private void ParentsChanged(object sender, NotifyCollectionChangedEventArgs e) { if (e.Action == NotifyCollectionChangedAction.Add) { ISecurityItem parent = (ISecurityItem)e.NewItems[0]; parent.Children.Add(this); _store.OnSecurityItemRelationAdded(parent, this); } if (e.Action == NotifyCollectionChangedAction.Remove) { ISecurityItem parent = (ISecurityItem)e.OldItems[0]; parent.Children.Remove(this); _store.OnSecurityItemRelationRemoved(parent, this); } if (e.Action == NotifyCollectionChangedAction.Reset) { foreach (ISecurityItem parent in e.OldItems) { parent.Children.Remove(this); _store.OnSecurityItemRelationRemoved(parent, this); } } }
public void Operation_Deny_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1"); ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2"); ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task"); task.Children.Add(operation1); task.Children.Add(operation2); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, task); engine.Store.AccessAuthorize(user, operation1).Deny(); ICheckAccessResult operation1AccessResult = engine.CheckAccess(user, operation1); ICheckAccessResult operation2AccessResult = engine.CheckAccess(user, operation2); ICheckAccessResult taskAccessResult = engine.CheckAccess(user, task); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.False(operation1AccessResult.HasAccess()); Assert.True(operation2AccessResult.HasAccess()); Assert.True(taskAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
public void OnSecurityItemRemoved(ISecurityItem securityItem) { if (_ignoreEvents) { return; } AddNewAction(StorageActionType.Remove, new StorageSecurityItem(securityItem.Id)); }
public IEnumerable <IAuthorization> GetSecurityItemAuthorizations(ISecurityItem securityItem) { if (_securityItemAuthorizations.TryGetValue(securityItem, out HashSet <IAuthorization> authorizations)) { return(authorizations); } return(Enumerable.Empty <IAuthorization>()); }
public void OnSecurityItemRelationRemoved(ISecurityItem parent, ISecurityItem child) { if (_ignoreEvents) { return; } AddNewAction(StorageActionType.Remove, new StorageSecurityItemRelation(parent.Id, child.Id)); }
public IConditionResult GetConditions(ISecurityItem securityItem) { ConditionResult conditionResult = (ConditionResult) OnlySelfGetConditions(securityItem); foreach (ISecurityIdentity parent in _securityIdentity.Parents) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = _securityIdentityAuthorizerFactory.CreateCache(parent); IConditionResult parentConditions = securityIdentityAuthorizer.GetConditions(securityItem); MergeConditionResult(conditionResult,parentConditions); } return conditionResult; }
private static IEnumerable <ISecurityItem> InternalGetAllAncestors(this ISecurityItem securityItem) { foreach (ISecurityItem parent in securityItem.Parents) { yield return(parent); foreach (ISecurityItem parentOfParent in parent.InternalGetAllAncestors()) { yield return(parentOfParent); } } }
public ISecurityItemAuthorizationsResolver CreateResolver(ISecurityItem securityItem) { lock (this) { if (!_securityItemsCache.TryGetValue(securityItem, out ISecurityItemAuthorizationsResolver result)) { result = new SecurityItemAuthorizationsResolver(_store, securityItem); _securityItemsCache[securityItem] = result; } return(result); } }
public void Add_SecurityItem_Bag() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); TestSecurityStorage securityStorage = new TestSecurityStorage(); engine.Store.AttachToStorage(securityStorage); ISecurityItem securityItem = engine.Store.AddSecurityItem("07325155-574E-4D89-B680-C0F1B90569E5"); securityItem.Bag["Name"] = "Test"; Assert.Contains("07325155-574E-4D89-B680-C0F1B90569E5_Name", securityStorage.StorageEntities.Keys); }
private IConditionResult OnlySelfGetConditions(ISecurityItem securityItem) { DateTime now = DateTime.Now; ISecurityItemAuthorizationsResolver securityItemAuthorizationsResolver = _securityItemAuthorizationsResolverFactory.CreateResolver(securityItem); Dictionary < IConditionalAuthorization, IEnumerable < IAccessCondition >> result = new Dictionary<IConditionalAuthorization, IEnumerable<IAccessCondition>>(); foreach (IConditionalAuthorization conditionalAuthorization in securityItemAuthorizationsResolver.GetAuthorizations() .Where(a => a.SecurityIdentity.Equals(_securityIdentity)).OfType<IConditionalAuthorization>()) { if (conditionalAuthorization.LifeTime != null && !conditionalAuthorization.LifeTime.IsActive(now)) continue; result.Add(conditionalAuthorization,conditionalAuthorization.Conditions); } return new ConditionResult(result); }
