/// <summary>
/// Gets the owned resources.
/// </summary>
/// <typeparam name="T">Type of resource</typeparam>
/// <param name="token">Authenticated token</param>
/// <param name="context">Zentity context</param>
/// <returns>List of resources types</returns>
internal static IQueryable <T> GetOwnedResources <T>(AuthenticatedToken token, ZentityContext context)
where T : Resource
{
string ownerUri = SecurityPredicateAccess.GetPredicateUri("Owner");
string denyOwnerUri = SecurityPredicateAccess.GetInverseUri("Owner");
Identity currentUser = GetIdentity(token.IdentityName, context);
Group allUsers = GetGroup(AllUsersGroupName, context);
if (currentUser != null)
{
IQueryable <T> explicitOwnedResources = currentUser.GetAuthorizedResources(context, ownerUri).OfType <T>();
IQueryable <T> allOwnedResources = token.GetAuthorizedResources(context, ownerUri)
.Concat(allUsers.GetAuthorizedResources(context, ownerUri)).OfType <T>();
IQueryable <T> allDeniedResources = token.GetAuthorizedResources(context, denyOwnerUri)
.Concat(allUsers.GetAuthorizedResources(context, denyOwnerUri)).OfType <T>();
return(allOwnedResources.Except(allDeniedResources).Union(explicitOwnedResources));
}
else
{
return(new List <T>(0).AsQueryable());
}
}
/// <summary>
/// Returns a value indicating if the identity is the explicit
/// owner of the resource.
/// </summary>
/// <typeparam name="T">Type of resource</typeparam>
/// <param name="identity">Identity</param>
/// <param name="resource">Resource</param>
/// <param name="context">Zentity context</param>
/// <returns>System.Boolean; <c>true</c> if the identity is the explicit
/// owner, <c>false</c> otherwise</returns>
internal static bool IsExplicitOwner <T>(Identity identity, Resource resource, ZentityContext context)
where T : Resource
{
return(!identity.VerifyAuthorization(SecurityPredicateAccess.GetInverseUri("Owner"), resource, context) &&
identity.VerifyAuthorization(SecurityPredicateAccess.GetPredicateUri("Owner"), resource, context));
}