/// <summary>
/// Create a new <see cref="CounterEntityAccessControlChecker"/>.
/// </summary>
/// <param name="checker">
/// The <see cref="IEntityAccessControlChecker"/> to actually perform the check. This cannot be null.
/// </param>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
public CounterEntityAccessControlChecker(IEntityAccessControlChecker checker)
: this(checker,
new SingleInstancePerformanceCounterCategory(AccessControlPerformanceCounters.CategoryName),
new MultiInstancePerformanceCounterCategory(AccessControlPermissionPerformanceCounters.CategoryName))
{
// Do nothing
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="checker">The inner checker.</param>
public SafetyEntityAccessControlChecker(IEntityAccessControlChecker checker)
{
if (checker == null)
{
throw new ArgumentNullException("checker");
}
Checker = checker;
}
public void Test_EnableReadRule(string description, IEntityAccessControlChecker entityAccessControlChecker)
{
AccessRule accessRule;
EntityType entityType;
UserAccount userAccount;
IEntity entity1;
IDictionary <long, bool> result;
using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true))
{
entityType = Entity.Create <EntityType>();
entityType.Inherits.Add(UserResource.UserResource_Type);
entityType.Save();
userAccount = Entity.Create <UserAccount>();
accessRule = Entity.Create <AccessRule>();
accessRule.AccessRuleEnabled = false;
accessRule.PermissionAccess.Add(Permissions.Read.Entity.As <Permission>());
accessRule.ControlAccess = entityType.As <SecurableEntity>();
accessRule.AccessRuleReport = TestQueries.Entities().ToReport();
accessRule.Save();
userAccount.AllowAccess.Add(accessRule);
userAccount.Save();
entity1 = Entity.Create(entityType);
entity1.Save();
ctx.CommitTransaction();
}
// Ensure no access
result = entityAccessControlChecker.CheckAccess(
new[] { new EntityRef(entity1) },
new[] { Permissions.Read },
userAccount);
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1.Id)
.And.Property("Value").False, "Disabled check");
using (var ctx = DatabaseContext.GetContext(true, preventPostSaveActionsPropagating: true))
{
accessRule.AccessRuleEnabled = true;
accessRule.Save();
ctx.CommitTransaction();
}
// Ensure access
result = entityAccessControlChecker.CheckAccess(
new[] { new EntityRef(entity1) },
new[] { Permissions.Read },
userAccount);
Assert.That(result, Has.Count.EqualTo(1));
Assert.That(result, Has.Exactly(1).Property("Key").EqualTo(entity1.Id)
.And.Property("Value").True, "Enabled check");
}
/// <summary>
/// Create a new <see cref="CachingPerRuleSetEntityAccessControlChecker" />.
/// </summary>
/// <param name="entityAccessControlChecker">The <see cref="IEntityAccessControlChecker" /> used to actually perform checks.
/// This cannot be null.</param>
/// <param name="userRuleSetProvider">The user rule set provider.</param>
/// <param name="cacheName">(Optional) Cache name. If supplied, this cannot be null, empty or whitespace.</param>
/// <exception cref="System.ArgumentNullException">userRuleSetProvider</exception>
/// <exception cref="ArgumentNullException"><paramref name="entityAccessControlChecker" /> cannot be null. <paramref name="cacheName" /> cannot be null, empty or whitespace.</exception>
internal CachingPerRuleSetEntityAccessControlChecker(IEntityAccessControlChecker entityAccessControlChecker, IUserRuleSetProvider userRuleSetProvider, string cacheName = "Access control")
: base(entityAccessControlChecker, cacheName)
{
if (userRuleSetProvider == null)
{
throw new ArgumentNullException("userRuleSetProvider");
}
UserRuleSetProvider = userRuleSetProvider;
}
/// <summary>
/// Create a new <see cref="EntityAccessControlService"/> wrapping the given <see cref="entityAccessControlChecker"/>.