public void Add_SecurityItem_Relation() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); TestSecurityStorage securityStorage = new TestSecurityStorage(); engine.Store.AttachToStorage(securityStorage); ISecurityItem parentSecurityItem = engine.Store.AddSecurityItem("3F028123-7EDA-42F7-80B9-09A9DE954047"); ISecurityItem childSecurityItem = engine.Store.AddSecurityItem("13F1C233-90DC-4904-9EAA-C1A912D2B0A7"); parentSecurityItem.Children.Add(childSecurityItem); Assert.Contains("3F028123-7EDA-42F7-80B9-09A9DE954047_13F1C233-90DC-4904-9EAA-C1A912D2B0A7", securityStorage.StorageEntities.Keys); }
public void Operation_Access_Operation_Direct_To_User() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityItem hasNoAccessFromUserOperation = engine.Store.AddSecurityItem().AddBagItem(Name, "HasNoAccessFromUserOperation"); ISecurityIdentity user = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user"); engine.Store.AccessAuthorize(user, operation); ICheckAccessResult operationAccessResult = engine.CheckAccess(user, operation); ICheckAccessResult hasNoAccessFromUserOperationAccessResult = engine.CheckAccess(user, hasNoAccessFromUserOperation); Assert.True(operationAccessResult.HasAccess()); Assert.False(hasNoAccessFromUserOperationAccessResult.HasAccess()); }
public void Add_SecurityItem() { EngineFactory factory = new EngineFactory(); ISecurityEngine firstEngine = factory.CreateEngine(); using (StorageProvider storageProvider = GetStorageProvider()) { firstEngine.Store.AttachToStorage(storageProvider.Storage); ISecurityItem addSecurityItem = firstEngine.Store.AddSecurityItem(); } ISecurityEngine secondEngine = factory.CreateEngine(); using (StorageProvider storageProvider = GetStorageProvider()) { secondEngine.Store.AttachToStorage(storageProvider.Storage); } }
public void Engine_Instantiate() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation1 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation1"); ISecurityItem operation2 = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation2"); ISecurityItem task = engine.Store.AddSecurityItem().AddBagItem(Name, "Task"); task.Children.Add(operation1); task.Children.Add(operation2); ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1"); ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2"); ISecurityIdentity group = engine.Store.AddSecurityIdentity().AddBagItem(Name, "group"); group.Children.Add(user1); group.Children.Add(user2); IAccessAuthorization user1ToOperationAccessAuthorization = engine.Store.AccessAuthorize(user1, operation1); }
public void Operation_Access_To_Group() { EngineFactory factory = new EngineFactory(); ISecurityEngine engine = factory.CreateEngine(); ISecurityItem operation = engine.Store.AddSecurityItem().AddBagItem(Name, "Operation"); ISecurityIdentity user1 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user1"); ISecurityIdentity user2 = engine.Store.AddSecurityIdentity().AddBagItem(Name, "user2"); ISecurityIdentity adminGroup = engine.Store.AddSecurityIdentity().AddBagItem(Name, "adminGroup"); adminGroup.Children.Add(user1); engine.Store.AccessAuthorize(adminGroup, operation); ICheckAccessResult user1AccessResult = engine.CheckAccess(user1, operation); ICheckAccessResult user2AccessResult = engine.CheckAccess(user2, operation); Assert.True(user1AccessResult.HasAccess()); Assert.False(user2AccessResult.HasAccess()); }
private void ChildrenChanged(object sender, NotifyCollectionChangedEventArgs e) { if (e.Action == NotifyCollectionChangedAction.Add) { ISecurityItem child = (ISecurityItem)e.NewItems[0]; child.Parents.Add(this); } if (e.Action == NotifyCollectionChangedAction.Remove) { ISecurityItem child = (ISecurityItem)e.OldItems[0]; child.Parents.Remove(this); } if (e.Action == NotifyCollectionChangedAction.Reset) { foreach (ISecurityItem child in e.OldItems) { child.Parents.Remove(this); } } }
