public static bool IsAllowed( this IDocumentSession session, AuthorizationUser user, string operation) { if (session == null) throw new ArgumentNullException("session"); if (user == null) throw new ArgumentNullException("user"); if (operation == null) throw new ArgumentNullException("operation"); IEnumerable<IPermission> permissions = from permission in user.Permissions ?? new List<OperationPermission>()// permissions for user / role directly on document where OperationMatches(permission.Operation, operation) select permission; session.Load<AuthorizationRole>(user.Roles.Where(roleId=>session.Advanced.IsLoaded(roleId) == false)); permissions = permissions.Concat( from roleId in user.Roles let role = session.Load<AuthorizationRole>(roleId) where role != null from permission in role.Permissions ?? new List<OperationPermission>() where OperationMatches(permission.Operation, operation) select permission ); IEnumerable<IPermission> orderedPermissions = permissions.OrderByDescending(x => x.Priority).ThenBy(x => x.Allow); var decidingPermission = orderedPermissions.FirstOrDefault(); return decidingPermission != null && decidingPermission.Allow; }
private void ExecuteSecuredOperation(string userId) { string operation = "operation"; using (var s = store.OpenSession()) { AuthorizationUser user = new AuthorizationUser { Id = userId, Name = "Name" }; user.Permissions = new List<OperationPermission> { new OperationPermission {Allow = true, Operation = operation} }; s.Store(user); s.SaveChanges(); } using (var s = store.OpenSession()) { var authorizationUser = s.Load<AuthorizationUser>(userId); Assert.True(s.IsAllowed(authorizationUser, operation)); } }