private static void AddUserLevelPermissionMessage(
string operation,
AuthorizationInformation info,
IUser user,
Permission permission,
string entityDescription,
string entitiesGroupsDescription)
{
if (permission.User != null)
{
string target = GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription);
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
}
}
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info,
IUser user, Permission permission,
string entityDescription,
string entitiesGroupsDescription)
{
if (permission.UsersGroup != null)
{
UsersGroup[] ancestryAssociation =
authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name);
string groupAncestry = Strings.Join(ancestryAssociation, " -> ");
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission, entityDescription, entitiesGroupsDescription),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
}
}
private void AddPermissionDescriptionToAuthorizationInformation <TEntity>(string operation,
AuthorizationInformation info,
IUser user, Permission[] permissions,
TEntity entity)
where TEntity : class
{
string entityDescription = "";
string entitiesGroupsDescription = "";
if (entity != null)
{
EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity);
entityDescription = Security.GetDescription(entity);
entitiesGroupsDescription = Strings.Join(entitiesGroups);
}
if (permissions.Length == 0)
{
UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user);
if (entity == null) //not on specific entity
{
info.AddDeny(Resources.PermissionForOperationNotGrantedToUser,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups)
);
}
else
{
info.AddDeny(Resources.PermissionForOperationNotGrantedToUserOnEntity,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups),
entityDescription,
entitiesGroupsDescription);
}
return;
}
foreach (Permission permission in permissions)
{
AddUserLevelPermissionMessage(operation, info, user, permission, entityDescription,
entitiesGroupsDescription);
AddUserGroupLevelPermissionMessage(operation, info, user, permission, entityDescription,
entitiesGroupsDescription);
}
}
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info)
{
info = new AuthorizationInformation();
Operation op = authorizationRepository.GetOperationByName(operation);
if (op == null)
{
info.AddDeny(Resources.OperationNotDefined, operation);
return(true);
}
return(false);
}
private static void AddUserLevelPermissionMessage(
string operation,
AuthorizationInformation info,
IUser user,
Permission permission)
{
if (permission.User != null)
{
string target = GetPermissionTarget(permission);
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUser,
operation,
user.SecurityInfo.Name,
target,
permission.Level);
}
}
}
private void AddUserGroupLevelPermissionMessage(string operation, AuthorizationInformation info,
IUser user, Permission permission)
{
if (permission.UsersGroup != null)
{
UsersGroup[] ancestryAssociation =
authorizationRepository.GetAncestryAssociation(user, permission.UsersGroup.Name);
string groupAncestry = Strings.Join(ancestryAssociation, " -> ");
if (permission.Allow)
{
info.AddAllow(Resources.PermissionGrantedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
else
{
info.AddDeny(Resources.PermissionDeniedForUsersGroup,
operation,
permission.UsersGroup.Name,
GetPermissionTarget(permission),
user.SecurityInfo.Name,
permission.Level,
groupAncestry);
}
}
}
private bool InitializeAuthorizationInfo(string operation, out AuthorizationInformation info)
{
info = new AuthorizationInformation();
Operation op = authorizationRepository.GetOperationByName(operation);
if (op == null)
{
info.AddDeny(Resources.OperationNotDefined, operation);
return true;
}
return false;
}
private void AddPermissionDescriptionToAuthorizationInformation(string operation,
AuthorizationInformation info,
IUser user, Permission[] permissions)
{
if (permissions.Length == 0)
{
UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user);
info.AddDeny(Resources.PermissionForOperationNotGrantedToUser,
operation,
user.SecurityInfo.Name,
Strings.Join(usersGroups)
);
return;
}
foreach (Permission permission in permissions)
{
AddUserLevelPermissionMessage(operation, info, user, permission);
AddUserGroupLevelPermissionMessage(operation, info, user, permission);
}
}