public UserInfoService(ISecurityDbContext dbcontext, IDistributedCacheService cacheService, IHttpContextAccessor httpContextAccessor, IConfiguration confguration) { CacheService = cacheService; HttpContextAccessor = httpContextAccessor; DbContext = dbcontext; Configuration = confguration; }
private static List <IGrouping <string, EntityRights> > GetEntityRights(ISecurityDbContext context, Guid profileId) { var rightsQuery = (from prole in context.ProfileRoles .Where(pr => pr.ProfileId == profileId && pr.RecordState != RecordState.D) join role in context.Roles.Where(r => r.IsActive && r.RecordState != RecordState.D) on prole.RoleId equals role.Id join rright in context.RoleRights.Where(rr => rr.RecordState != RecordState.D) on role.Id equals rright.RoleId join right in context.Rights.Where(r => r.IsActive && r.RecordState != RecordState.D) on rright.RightId equals right.Id select new { RoleId = role.Id, RightId = right.Id, right.EntityAccessLevel, right.EntityName }) .Union(from pright in context.ProfileRights .Where(pr => pr.ProfileId == profileId && pr.RecordState != RecordState.D) join right in context.Rights.Where(r => r.IsActive && r.RecordState != RecordState.D) on pright.RightId equals right.Id select new { RoleId = Guid.Empty, RightId = right.Id, right.EntityAccessLevel, right.EntityName }); var entityRights = rightsQuery.GroupJoin(context.FieldRights, r => new { r.RightId, r.EntityAccessLevel }, fr => new { fr.RightId, EntityAccessLevel = EntityAccessLevel.Partial }, (r, fr) => new EntityRights { EntityAccessLevel = r.EntityAccessLevel, EntityName = r.EntityName, FieldRights = fr.Select(f => new FieldRights { FieldName = f.FieldName, AccessLevel = f.AccessLevel }).ToList() }) //.Select(r => new { r.EntityName, r.EntityAccessLevel, r.FieldRights }) .GroupBy(g => g.EntityName) .ToList(); return(entityRights); }
private static List <RlsRights> GetRlsRights(ISecurityDbContext context, Guid profileId) { var rlsRightsList = (from usedrls in context.ApplicationRowLevelRights.Where(r => r.IsActive) join rls in context.RowLevelRights.Where(el => el.ProfileId == profileId) on usedrls.EntityName equals rls.EntityName into appRowLevelRights from apprls in appRowLevelRights.DefaultIfEmpty() join rlsobj in context.RowLevelSecurityObjects on apprls.Id equals rlsobj.RowLevelRightId into secObjects from securityObject in secObjects.DefaultIfEmpty() select new RlsRights { EntityName = usedrls.EntityName, // because of left join AccessType actually CAN be null, so disable this warning #pragma warning disable CS0472 // The result of the expression is always the same since a value of this type is never equal to 'null' AccessType = apprls.AccessType == null ? RowLevelAccessType.No : apprls.AccessType, #pragma warning restore CS0472 // The result of the expression is always the same since a value of this type is never equal to 'null' EntityId = (securityObject.EntityId == null ? Guid.Empty : securityObject.EntityId) }) .ToList(); return(rlsRightsList); }
public UserInMemoryService(ISecurityDbContext dbcontext, IMemoryCache cache, IHttpContextAccessor httpContextAccessor, IConfiguration confguration) { _cache = cache; _httpContext = httpContextAccessor?.HttpContext; _dbContext = dbcontext; var rightsInvalidationTime = confguration.GetValue <int>("Rights:InvalidationTime"); if (rightsInvalidationTime > 0) { RightsInvalidationTime = rightsInvalidationTime; } }
private static Dictionary <string, Guid> GetDefaultValues(ISecurityDbContext context, List <RlsRights> rlsRights, Guid?userId) { var needDefaultValues = userId.HasValue && rlsRights.Select(el => el.AccessType) .Where(el => el == RowLevelAccessType.Default) .Any(); var defaultValues = new Dictionary <string, Guid>(); if (needDefaultValues) { defaultValues = context.EmployeeDefaultValues .Where(el => el.UserId == userId.Value) .GroupBy(el => el.EntityName) .Select(g => new { EntityName = g.Key, ValueId = g.Select(el => el.ValueId).FirstOrDefault() }) .ToDictionary(k => k.EntityName, v => v.ValueId); } return(defaultValues); }
public static UserApplicationRights GetUserRights(this ISecurityDbContext context, Guid profileId, Guid?userId = null) { var rights = new UserApplicationRights { EntityRights = new Dictionary <string, EntityRightData>(), RowLevelRights = new Dictionary <string, RowLevelRightData>() }; if (profileId == Guid.Empty) { return(rights); } rights.EntityRights = GetEntityRightsModel(context, profileId); rights.RowLevelRights = GetRowLevelRightsModel(context, profileId, userId); ChangeEntityRightsAccordingToRlsRights(rights); return(rights); }
public SecurityRepository(ISecurityDbContext context) : base(context) { }
