private string BuildAccessDeniedMessage(ITenantEntity entity, EntityAction desiredAction) { // deny the attempt to access a tenant // that the user doesn't belong to return($"User belonging to tenant {_tenantIdProvider.GetTenantId()} has been denied '{desiredAction}' access " + $"to entity '{entity.GetType().Name}' belonging to tenant {entity.TenantId}"); }
public Task ValidateAccessToEntityAsync( ITenantEntity entity, EntityAction desiredAction) { if (null == entity) { return(Task.CompletedTask); } var userTenantId = _tenantIdProvider.GetTenantId(); if (TenantSpec.BelongsToSite(userTenantId)) { // simplistic access rules for prototype phase: // 'site user' can access any tenant // for the purposes of administration return(Task.CompletedTask); } // non-'site user' if (userTenantId != entity.TenantId) { string message = BuildAccessDeniedMessage(entity, desiredAction); throw new UnauthorizedAccessException(message); } // 'tenant user' can perform any modification read its own tenant information if (desiredAction != EntityAction.Read) { string message = BuildAccessDeniedMessage(entity, desiredAction); throw new UnauthorizedAccessException(message); } return(Task.CompletedTask); }
public Task ValidateAccessToEntityAsync( ITenantEntity entity, EntityAction desiredAction) { if (null == entity) { return(Task.CompletedTask); } // this call may throw exception if the user doesn't have // the validated TenantId claim var _userTenantId = _tenantIdProvider.GetTenantId(); if (TenantSpec.BelongsToSite(_userTenantId)) { // simple tenant access (no permissions) // 'site user' can access entities within any tenant // for the purposes of administration return(Task.CompletedTask); } if (_userTenantId != entity.TenantId) { var message = $"User belonging to tenant {_userTenantId} has been denied access " + $"to entity '{entity.GetType().Name}' belonging to tenant {entity.TenantId}"; throw new UnauthorizedAccessException(message); } return(Task.CompletedTask); }
protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IDbContext dbContext) { metadata.Entry.Property(EFCoreShadow.TenantId).CurrentValue = _session.TenantId.To <TTenantId>(); }
protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IUnitOfWork uow) { metadata.Entry.Property(EFCore.TenantId).CurrentValue = _context.Tenant.Id.FromString <TTenantId>(); }
protected override void Hook(ITenantEntity entity, HookEntityMetadata metadata, IUnitOfWork uow) { metadata.Entry.Property(EFCore.TenantId).CurrentValue = _session.TenantId.To <TTenantId>(); }
/// <summary> /// Gets multi-tenancy side (<see cref="MultiTenancySides"/>) of an object that implements <see cref="ITenantEntity"/>. /// </summary> /// <param name="entity">The object</param> public static MultiTenancySides FindMultiTenancySide(this ITenantEntity entity) { return(entity.TenantId == 0 ? MultiTenancySides.Host : MultiTenancySides.Tenant); }
public static bool?GetRequiresTwoFactorAuthentication(this ITenantEntity tenant) { return(tenant.Items.TryGetValue(Constants.RequiresTwoFactorAuthentication, out var requires2FA) ? (bool?)requires2FA : null); }
public static void SetConnectionString(this ITenantEntity tenant, string dbName, string connectionString) { tenant.Items.Set(dbName, connectionString); }
public static void SetConnectionString <TDbContext>(this ITenantEntity tenant, string connectionString) { var key = typeof(TDbContext).Name; tenant.SetConnectionString(key, connectionString); }
public static string GetConnectionString(this ITenantEntity tenant, string dbName) { return(tenant.Items.UnSafeGet <string>(dbName)); }
public static string GetConnectionString <TDbContext>(this ITenantEntity tenant) { var key = typeof(TDbContext).Name; return(tenant.GetConnectionString(key)); }
public static void SetIsActive(this ITenantEntity tenant, bool?value) { tenant.Items.Set(Constants.IsActive, value); }
public static bool?GetIsActive(this ITenantEntity tenant) { return(tenant.Items.TryGetValue(Constants.IsActive, out var isActive) ? (bool?)isActive : null); }
public static void SetRequiresTwoFactorAuthentication(this ITenantEntity tenant, bool?value) { tenant.Items.Set(Constants.RequiresTwoFactorAuthentication, value); }