public ITypePrivilegeResult GetPrivilegesByType(IList <Type> entityTypes, params ISecurityScope[] securityScopes) { ISecurityContext context = SecurityContextHolder.Context; IAuthorization authorization = context != null ? context.Authorization : null; if (authorization == null) { throw new SecurityException("User must be authorized to be able to check for privileges"); } if (securityScopes.Length == 0) { throw new ArgumentException("No " + typeof(ISecurityScope).Name + " provided to check privileges against"); } List <Type> missingEntityTypes = new List <Type>(); Object writeLock = this.writeLock; lock (writeLock) { ITypePrivilegeResult result = CreateResultByType(entityTypes, securityScopes, missingEntityTypes, authorization); if (missingEntityTypes.Count == 0) { return(result); } } if (PrivilegeService == null) { throw new SecurityException("No bean of type " + typeof(IPrivilegeService).FullName + " could be injected. Privilege functionality is deactivated. The current operation is not supported"); } String userSID = authorization.SID; IList <ITypePrivilegeOfService> privilegeResults = PrivilegeService.GetPrivilegesOfTypes(missingEntityTypes.ToArray(), securityScopes); lock (writeLock) { for (int a = 0, size = privilegeResults.Count; a < size; a++) { ITypePrivilegeOfService privilegeResult = privilegeResults[a]; Type entityType = privilegeResult.EntityType; String securityScope = InterningFeature.Intern(privilegeResult.SecurityScope.Name); ITypePrivilege pi = CreateTypePrivilegeFromServiceResult(entityType, privilegeResult); entityTypePrivilegeCache.Put(entityType, securityScope, userSID, pi); } return(CreateResultByType(entityTypes, securityScopes, null, authorization)); } }
protected ITypePrivilegeResult CreateResultByType(IList <Type> entityTypes, ISecurityScope[] securityScopes, IList <Type> missingEntityTypes, IAuthorization authorization) { ITypePrivilege[] result = new ITypePrivilege[entityTypes.Count]; String userSID = authorization.SID; for (int index = entityTypes.Count; index-- > 0;) { Type entityType = entityTypes[index]; if (entityType == null) { continue; } ITypePrivilege mergedTypePrivilege = null; for (int a = securityScopes.Length; a-- > 0;) { ITypePrivilege existingTypePrivilege = entityTypePrivilegeCache.Get(entityType, securityScopes[a].Name, userSID); if (existingTypePrivilege == null) { mergedTypePrivilege = null; break; } if (mergedTypePrivilege == null) { // Take first existing privilege as a start mergedTypePrivilege = existingTypePrivilege; } else { // Merge all other existing privileges by boolean OR throw new NotSupportedException("Not yet implemented"); } } if (mergedTypePrivilege == null) { if (missingEntityTypes != null) { missingEntityTypes.Add(entityType); continue; } mergedTypePrivilege = SkipAllTypePrivilege.INSTANCE; } result[index] = mergedTypePrivilege; } return(new TypePrivilegeResult(authorization.SID, result)); }
public static ITypePropertyPrivilege CreateFrom(ITypePrivilege privilegeAsTemplate) { return(Create(privilegeAsTemplate.CreateAllowed, privilegeAsTemplate.ReadAllowed, privilegeAsTemplate.UpdateAllowed, privilegeAsTemplate.DeleteAllowed)); }