public AuthenticationRepository(ISecurityDbContext ISecurityDbContext) { this.ISecurityDbContext = ISecurityDbContext; }
public UserDiklzInfoService(ISecurityDbContext dbcontext, IDistributedCacheService cacheService, IHttpContextAccessor httpContextAccessor, IConfiguration confguration) : base(dbcontext, cacheService, httpContextAccessor, confguration) { }
public FeedBackService(ICommonDataService dataService, MigrationDbContext context, IUserInfoService userInfoService, ISecurityDbContext dbcontext, IObjectMapper objectMapper) { _dataService = dataService; _userInfoService = userInfoService; _context = context; _objectMapper = objectMapper; }
private static Dictionary <string, EntityRightData> GetEntityRightsModel(ISecurityDbContext context, Guid profileId) { var entityRights = GetEntityRights(context, profileId); var entityRightsModel = new Dictionary <string, EntityRightData>(); foreach (var right in entityRights) { var maxAccessLevel = right.Max(el => el.EntityAccessLevel); var entityRight = new EntityRightData { EntityName = right.Key, EntityAccessLevel = maxAccessLevel }; entityRightsModel.Add(right.Key, entityRight); if (maxAccessLevel != EntityAccessLevel.Partial) { continue; } // in case of partial access we need combining rights in a special way // if there is role with full entity read access, then we need reflection to get all the properties var fieldRights = new Dictionary <string, AccessLevel>(); foreach (var fields in right) { if (fields.EntityAccessLevel == EntityAccessLevel.Partial) { foreach (var field in fields.FieldRights) { fieldRights.Add(field.FieldName, field.AccessLevel); } } else if (fields.EntityAccessLevel == EntityAccessLevel.Read) { var properties = context.GetApplicationModels() .Where(model => model.Name == fields.EntityName) .FirstOrDefault() ?.GetProperties(System.Reflection.BindingFlags.Public | System.Reflection.BindingFlags.Instance); if (properties != null) { foreach (var prop in properties) { fieldRights.Add(prop.Name, AccessLevel.Read); } } } } var combinedFieldRights = fieldRights.GroupBy(kv => kv.Key) .Select(g => new { FieldName = g.Key, AccessLevel = g.Max(el => el.Value) }) .Where(kv => kv.AccessLevel != AccessLevel.No) .ToDictionary(g => g.FieldName, g => g.AccessLevel); if (combinedFieldRights.Count == 0) { entityRight.EntityAccessLevel = EntityAccessLevel.No; } else { entityRight.FieldRights = combinedFieldRights; } } return(entityRightsModel); }
private static Dictionary <string, RowLevelRightData> GetRowLevelRightsModel(ISecurityDbContext context, Guid profileId, Guid?userId) { var rlsRights = GetRlsRights(context, profileId); var defaultValues = GetDefaultValues(context, rlsRights, userId); var enumConverter = new EnumConverter(); var rightsModel = new Dictionary <string, RowLevelRightData>(); var groupedRlsList = rlsRights.GroupBy(el => el.EntityName); foreach (var right in groupedRlsList) { var maxAccessType = right.Max(el => el.AccessType); var rlsRight = new RowLevelRightData { Name = right.Key, PermissionType = enumConverter.ToRowLevelModelPermissionType(maxAccessType), Entities = new List <string>() }; rightsModel.Add(right.Key, rlsRight); if (maxAccessType != RowLevelAccessType.No && maxAccessType != RowLevelAccessType.All) { // in case of specific access we need combining rights in a special way // if there is right "Except" we need create combined "Except" rule // otherwise it will be "Specified" rule var rlsExceptObjects = new List <string>(); var rlsIncludeObjects = new List <string>(); foreach (var rlsr in right) { if (rlsr.AccessType == RowLevelAccessType.Default) { if (defaultValues.TryGetValue(rlsr.EntityName, out var defValue) && defValue != Guid.Empty) { rlsIncludeObjects.Add(defValue.ToString()); } } else if (rlsr.AccessType == RowLevelAccessType.Specified && rlsr.EntityId != Guid.Empty) { rlsIncludeObjects.Add(rlsr.EntityId.ToString()); } else if (rlsr.AccessType == RowLevelAccessType.Except && rlsr.EntityId != Guid.Empty) { rlsExceptObjects.Add(rlsr.EntityId.ToString()); } } rlsExceptObjects = rlsExceptObjects.Distinct().ToList(); rlsIncludeObjects = rlsIncludeObjects.Distinct().ToList(); if (rlsExceptObjects.Count > 0) { rlsRight.Entities.AddRange(rlsExceptObjects.Except(rlsIncludeObjects)); } else { rlsRight.Entities.AddRange(rlsIncludeObjects); } if (rlsRight.Entities.Count == 0) { if (rlsRight.PermissionType == RowLevelModelPermissionType.Specified) { rlsRight.PermissionType = RowLevelModelPermissionType.No; } else if (rlsRight.PermissionType == RowLevelModelPermissionType.Except) { rlsRight.PermissionType = RowLevelModelPermissionType.All; } } } } return(rightsModel); }