protected override ICustomPermissionPolicyUser GetUser()
{
string userName = TestSetConfig.TestUser;
var currentUser = securedObjectSpace.FirstOrDefault <UserType>(o => o.UserName == userName);
CheckUserData(currentUser);
return(currentUser);
}
public ActionResult Patch(Guid key, [FromBody] JObject jObject)
{
#endif
Employee employee = objectSpace.FirstOrDefault <Employee>(e => e.Oid == key);
if (employee != null)
{
JsonParser.ParseJObject <Employee>(jObject, employee, objectSpace);
return(Ok(employee));
}
return(NotFound());
}
public static T EnsureObject <T>(this IObjectSpace objectSpace, Expression <Func <T, bool> > criteriaExpression, Action <T> initialize = null, bool inTransaction = false) where T : class
{
var o = objectSpace.FirstOrDefault(criteriaExpression, inTransaction);
if (o != null)
{
return(o);
}
var ensureObject = objectSpace.CreateObject <T>();
initialize?.Invoke(ensureObject);
return(ensureObject);
}
private void CreateSecurityObjects(IObjectSpace updatingObjectSpace)
{
var userSam = updatingObjectSpace.FirstOrDefault <UserType>(user => user.UserName == "Sam");
if (userSam == null)
{
userSam = updatingObjectSpace.CreateObject <UserType>();
((IAuthenticationActiveDirectoryUser)userSam).UserName = "******";
userSam.SetPassword("");
}
// If a role with the Administrators name doesn't exist in the database, create this role
RoleType adminRole = updatingObjectSpace.FirstOrDefault <RoleType>(role => role.Name == "Administrators");
if (adminRole == null)
{
adminRole = updatingObjectSpace.CreateObject <RoleType>();
adminRole.Name = "Administrators";
}
adminRole.IsAdministrative = true;
// If a role with the Users name doesn't exist in the database, create this role
RoleType userRole = updatingObjectSpace.FirstOrDefault <RoleType>(role => role.Name == "Users");
if (userRole == null)
{
userRole = updatingObjectSpace.CreateObject <RoleType>();
userRole.Name = "Users";
userRole.PermissionPolicy = SecurityPermissionPolicy.AllowAllByDefault;
userRole.AddTypePermission <RoleType>(SecurityOperations.FullAccess, SecurityPermissionState.Deny);
userRole.AddTypePermission <UserType>(SecurityOperations.FullAccess, SecurityPermissionState.Deny);
userRole.AddObjectPermission <UserType>(SecurityOperations.ReadOnlyAccess, $"[{keyPropertyName}] = CurrentUserId()", SecurityPermissionState.Allow);
userRole.AddMemberPermission <UserType>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", null, SecurityPermissionState.Allow);
userRole.AddMemberPermission <UserType>(SecurityOperations.Write, "StoredPassword", null, SecurityPermissionState.Allow);
userRole.AddTypePermission <RoleType>(SecurityOperations.Read, SecurityPermissionState.Allow);
userRole.AddTypePermission <TypePermission>("Write;Delete;Create", SecurityPermissionState.Deny);
userRole.AddTypePermission <MemberPermissions>("Write;Delete;Create", SecurityPermissionState.Deny);
userRole.AddTypePermission <ObjectPermissions>("Write;Delete;Create", SecurityPermissionState.Deny);
userRole.AddTypePermission <ContactType>(SecurityOperations.FullObjectAccess, SecurityPermissionState.Deny);
userRole.AddObjectPermission <ContactType>(SecurityOperations.FullObjectAccess, $"[Department].[Users][[{keyPropertyName}] == CurrentUserId()].Exists()", SecurityPermissionState.Allow);
userRole.AddMemberPermission <ContactType>(SecurityOperations.ReadWriteAccess, nameof(IPerson.FirstName), $"Contains([{nameof(IPerson.FirstName)}], '1Е2Е3')", SecurityPermissionState.Deny);
userRole.AddMemberPermission <ContactType>(SecurityOperations.ReadWriteAccess, nameof(IPerson.LastName), $"Contains([{nameof(IPerson.LastName)}], '1Е2Е3')", SecurityPermissionState.Deny);
userRole.AddMemberPermission <ContactType>(SecurityOperations.ReadWriteAccess, nameof(IPerson.Email), $"Contains([{nameof(IPerson.Email)}], '1Е2Е3')", SecurityPermissionState.Deny);
userRole.AddMemberPermission <ContactType>(SecurityOperations.ReadWriteAccess, nameof(IPerson.Birthday), $"[{nameof(IPerson.Birthday)}] > #2050-03-22 13:18:51#", SecurityPermissionState.Deny);
userRole.AddTypePermission <TaskType>(SecurityOperations.FullObjectAccess, SecurityPermissionState.Deny);
userRole.AddObjectPermission <TaskType>(SecurityOperations.FullObjectAccess, $"[Contacts][[Department].[Users][[{keyPropertyName}] == CurrentUserId()].Exists()]", SecurityPermissionState.Allow);
if (typeof(TaskType).IsSubclassOf(typeof(DevExpress.Persistent.BaseImpl.Task)))
{
userRole.AddObjectPermission <TaskType>(SecurityOperations.FullObjectAccess, $"[AssignedTo].<Contact>[Department].[Users][[{keyPropertyName}] == CurrentUserId()].Exists()", SecurityPermissionState.Allow);
}
else
{
userRole.AddObjectPermission <TaskType>(SecurityOperations.FullObjectAccess, "Upcast(AssignedTo, 'XAFSecurityBenchmark.Models.EFCore.Contact', 'Department') == CurrentUserDepartment()", SecurityPermissionState.Allow);
}
}
updatingObjectSpace.CommitChanges();
// Add the Administrators role to the user Sam
userSam.SetUserRole(adminRole);
// Add the Users role to a user
foreach (string userName in TestSetConfig.Users)
{
var justUser = updatingObjectSpace.FirstOrDefault <UserType>(user => user.UserName == userName);
if (justUser == null)
{
justUser = updatingObjectSpace.CreateObject <UserType>();
((IAuthenticationActiveDirectoryUser)justUser).UserName = userName;
justUser.SetPassword("");
justUser.SetUserRole(userRole);
}
string userDepartmentName = $"The {userName} department!";
var userDepartment = updatingObjectSpace.FirstOrDefault <DepartmentType>(department => department.Title == userDepartmentName);
if (userDepartment == null)
{
userDepartment = updatingObjectSpace.CreateObject <DepartmentType>();
userDepartment.Title = userDepartmentName;
}
justUser.SetDepartment(userDepartment);
}
updatingObjectSpace.CommitChanges();
}
public ObjectType FirstOrDefault <ObjectType>(Expression <Func <ObjectType, bool> > criteriaExpression) where ObjectType : class
{
return(objectSpace.FirstOrDefault <ObjectType>(criteriaExpression));
}