public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation readOperation,
TransactionInformation transactionInformation)
{
if (AuthorizationContext.IsInAuthorizationContext)
{
return(ReadVetoResult.Allowed);
}
using (AuthorizationContext.Enter())
{
var user = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationUser];
var operation = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationOperation];
if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
{
return(ReadVetoResult.Allowed);
}
var sw = new StringWriter();
var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine);
if (isAllowed)
{
return(ReadVetoResult.Allowed);
}
return(readOperation == ReadOperation.Query ?
ReadVetoResult.Ignore :
ReadVetoResult.Deny(sw.GetStringBuilder().ToString()));
}
}
public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation operation, TransactionInformation transactionInformation)
{
var name = document["name"];
if (name != null && name.Value <string>().Any(char.IsUpper))
{
return(ReadVetoResult.Deny("Upper case characters in the 'name' property means the document is a secret!"));
}
return(ReadVetoResult.Allowed);
}
public override ReadVetoResult AllowRead(string key, Stream data, RavenJObject metadata, ReadOperation operation)
{
if (key.All(char.IsUpper))
{
return(ReadVetoResult.Ignore);
}
if (key.Any(char.IsUpper))
{
return(ReadVetoResult.Deny("You don't get to read this attachment"));
}
return(ReadVetoResult.Allowed);
}
public override ReadVetoResult AllowRead(string key, byte[] data, Newtonsoft.Json.Linq.JObject metadata, ReadOperation operation)
{
if (key.All(char.IsUpper))
{
return(ReadVetoResult.Ignore);
}
if (key.Any(char.IsUpper))
{
return(ReadVetoResult.Deny("You don't get to read this attachment"));
}
return(ReadVetoResult.Allowed);
}
public override ReadVetoResult AllowRead(string key, RavenJObject metadata, ReadOperation operation, TransactionInformation transactionInformation)
{
if (metadata.Value <string>("Document-Owner") == Thread.CurrentPrincipal.Identity.Name)
{
return(ReadVetoResult.Allowed);
}
if (operation == ReadOperation.Load)
{
return(ReadVetoResult.Deny("You don't have permission to read this document"));
}
return(ReadVetoResult.Ignore);
}
public override ReadVetoResult AllowRead(string key, RavenJObject metadata, ReadOperation readOperation)
{
using (Database.DisableAllTriggersForCurrentThread())
{
var user = (CurrentOperationContext.Headers.Value == null) ? null : CurrentOperationContext.Headers.Value.Value[Constants.Authorization.RavenAuthorizationUser];
var operation = (CurrentOperationContext.Headers.Value == null)?null:CurrentOperationContext.Headers.Value.Value[Constants.Authorization.RavenAuthorizationOperation];
if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
{
return(ReadVetoResult.Allowed);
}
var sw = new StringWriter();
var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine);
if (isAllowed)
{
return(ReadVetoResult.Allowed);
}
return(readOperation == ReadOperation.Query ?
ReadVetoResult.Ignore :
ReadVetoResult.Deny(sw.GetStringBuilder().ToString()));
}
}