public ICheckAccessResult CheckAccess(ISecurityItem securityItem) { ICheckAccessResult checkAccessResult = OnlyCheckAccessSelf(securityItem); if (checkAccessResult.AccessType == AccessType.Deny) return checkAccessResult; IList<ICheckAccessResult> allowedParentCheckAccessResults = new List<ICheckAccessResult>(); foreach (ISecurityIdentity parent in _securityIdentity.Parents) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = _securityIdentityAuthorizerFactory.CreateCache(parent); ICheckAccessResult parentCheckAccessResult = securityIdentityAuthorizer.CheckAccess(securityItem); if (parentCheckAccessResult.AccessType == AccessType.Deny) return parentCheckAccessResult; if (parentCheckAccessResult.AccessType == AccessType.Allow) allowedParentCheckAccessResults.Add(parentCheckAccessResult); } if (checkAccessResult.AccessType == AccessType.Allow) return checkAccessResult; if (allowedParentCheckAccessResults.Count>0) return new CheckAccessResult(AccessType.Allow, allowedParentCheckAccessResults.SelectMany(r => r.AffectedAuthorizations)); return new CheckAccessResult(AccessType.Neutral,Enumerable.Empty<IAccessAuthorization>()); }
private ICheckAccessResult OnlyCheckAccessSelf(ISecurityItem securityItem) { DateTime now = DateTime.Now; ISecurityItemAuthorizationsResolver securityItemAuthorizationsResolver = _securityItemAuthorizationsResolverFactory.CreateResolver(securityItem); List<IAccessAuthorization> affectedAuthorizations = new List<IAccessAuthorization>(); bool deniedFound = false; bool allowedFound = false; foreach (IAccessAuthorization accessAuthorization in securityItemAuthorizationsResolver.GetAuthorizations() .Where(a => a.SecurityIdentity.Equals(_securityIdentity)).OfType<IAccessAuthorization>()) { if(accessAuthorization.LifeTime != null && !accessAuthorization.LifeTime.IsActive(now)) continue; switch (accessAuthorization.AccessType) { case AccessType.Allow: if(!deniedFound) affectedAuthorizations.Add(accessAuthorization); allowedFound = true; break; case AccessType.Deny: if(allowedFound && !deniedFound) affectedAuthorizations.Clear(); affectedAuthorizations.Add(accessAuthorization); deniedFound = true; break; case AccessType.Neutral: break; default: throw new ArgumentOutOfRangeException(); } } if(deniedFound) return new CheckAccessResult(AccessType.Deny,affectedAuthorizations); if(allowedFound) return new CheckAccessResult(AccessType.Allow, affectedAuthorizations); return new CheckAccessResult(AccessType.Neutral,Enumerable.Empty<IAccessAuthorization>()); }
private void OnSecurityItemRemoved(ISecurityItem securityItem) { _storageSynchronizer?.OnSecurityItemRemoved(securityItem); }
public static IEnumerable <ISecurityItem> GetAllAncestors(this ISecurityItem securityItem) { return(InternalGetAllAncestors(securityItem).Distinct()); }
public void OnSecurityItemRelationRemoved(ISecurityItem parent, ISecurityItem child) { _storageSynchronizer?.OnSecurityItemRelationRemoved(parent, child); }
public IConditionResult GetConditions(ISecurityIdentity securityIdentity, ISecurityItem securityItem) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity); return(securityIdentityAuthorizer.GetConditions(securityItem)); }
public ICheckAccessResult CheckAccess(ISecurityIdentity securityIdentity, ISecurityItem securityItem) { ISecurityIdentityAuthorizer securityIdentityAuthorizer = CreateCache(securityIdentity); return(securityIdentityAuthorizer.CheckAccess(securityItem)); }
public SecurityItemAuthorizationsResolver(SecurityStore store, ISecurityItem securityItem) { _store = store; _securityItem = securityItem; }
public static IConditionalAuthorization ConditionalAuthorize(this ISecurityStore store, ISecurityIdentity securityIdentity, ISecurityItem securityItem, string id = null) { if (string.IsNullOrEmpty(id)) { id = Guid.NewGuid().ToString(); } SecurityStore securityStore = (SecurityStore)store; ConditionalAuthorization conditionalAuthorization = new ConditionalAuthorization((SecurityStore)store, id) { SecurityIdentity = securityIdentity, SecurityItem = securityItem }; securityStore.Authorizations.Add(conditionalAuthorization); return(conditionalAuthorization); }