value")); } }
private void DeleteSubscriberEditRight(SocialSubscription socialSubscription) { SysUserInfo currentUser = UserConnection.CurrentUser; Guid sysAdminUnitId = socialSubscription.SysAdminUnitId; Guid socialChannelOwnerId = GetSocialChannelOwnerId(socialSubscription.Id, socialSubscription.EntityId); bool currentUserIsOwner = socialChannelOwnerId.Equals(currentUser.ContactId); bool currentUserIsSubscriber = sysAdminUnitId.Equals(currentUser.Id); if ((currentUserIsSubscriber && currentUserIsOwner) || !currentUserIsSubscriber) { return; } var schemaName = "SocialSubscription"; var schema = UserConnection.EntitySchemaManager.GetInstanceByName(schemaName); if (!schema.AdministratedByRecords) { return; } DBSecurityEngine.ForceDeleteEntitySchemaRecordRightLevel(sysAdminUnitId, EntitySchemaRecordRightOperation.Edit, schemaName, socialSubscription.Id); }
/// <summary> /// Updates or inserts operation. /// </summary> /// <param name="recordId">Operation Id</param> /// <param name="name">Operation name</param> /// <param name="code">Operation code</param> /// <param name="description">Operation description</param> /// <returns>JSON-format string. /// Includes serialized object whith fields: /// Success - the method is successfully executed., /// ExMessage - string with error, if Success = false </returns> public string UpsertAdminOperation(Guid recordId, String name, String code, String description) { bool success = false; string exMessage = string.Empty; try { DBSecurityEngine engine = _userConnection.DBSecurityEngine; engine.CheckCanChangeAdminOperationGrantee(); EntitySchema adminOperationTableSchema = _userConnection.EntitySchemaManager.GetInstanceByName("SysAdminOperation"); Entity adminOperationEntity = adminOperationTableSchema.CreateEntity(_userConnection); if (!adminOperationEntity.FetchFromDB(recordId)) { adminOperationEntity.SetDefColumnValues(); } adminOperationEntity.SetColumnValue("Id", recordId); adminOperationEntity.SetColumnValue("Name", name); adminOperationEntity.SetColumnValue("Code", code); adminOperationEntity.SetColumnValue("Description", description); adminOperationEntity.Save(); success = true; } catch (Exception ex) { if (ex is SecurityException) { exMessage = ex.Message; } else { exMessage = new LocalizableString(_userConnection.ResourceStorage, "RightsHelper", "LocalizableStrings.NonSecurityExeption.Value"); } } return(JsonConvert.SerializeObject(new { Success = success, ExMessage = exMessage })); }
public virtual void AddRecordRight(DBSecurityEngine dbSecurityEngine, Guid entityRecordId, string entitySchemaName, bool useDenyRecordRight, Dictionary <string, object> recordRight) { bool canRead = (bool)recordRight["CanRead"]; bool canEdit = (bool)recordRight["CanEdit"]; bool canDelete = (bool)recordRight["CanDelete"]; var rightLevel = (EntitySchemaRecordRightLevel)(int.Parse((string)recordRight["OperationRightLevel"])); List <KeyValuePair <Guid, string> > adminUnitIds = GetAdminUnitIds(recordRight); foreach (KeyValuePair <Guid, string> adminUnitId in adminUnitIds) { try { if (canRead) { dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName, entityRecordId, EntitySchemaRecordRightOperation.Read, rightLevel, useDenyRecordRight, true); } if (canEdit) { dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName, entityRecordId, EntitySchemaRecordRightOperation.Edit, rightLevel, useDenyRecordRight, true); } if (canDelete) { dbSecurityEngine.SetEntitySchemaRecordOperationRightLevel(adminUnitId.Key, entitySchemaName, entityRecordId, EntitySchemaRecordRightOperation.Delete, rightLevel, useDenyRecordRight, true); } } catch (DbException e) { Log.Warn($"Error while executing ChangeAdminRightsUserTask \"{Name}\" in process \"{Owner.Name}\":" + $" can not add rights to {adminUnitId.Value}, SysAdminUnit \"{adminUnitId.Key}\".", e); } } }
protected override bool InternalExecute(ProcessExecutingContext context) { if (EntitySchemaUId == Guid.Empty) { return(true); } var deleteRights = !string.IsNullOrEmpty(DeleteRights) ? Json.Deserialize <List <Dictionary <string, object> > >(DeleteRights) : new List <Dictionary <string, object> >(0); var addRights = !string.IsNullOrEmpty(AddRights) ? Json.Deserialize <List <Dictionary <string, object> > >(AddRights) : new List <Dictionary <string, object> >(0); if (deleteRights.Count == 0 && addRights.Count == 0) { return(true); } EntitySchema entitySchema = UserConnection.EntitySchemaManager.FindInstanceByUId(EntitySchemaUId); if (entitySchema == null) { return(true); } if (!entitySchema.AdministratedByRecords) { return(true); } var entitySchemaQuery = new EntitySchemaQuery(entitySchema) { UseAdminRights = false }; entitySchemaQuery.PrimaryQueryColumn.IsAlwaysSelect = true; if (!string.IsNullOrEmpty(DataSourceFilters)) { ProcessUserTaskUtilities.SpecifyESQFilters(UserConnection, this, entitySchema, entitySchemaQuery, DataSourceFilters); bool isEmptyFilter = entitySchemaQuery.Filters.Count == 0; if (!isEmptyFilter && entitySchemaQuery.Filters.Count == 1) { var filterGroup = entitySchemaQuery.Filters[0] as EntitySchemaQueryFilterCollection; if (filterGroup != null && filterGroup.Count == 0) { return(true); } } } Select selectQuery = entitySchemaQuery.GetSelectQuery(UserConnection); var entityRecordIdList = new List <Guid>(); selectQuery.ExecuteReader(reader => { Guid entityRecordId = reader.GetGuid(0); entityRecordIdList.Add(entityRecordId); }); DBSecurityEngine dbSecurityEngine = UserConnection.DBSecurityEngine; string schemaName = entitySchema.Name; bool useDenyRecordRights = entitySchema.UseDenyRecordRights; foreach (Guid entityRecordId in entityRecordIdList) { foreach (Dictionary <string, object> deleteRight in deleteRights) { DeleteRecordRight(dbSecurityEngine, entityRecordId, schemaName, deleteRight); } for (int i = addRights.Count - 1; i >= 0; i--) { AddRecordRight(dbSecurityEngine, entityRecordId, schemaName, useDenyRecordRights, addRights[i]); } } return(true); }