/// </summary>
/// <param name="entityAccessControlChecker">
/// The <see cref="IEntityAccessControlChecker"/> to use. This cannot be null.
/// </param>
/// <param name="traceLevelFactory">
/// The optional factory for reading the trace level from configuration.
/// </param>
/// <exception cref="ArgumentNullException">
/// <paramref name="entityAccessControlChecker"/> cannot be null.
/// </exception>
internal EntityAccessControlService(IEntityAccessControlChecker entityAccessControlChecker,
Func <int> traceLevelFactory = null)
{
if (entityAccessControlChecker == null)
{
throw new ArgumentNullException("entityAccessControlChecker");
}
EntityAccessControlChecker = entityAccessControlChecker;
TraceLevelFactory = traceLevelFactory ?? GetTraceLevelSetting;
}
/// <summary>
/// Create a new <see cref="LoggingEntityAccessControlChecker"/>.
/// </summary>
/// <param name="entityAccessControlChecker">
/// The <see cref="IEntityAccessControlChecker"/> to actually perform the check. This cannot be null.
/// </param>
/// <param name="trace">
/// The <see cref="IEntityAccessControlCheckTrace"/> object used to trace events. This cannot be null.
/// </param>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
public LoggingEntityAccessControlChecker(IEntityAccessControlChecker entityAccessControlChecker,
IEntityAccessControlCheckTrace trace)
{
if (entityAccessControlChecker == null)
{
throw new ArgumentNullException("entityAccessControlChecker");
}
if (trace == null)
{
throw new ArgumentNullException("trace");
}
Checker = entityAccessControlChecker;
Trace = trace;
}
/// <summary>
/// Constructor.
/// </summary>
/// <param name="firstChecker">The first checker.</param>
/// <param name="secondChecker">The second checker.</param>
/// <param name="typeCheckerUseFirstCheckerOnly">if set to <c>true</c> [can create use first checker only].</param>
/// <exception cref="System.ArgumentNullException">
/// firstChecker
/// or
/// secondChecker
/// </exception>
public UnionEntityAccessControlChecker(IEntityAccessControlChecker firstChecker, IEntityAccessControlChecker secondChecker, bool typeCheckerUseFirstCheckerOnly)
{
if (firstChecker == null)
{
throw new ArgumentNullException("firstChecker");
}
if (secondChecker == null)
{
throw new ArgumentNullException("secondChecker");
}
FirstChecker = firstChecker;
SecondChecker = secondChecker;
TypeCheckerUseFirstCheckerOnly = typeCheckerUseFirstCheckerOnly;
}
/// <summary>
/// Create a new <see cref="SecuresFlagEntityAccessControlChecker"/> using
/// the given <paramref name="checker"/>.
/// </summary>
/// <param name="checker">
/// The <see cref="IEntityAccessControlChecker"/> that checks access
/// to specific entities. This cannot be null.
/// </param>
/// <param name="entityMemberRequestFactory">
/// The <see cref="IEntityMemberRequestFactory"/> that generates entity member requests
/// to determine which related entities to check security on. This cannot be null.
/// </param>
/// <param name="typeRepository">
/// A <see cref="IEntityTypeRepository"/>. This cannot be null.
/// </param>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
internal SecuresFlagEntityAccessControlChecker(IEntityAccessControlChecker checker,
IEntityMemberRequestFactory entityMemberRequestFactory, IEntityTypeRepository typeRepository)
{
if (checker == null)
{
throw new ArgumentNullException(nameof(checker));
}
if (typeRepository == null)
{
throw new ArgumentNullException(nameof(typeRepository));
}
if (entityMemberRequestFactory == null)
{
throw new ArgumentNullException(nameof(entityMemberRequestFactory));
}
Checker = checker;
TypeRepository = typeRepository;
EntityMemberRequestFactory = entityMemberRequestFactory;
}
/// <summary>
/// Create a new <see cref="CachingEntityAccessControlChecker"/>.
