private ResultProcessOperation IsGrantedByObject(Type type, SecurityOperation operation, object targetObject) { ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions; IEnumerable <IObjectPermission> objectPermissions = GetObjectPermissions(type).Where(p => p.Operations.HasFlag(operation)); List <bool> objectPermissionsStates = new List <bool>(); foreach (IObjectPermission objectPermission in objectPermissions) { OperationState operationState = objectPermission.OperationState; LambdaExpression criteriaExpression = objectPermission.Criteria; bool permissionResult = GetPermissionCriteriaResult(criteriaExpression, targetObject); if (permissionResult) { if (operationState == OperationState.Allow) { objectPermissionsStates.Add(true); } else { objectPermissionsStates.Add(false); } } } result = MergePermissionsStates(objectPermissionsStates); return(result); }
public bool IsGranted(Type type, SecurityOperation operation, object targetObject, string memberName) { ResultProcessOperation result = ResultProcessOperation.NotContainTargetPermissions; if (!IsSecuredType(type)) { result = ResultProcessOperation.Allow; } if (targetObject != null && !string.IsNullOrEmpty(memberName)) { result = IsGrantedByMember(type, operation, targetObject, memberName); } if (result == ResultProcessOperation.NotContainTargetPermissions && targetObject != null) { result = IsGrantedByObject(type, operation, targetObject); } if (result == ResultProcessOperation.NotContainTargetPermissions) { result = IsGrantedByType(type, operation); } if (result == ResultProcessOperation.NotContainTargetPermissions) { result = IsGrantedByOperation(operation) ? ResultProcessOperation.Allow : ResultProcessOperation.Deny; if (result == ResultProcessOperation.Deny && targetObject != null && string.IsNullOrEmpty(memberName)) { result = IsAnyMemberGranted(type, operation, targetObject); } } if (result == ResultProcessOperation.NotContainTargetPermissions) { throw new ArgumentOutOfRangeException(); } return((result == ResultProcessOperation.Allow) ? true : false); }
private ResultProcessOperation IsAnyMemberGranted(Type type, SecurityOperation operation, object targetObject) { ResultProcessOperation result = ResultProcessOperation.Deny; IEntityType entityType = securityDbContext.RealDbContext.Model.FindEntityType(targetObject.GetType()); IEnumerable <INavigation> navigationPropertys = entityType.GetNavigations(); foreach (var property in targetObject.GetType().GetTypeInfo().DeclaredProperties) { if (property.GetGetMethod().IsStatic || navigationPropertys.Any(p => p.Name == property.Name)) { continue; } string propertyName = property.Name; IProperty propertyMetadata = securityDbContext.RealDbContext.Entry(targetObject).Metadata.GetProperties().FirstOrDefault(p => p.Name == propertyName); if (propertyMetadata == null || propertyMetadata.IsKey()) { continue; } bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, propertyName); if (isGranted) { result = ResultProcessOperation.Allow; break; } } if (result == ResultProcessOperation.Deny) { foreach (INavigation navigationProperty in navigationPropertys) { bool isGranted = IsGranted(targetObject.GetType(), operation, targetObject, navigationProperty.Name); if (isGranted) { result = ResultProcessOperation.Allow; break; } } } return(result); }