Пример #1
0
 private string BuildAccessDeniedMessage(ITenantEntity entity, EntityAction desiredAction)
 {
     // deny the attempt to access a tenant
     // that the user doesn't belong to
     return($"User belonging to tenant {_tenantIdProvider.GetTenantId()} has been denied '{desiredAction}' access " +
            $"to entity '{entity.GetType().Name}' belonging to tenant {entity.TenantId}");
 }
Пример #2
0
        public Task ValidateAccessToEntityAsync(
            ITenantEntity entity, EntityAction desiredAction)
        {
            if (null == entity)
            {
                return(Task.CompletedTask);
            }

            var userTenantId = _tenantIdProvider.GetTenantId();

            if (TenantSpec.BelongsToSite(userTenantId))
            {
                // simplistic access rules for prototype phase:
                // 'site user' can access any tenant
                // for the purposes of administration
                return(Task.CompletedTask);
            }

            // non-'site user'
            if (userTenantId != entity.TenantId)
            {
                string message = BuildAccessDeniedMessage(entity, desiredAction);
                throw new UnauthorizedAccessException(message);
            }

            // 'tenant user' can perform any modification read its own tenant information
            if (desiredAction != EntityAction.Read)
            {
                string message = BuildAccessDeniedMessage(entity, desiredAction);
                throw new UnauthorizedAccessException(message);
            }
            return(Task.CompletedTask);
        }
Пример #3
0
        public Task ValidateAccessToEntityAsync(
            ITenantEntity entity, EntityAction desiredAction)
        {
            if (null == entity)
            {
                return(Task.CompletedTask);
            }

            // this call may throw exception if the user doesn't have
            // the validated TenantId claim
            var _userTenantId = _tenantIdProvider.GetTenantId();

            if (TenantSpec.BelongsToSite(_userTenantId))
            {
                // simple tenant access (no permissions)
                // 'site user' can access entities within any tenant
                // for the purposes of administration
                return(Task.CompletedTask);
            }
            if (_userTenantId != entity.TenantId)
            {
                var message =
                    $"User belonging to tenant {_userTenantId} has been denied access " +
                    $"to entity '{entity.GetType().Name}' belonging to tenant {entity.TenantId}";
                throw new UnauthorizedAccessException(message);
            }
            return(Task.CompletedTask);
        }
Пример #4
0
 protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IDbContext dbContext)
 {
     metadata.Entry.Property(EFCoreShadow.TenantId).CurrentValue = _session.TenantId.To <TTenantId>();
 }
Пример #5
0
 protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IUnitOfWork uow)
 {
     metadata.Entry.Property(EFCore.TenantId).CurrentValue = _context.Tenant.Id.FromString <TTenantId>();
 }
Пример #6
0
 protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IUnitOfWork uow)
 {
     metadata.Entry.Property(EFCore.TenantId).CurrentValue = _session.TenantId.To <TTenantId>();
 }
Пример #7
0
 /// <summary>
 /// Gets multi-tenancy side (<see cref="MultiTenancySides"/>) of an object that implements <see cref="ITenantEntity"/>.
 /// </summary>
 /// <param name="entity">The object</param>
 public static MultiTenancySides FindMultiTenancySide(this ITenantEntity entity)
 {
     return(entity.TenantId == 0
         ? MultiTenancySides.Host
         : MultiTenancySides.Tenant);
 }
Пример #8
0
 public static bool?GetRequiresTwoFactorAuthentication(this ITenantEntity tenant)
 {
     return(tenant.Items.TryGetValue(Constants.RequiresTwoFactorAuthentication, out var requires2FA) ? (bool?)requires2FA : null);
 }
Пример #9
0
 public static void SetConnectionString(this ITenantEntity tenant, string dbName, string connectionString)
 {
     tenant.Items.Set(dbName, connectionString);
 }
Пример #10
0
        public static void SetConnectionString <TDbContext>(this ITenantEntity tenant, string connectionString)
        {
            var key = typeof(TDbContext).Name;

            tenant.SetConnectionString(key, connectionString);
        }
Пример #11
0
 public static string GetConnectionString(this ITenantEntity tenant, string dbName)
 {
     return(tenant.Items.UnSafeGet <string>(dbName));
 }
Пример #12
0
        public static string GetConnectionString <TDbContext>(this ITenantEntity tenant)
        {
            var key = typeof(TDbContext).Name;

            return(tenant.GetConnectionString(key));
        }
Пример #13
0
 public static void SetIsActive(this ITenantEntity tenant, bool?value)
 {
     tenant.Items.Set(Constants.IsActive, value);
 }
Пример #14
0
 public static bool?GetIsActive(this ITenantEntity tenant)
 {
     return(tenant.Items.TryGetValue(Constants.IsActive, out var isActive) ? (bool?)isActive : null);
 }
Пример #15
0
 public static void SetRequiresTwoFactorAuthentication(this ITenantEntity tenant, bool?value)
 {
     tenant.Items.Set(Constants.RequiresTwoFactorAuthentication, value);
 }