/// </summary>
/// <param name="entityAccessControlChecker">
/// The <see cref="IEntityAccessControlChecker"/> used to actually perform checks.
/// This cannot be null.
/// </param>
/// <param name="cacheName">
/// (Optional) Cache name. If supplied, this cannot be null, empty or whitespace.
/// </param>
/// <exception cref="ArgumentNullException">
/// <paramref name="entityAccessControlChecker"/> cannot be null. <paramref name="cacheName"/> cannot be null, empty or whitespace.
/// </exception>
internal CachingEntityAccessControlCheckerBase(IEntityAccessControlChecker entityAccessControlChecker, string cacheName = "Access control")
{
if (entityAccessControlChecker == null)
{
throw new ArgumentNullException("entityAccessControlChecker");
}
if (string.IsNullOrWhiteSpace(cacheName))
{
throw new ArgumentNullException("cacheName");
}
Checker = entityAccessControlChecker;
CacheFactory cacheFactory = new CacheFactory {
CacheName = cacheName, Lru = true
};
Cache = cacheFactory.Create <TKey, bool>(cacheName);
_cacheInvalidator = new SecurityCacheInvalidatorBase <TKey, bool>(Cache, cacheName);
CacheName = cacheName;
}
/// <summary>
/// Create a new <see cref="CounterEntityAccessControlChecker"/>.
/// </summary>
/// <param name="checker">
/// The <see cref="IEntityAccessControlChecker"/> to actually perform the check. This cannot be null.
/// </param>
/// <param name="accessControlCounters">
/// The <see cref="ISingleInstancePerformanceCounterCategory"/> used to update/set access control performance counters.
/// </param>
/// <param name="accessControlPermissionCounters">
/// The <see cref="IMultiInstancePerformanceCounterCategory"/> used to update/set access control permission performance counters.
/// </param>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
internal CounterEntityAccessControlChecker(
IEntityAccessControlChecker checker,
ISingleInstancePerformanceCounterCategory accessControlCounters,
IMultiInstancePerformanceCounterCategory accessControlPermissionCounters)
{
if (checker == null)
{
throw new ArgumentNullException("checker");
}
if (accessControlCounters == null)
{
throw new ArgumentNullException("accessControlCounters");
}
if (accessControlPermissionCounters == null)
{
throw new ArgumentNullException("accessControlPermissionCounters");
}
Checker = checker;
AccessControlCounters = accessControlCounters;
AccessControlPermissionCounters = accessControlPermissionCounters;
}
/// <summary>
/// Create a new <see cref="LoggingEntityAccessControlChecker"/>.
/// </summary>
/// <param name="entityAccessControlChecker">
/// The <see cref="IEntityAccessControlChecker"/> to actually perform the check. This cannot be null.
/// </param>
/// <exception cref="ArgumentNullException">
/// No argument can be null.
/// </exception>
public LoggingEntityAccessControlChecker(IEntityAccessControlChecker entityAccessControlChecker)
: this(entityAccessControlChecker, new StringEntityAccessControlCheckTrace())
{
// Do nothing
}
/// <summary>
/// Create a new <see cref="CachingEntityAccessControlChecker"/>.
/// </summary>
/// <param name="entityAccessControlChecker">
/// The <see cref="IEntityAccessControlChecker"/> used to actually perform checks.
/// This cannot be null.
/// </param>
/// <param name="cacheName">
/// (Optional) Cache name. If supplied, this cannot be null, empty or whitespace.
/// </param>
/// <exception cref="ArgumentNullException">
/// <paramref name="entityAccessControlChecker"/> cannot be null. <paramref name="cacheName"/> cannot be null, empty or whitespace.
/// </exception>
internal CachingEntityAccessControlChecker(IEntityAccessControlChecker entityAccessControlChecker, string cacheName = "Access control")
: base(entityAccessControlChecker, cacheName)
{
}
