Пример #1
0
        public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation readOperation,
                                                 TransactionInformation transactionInformation)
        {
            if (AuthorizationContext.IsInAuthorizationContext)
            {
                return(ReadVetoResult.Allowed);
            }

            using (AuthorizationContext.Enter())
            {
                var user      = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationUser];
                var operation = CurrentRavenOperation.Headers.Value[Constants.RavenAuthorizationOperation];
                if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
                {
                    return(ReadVetoResult.Allowed);
                }

                var sw        = new StringWriter();
                var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine);
                if (isAllowed)
                {
                    return(ReadVetoResult.Allowed);
                }
                return(readOperation == ReadOperation.Query ?
                       ReadVetoResult.Ignore :
                       ReadVetoResult.Deny(sw.GetStringBuilder().ToString()));
            }
        }
Пример #2
0
            public override ReadVetoResult AllowRead(string key, JObject document, JObject metadata, ReadOperation operation, TransactionInformation transactionInformation)
            {
                var name = document["name"];

                if (name != null && name.Value <string>().Any(char.IsUpper))
                {
                    return(ReadVetoResult.Deny("Upper case characters in the 'name' property means the document is a secret!"));
                }
                return(ReadVetoResult.Allowed);
            }
 public override ReadVetoResult AllowRead(string key, Stream data, RavenJObject metadata, ReadOperation operation)
 {
     if (key.All(char.IsUpper))
     {
         return(ReadVetoResult.Ignore);
     }
     if (key.Any(char.IsUpper))
     {
         return(ReadVetoResult.Deny("You don't get to read this attachment"));
     }
     return(ReadVetoResult.Allowed);
 }
Пример #4
0
 public override ReadVetoResult AllowRead(string key, byte[] data, Newtonsoft.Json.Linq.JObject metadata, ReadOperation operation)
 {
     if (key.All(char.IsUpper))
     {
         return(ReadVetoResult.Ignore);
     }
     if (key.Any(char.IsUpper))
     {
         return(ReadVetoResult.Deny("You don't get to read this attachment"));
     }
     return(ReadVetoResult.Allowed);
 }
Пример #5
0
            public override ReadVetoResult AllowRead(string key, RavenJObject metadata, ReadOperation operation, TransactionInformation transactionInformation)
            {
                if (metadata.Value <string>("Document-Owner") == Thread.CurrentPrincipal.Identity.Name)
                {
                    return(ReadVetoResult.Allowed);
                }

                if (operation == ReadOperation.Load)
                {
                    return(ReadVetoResult.Deny("You don't have permission to read this document"));
                }

                return(ReadVetoResult.Ignore);
            }
Пример #6
0
        public override ReadVetoResult AllowRead(string key, RavenJObject metadata, ReadOperation readOperation)
        {
            using (Database.DisableAllTriggersForCurrentThread())
            {
                var user      = (CurrentOperationContext.Headers.Value == null) ? null : CurrentOperationContext.Headers.Value.Value[Constants.Authorization.RavenAuthorizationUser];
                var operation = (CurrentOperationContext.Headers.Value == null)?null:CurrentOperationContext.Headers.Value.Value[Constants.Authorization.RavenAuthorizationOperation];
                if (string.IsNullOrEmpty(operation) || string.IsNullOrEmpty(user))
                {
                    return(ReadVetoResult.Allowed);
                }

                var sw        = new StringWriter();
                var isAllowed = AuthorizationDecisions.IsAllowed(user, operation, key, metadata, sw.WriteLine);
                if (isAllowed)
                {
                    return(ReadVetoResult.Allowed);
                }
                return(readOperation == ReadOperation.Query ?
                       ReadVetoResult.Ignore :
                       ReadVetoResult.Deny(sw.GetStringBuilder().ToString()));
            }
        }