private ResultProcessOperation IsGrantedByObject(Type type, SecurityOperation operation, object targetObject)
{
ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions;
IEnumerable <IObjectPermission> objectPermissions = GetObjectPermissions(type).Where(p => p.Operations.HasFlag(operation));
List <bool> objectPermissionsStates = new List <bool>();
foreach (IObjectPermission objectPermission in objectPermissions)
{
OperationState operationState = objectPermission.OperationState;
LambdaExpression criteriaExpression = objectPermission.Criteria;
bool permissionResult = GetPermissionCriteriaResult(criteriaExpression, targetObject);
if (permissionResult)
{
if (operationState == OperationState.Allow)
{
objectPermissionsStates.Add(true);
}
else
{
objectPermissionsStates.Add(false);
}
}
}
result = MergePermissionsStates(objectPermissionsStates);
return(result);
}
public bool IsGranted(Type type, SecurityOperation operation, object targetObject, string memberName)
{
ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions;
if (!IsSecuredType(type))
{
result = ResultProcessOperation.Allow;
}
if (targetObject != null && !string.IsNullOrEmpty(memberName))
{
result = IsGrantedByMember(type, operation, targetObject, memberName);
}
if (result == ResultProcessOperation.NotContainTargetPermissions && targetObject != null)
{
result = IsGrantedByObject(type, operation, targetObject);
}
if (result == ResultProcessOperation.NotContainTargetPermissions)
{
result = IsGrantedByType(type, operation);
}
if (result == ResultProcessOperation.NotContainTargetPermissions)
{
result = IsGrantedByOperation(operation) ? ResultProcessOperation.Allow : ResultProcessOperation.Deny;
if (result == ResultProcessOperation.Deny && targetObject != null && string.IsNullOrEmpty(memberName))
{
result = IsAnyMemberGranted(type, operation, targetObject);
}
}
if (result == ResultProcessOperation.NotContainTargetPermissions)
{
throw new ArgumentOutOfRangeException();
}
return((result == ResultProcessOperation.Allow) ? true : false);
}
private ResultProcessOperation IsAnyMemberGranted(Type type, SecurityOperation operation, object targetObject)
{
ResultProcessOperation result = ResultProcessOperation.Deny;
IEntityType entityType = securityDbContext.RealDbContext.Model.FindEntityType(targetObject.GetType());
IEnumerable <INavigation> navigationPropertys = entityType.GetNavigations();
foreach (var property in targetObject.GetType().GetTypeInfo().DeclaredProperties)
{
if (property.GetGetMethod().IsStatic || navigationPropertys.Any(p => p.Name == property.Name))
{
continue;
}
string propertyName = property.Name;
IProperty propertyMetadata = securityDbContext.RealDbContext.Entry(targetObject).Metadata.GetProperties().FirstOrDefault(p => p.Name == propertyName);
if (propertyMetadata == null || propertyMetadata.IsKey())
{
continue;
}
bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, propertyName);
if (isGranted)
{
result = ResultProcessOperation.Allow;
break;
}
}
if (result == ResultProcessOperation.Deny)
{
foreach (INavigation navigationProperty in navigationPropertys)
{
bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, navigationProperty.Name);
if (isGranted)
{
result = ResultProcessOperation.Allow;
break;
}
}
}
return(result);
}
