public static void Start(IApplicationBuilder app, Func <AuthTokenConfigurationEmbedded> tokenConfig, string hashableEncryptionKey) { SignumControllerFactory.RegisterArea(MethodInfo.GetCurrentMethod()); AuthTokenServer.Start(tokenConfig, hashableEncryptionKey); ReflectionServer.GetContext = () => new { Culture = ReflectionServer.GetCurrentValidCulture(), Role = UserEntity.Current == null ? null : RoleEntity.Current, }; AuthLogic.OnRulesChanged += () => ReflectionServer.cache.Clear(); if (TypeAuthLogic.IsStarted) { ReflectionServer.AddTypeExtension += (ti, t) => { if (typeof(Entity).IsAssignableFrom(t)) { var ta = UserEntity.Current != null?TypeAuthLogic.GetAllowed(t) : null; ti.Extension.Add("maxTypeAllowed", ta == null ? TypeAllowedBasic.None : ta.MaxUI()); ti.Extension.Add("minTypeAllowed", ta == null ? TypeAllowedBasic.None : ta.MinUI()); ti.RequiresEntityPack |= ta != null && ta.Conditions.Any(); } }; EntityPackTS.AddExtension += ep => { var typeAllowed = UserEntity.Current == null ? TypeAllowedBasic.None : ep.entity.IsNew ? TypeAuthLogic.GetAllowed(ep.entity.GetType()).MaxUI() : TypeAuthLogic.IsAllowedFor(ep.entity, TypeAllowedBasic.Write, true) ? TypeAllowedBasic.Write : TypeAuthLogic.IsAllowedFor(ep.entity, TypeAllowedBasic.Read, true) ? TypeAllowedBasic.Read : TypeAllowedBasic.None; ep.extension.Add("typeAllowed", typeAllowed); }; OperationController.AnyReadonly += (Lite <Entity>[] lites) => { return(lites.GroupBy(ap => ap.EntityType).Any(gr => { var ta = TypeAuthLogic.GetAllowed(gr.Key); if (ta.Min(inUserInterface: true) == TypeAllowedBasic.Write) { return false; } if (ta.Max(inUserInterface: true) <= TypeAllowedBasic.Read) { return true; } return giCountReadonly.GetInvoker(gr.Key)() > 0; })); }; } if (QueryAuthLogic.IsStarted) { ReflectionServer.AddTypeExtension += (ti, t) => { if (ti.QueryDefined) { ti.Extension.Add("queryAllowed", UserEntity.Current == null ? QueryAllowed.None : QueryAuthLogic.GetQueryAllowed(t)); } }; ReflectionServer.AddFieldInfoExtension += (mi, fi) => { if (fi.DeclaringType !.Name.EndsWith("Query")) { mi.Extension.Add("queryAllowed", UserEntity.Current == null ? QueryAllowed.None : QueryAuthLogic.GetQueryAllowed(fi.GetValue(null) !)); } }; } if (PropertyAuthLogic.IsStarted) { ReflectionServer.AddPropertyRouteExtension += (mi, pr) => { mi.Extension.Add("propertyAllowed", UserEntity.Current == null ? pr.GetNoUserPropertyAllowed() : pr.GetPropertyAllowed()); }; } if (OperationAuthLogic.IsStarted) { ReflectionServer.AddOperationExtension += (oits, oi, type) => { oits.Extension.Add("operationAllowed", UserEntity.Current == null ? false : OperationAuthLogic.GetOperationAllowed(oi.OperationSymbol, type, inUserInterface: true)); }; } if (PermissionAuthLogic.IsStarted) { ReflectionServer.AddFieldInfoExtension += (mi, fi) => { if (fi.FieldType == typeof(PermissionSymbol)) { mi.Extension.Add("permissionAllowed", UserEntity.Current == null ? false : PermissionAuthLogic.IsAuthorized((PermissionSymbol)fi.GetValue(null) !)); } }; } var piPasswordHash = ReflectionTools.GetPropertyInfo((UserEntity e) => e.PasswordHash); var pcs = PropertyConverter.GetPropertyConverters(typeof(UserEntity)); pcs.GetOrThrow("passwordHash").CustomWriteJsonProperty = ctx => { }; pcs.Add("newPassword", new PropertyConverter { AvoidValidate = true, CustomWriteJsonProperty = ctx => { }, CustomReadJsonProperty = ctx => { EntityJsonConverter.AssertCanWrite(ctx.ParentPropertyRoute.Add(piPasswordHash)); var password = (string)ctx.JsonReader.Value !; var error = UserEntity.OnValidatePassword(password); if (error != null) { throw new ApplicationException(error); } ((UserEntity)ctx.Entity).PasswordHash = Security.EncodePassword(password); } });
public static void Start(IApplicationBuilder app) { SignumControllerFactory.RegisterArea(MethodInfo.GetCurrentMethod()); ReflectionServer.RegisterLike(typeof(DiffLogMessage), () => TimeMachinePermission.ShowTimeMachine.IsAuthorized() || TypeAuthLogic.GetAllowed(typeof(OperationLogEntity)).MaxUI() > TypeAllowedBasic.None); }