/// <summary>
        /// Grant a particular rights holder specific rights to an entity.
        /// </summary>
        /// <param name="rightsHolderId">The rights holder's id.</param>
        /// <param name="entityId">The entity's id.</param>
        /// <param name="rightId">The specific right's id.</param>
        /// <returns>The id of the AccessControl row.</returns>
        internal static Guid GrantAccess(Guid rightsHolderId, Guid entityId, Guid rightId)
        {
            DataModelTransaction transaction = DataModelTransaction.Current;
            DataModel            dataModel   = new DataModel();
            Guid             currentUserId   = TradingSupport.UserId;
            UserRow          currentUserRow  = DataModel.User.UserKey.Find(currentUserId);
            RightsHolderRow  rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
            Guid             rightsHolderTenantId;
            AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);
            Guid             accessControlId  = Guid.Empty;

            // Determine whether current user has write access to the entity.
            if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
            {
                throw new FaultException <SecurityFault>(
                          new SecurityFault(String.Format("{0} does not write permission to {1}", rightsHolderId, entityId)));
            }

            rightsHolderRow.AcquireReaderLock(transaction);
            rightsHolderTenantId = rightsHolderRow.TenantId;
            rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);

            // Determine whether current user's tenant is upstream from rights holder we're modifying.
            if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
            {
                throw new FaultException <SecurityFault>(
                          new SecurityFault(String.Format("{0} does not control over tenant {1}", rightsHolderId, rightsHolderTenantId)));
            }

            if (accessControlRow != null)
            {
                accessControlRow.AcquireWriterLock(transaction);
                accessControlId = accessControlRow.AccessControlId;
                dataModel.UpdateAccessControl(
                    accessControlRow.AccessControlId,
                    new object[] { accessControlRow.AccessControlId },
                    rightId,
                    entityId,
                    rightsHolderId,
                    accessControlRow.RowVersion,
                    rightsHolderTenantId);
            }
            else
            {
                accessControlId = Guid.NewGuid();
                dataModel.CreateAccessControl(
                    accessControlId,
                    rightId,
                    entityId,
                    rightsHolderId,
                    rightsHolderTenantId);
            }

            return(accessControlId);
        }
Пример #2
0
        /// <summary>
        /// Update the rights with the rights in the original AccessControlRow. If our rights have been changed, do nothing.
        /// </summary>
        /// <param name="accessControlRow">The row to copy the rights from.</param>
        public void Update(AccessControlRow accessControlRow)
        {
            if (accessControlRow.RowVersion != this.rowVersion &&
                accessControlRow.RightsHolderRow.RightsHolderId == user.EntityId &&
                accessControlRow.EntityRow.EntityId == entity.EntityId &&
                !this.dirty)
            {
                this.accessRight = accessControlRow.AccessRightRow.AccessRightCode;
            }

            this.rowVersion = accessControlRow.RowVersion;
        }
Пример #3
0
 /// <summary>
 /// Create an new AccessControl from a AccessControlRow.
 /// </summary>
 /// <param name="accessControlRow">The row to base this object on.</param>
 public AccessControl(AccessControlRow accessControlRow)
 {
     this.accessControlId = accessControlRow.AccessControlId;
     this.user            = Entity.New(accessControlRow.RightsHolderRow.EntityRow) as RightsHolder;
     this.entity          = new Entity(accessControlRow.EntityRow);
     this.tenantId        = accessControlRow.TenantRow.TenantId;
     this.accessRight     = accessControlRow.AccessRightRow.AccessRightCode;
     this.rowVersion      = accessControlRow.RowVersion;
     this.dirty           = false;
     this.deleted         = false;
     this.newRights       = false;
 }
        /// <summary>
        /// Determine what level of access (read-only or write) we have to the selected user.
        /// </summary>
        /// <param name="userId">The userId of the selected user.</param>
        private void Populate(Guid userId)
        {
            lock (DataModel.SyncRoot)
            {
                Boolean          canWrite         = false;
                AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(UserContext.Instance.UserId, userId);
                UserRow          userRow          = DataModel.User.UserKey.Find(userId);
                List <Group>     groups           = new List <Group>();
                Group            admin            = null;
                Group            user             = null;

                if (accessControlRow != null)
                {
                    AccessRightRow accessRightRow = accessControlRow.AccessRightRow;
                    canWrite = (accessRightRow.AccessRightCode & AccessRight.Write) == AccessRight.Write;
                }

                foreach (GroupRow groupRow in DataModel.Group.Where(row => row.RightsHolderRow.TenantId == userRow.TenantId))
                {
                    Group group = Entity.New(groupRow.RightsHolderRow.EntityRow) as Group;

                    if (group.GroupType == GroupType.FluidTradeAdmin ||
                        (admin == null || admin.GroupType == GroupType.SiteAdmin) && group.GroupType == GroupType.ExchangeAdmin ||
                        admin == null && group.GroupType == GroupType.SiteAdmin)
                    {
                        admin = group;
                    }

                    if (group.GroupType == GroupType.User)
                    {
                        user = group;
                    }

                    groups.Add(group);
                }

                this.Dispatcher.BeginInvoke(new Action(() => this.Populate(canWrite, admin, user)), DispatcherPriority.Normal);
            }
        }
        /// <summary>
        /// Revoke any and all access a rights holder has to an entity.
        /// </summary>
        /// <param name="rightsHolderId">The rights holder's id.</param>
        /// <param name="entityId">The entity's id.</param>
        /// <returns>The error code.</returns>
        internal static ErrorCode RevokeAccess(Guid rightsHolderId, Guid entityId)
        {
            DataModelTransaction transaction = DataModelTransaction.Current;
            DataModel            dataModel   = new DataModel();
            Guid             currentUserId   = TradingSupport.UserId;
            UserRow          currentUserRow  = DataModel.User.UserKey.Find(currentUserId);
            RightsHolderRow  rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
            Guid             rightsHolderTenantId;
            AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);

            // Determine whether current user has write access to the entity.
            if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
            {
                return(ErrorCode.AccessDenied);
            }

            rightsHolderRow.AcquireReaderLock(transaction);
            rightsHolderTenantId = rightsHolderRow.TenantId;
            rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);

            // Determine whether current user's tenant is upstream from rights holder we're modifying.
            if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
            {
                return(ErrorCode.AccessDenied);
            }

            if (accessControlRow != null)
            {
                accessControlRow.AcquireWriterLock(transaction);
                dataModel.DestroyAccessControl(new object[] { accessControlRow.AccessControlId }, accessControlRow.RowVersion);
            }
            else
            {
                return(ErrorCode.RecordNotFound);
            }

            return(ErrorCode.Success);
        }