/// <summary>
/// Grant a particular rights holder specific rights to an entity.
/// </summary>
/// <param name="rightsHolderId">The rights holder's id.</param>
/// <param name="entityId">The entity's id.</param>
/// <param name="rightId">The specific right's id.</param>
/// <returns>The id of the AccessControl row.</returns>
internal static Guid GrantAccess(Guid rightsHolderId, Guid entityId, Guid rightId)
{
DataModelTransaction transaction = DataModelTransaction.Current;
DataModel dataModel = new DataModel();
Guid currentUserId = TradingSupport.UserId;
UserRow currentUserRow = DataModel.User.UserKey.Find(currentUserId);
RightsHolderRow rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
Guid rightsHolderTenantId;
AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);
Guid accessControlId = Guid.Empty;
// Determine whether current user has write access to the entity.
if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
{
throw new FaultException <SecurityFault>(
new SecurityFault(String.Format("{0} does not write permission to {1}", rightsHolderId, entityId)));
}
rightsHolderRow.AcquireReaderLock(transaction);
rightsHolderTenantId = rightsHolderRow.TenantId;
rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);
// Determine whether current user's tenant is upstream from rights holder we're modifying.
if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
{
throw new FaultException <SecurityFault>(
new SecurityFault(String.Format("{0} does not control over tenant {1}", rightsHolderId, rightsHolderTenantId)));
}
if (accessControlRow != null)
{
accessControlRow.AcquireWriterLock(transaction);
accessControlId = accessControlRow.AccessControlId;
dataModel.UpdateAccessControl(
accessControlRow.AccessControlId,
new object[] { accessControlRow.AccessControlId },
rightId,
entityId,
rightsHolderId,
accessControlRow.RowVersion,
rightsHolderTenantId);
}
else
{
accessControlId = Guid.NewGuid();
dataModel.CreateAccessControl(
accessControlId,
rightId,
entityId,
rightsHolderId,
rightsHolderTenantId);
}
return(accessControlId);
}
/// <summary>
/// Update the rights with the rights in the original AccessControlRow. If our rights have been changed, do nothing.
/// </summary>
/// <param name="accessControlRow">The row to copy the rights from.</param>
public void Update(AccessControlRow accessControlRow)
{
if (accessControlRow.RowVersion != this.rowVersion &&
accessControlRow.RightsHolderRow.RightsHolderId == user.EntityId &&
accessControlRow.EntityRow.EntityId == entity.EntityId &&
!this.dirty)
{
this.accessRight = accessControlRow.AccessRightRow.AccessRightCode;
}
this.rowVersion = accessControlRow.RowVersion;
}
/// <summary>
/// Create an new AccessControl from a AccessControlRow.
/// </summary>
/// <param name="accessControlRow">The row to base this object on.</param>
public AccessControl(AccessControlRow accessControlRow)
{
this.accessControlId = accessControlRow.AccessControlId;
this.user = Entity.New(accessControlRow.RightsHolderRow.EntityRow) as RightsHolder;
this.entity = new Entity(accessControlRow.EntityRow);
this.tenantId = accessControlRow.TenantRow.TenantId;
this.accessRight = accessControlRow.AccessRightRow.AccessRightCode;
this.rowVersion = accessControlRow.RowVersion;
this.dirty = false;
this.deleted = false;
this.newRights = false;
}
/// <summary>
/// Determine what level of access (read-only or write) we have to the selected user.
/// </summary>
/// <param name="userId">The userId of the selected user.</param>
private void Populate(Guid userId)
{
lock (DataModel.SyncRoot)
{
Boolean canWrite = false;
AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(UserContext.Instance.UserId, userId);
UserRow userRow = DataModel.User.UserKey.Find(userId);
List <Group> groups = new List <Group>();
Group admin = null;
Group user = null;
if (accessControlRow != null)
{
AccessRightRow accessRightRow = accessControlRow.AccessRightRow;
canWrite = (accessRightRow.AccessRightCode & AccessRight.Write) == AccessRight.Write;
}
foreach (GroupRow groupRow in DataModel.Group.Where(row => row.RightsHolderRow.TenantId == userRow.TenantId))
{
Group group = Entity.New(groupRow.RightsHolderRow.EntityRow) as Group;
if (group.GroupType == GroupType.FluidTradeAdmin ||
(admin == null || admin.GroupType == GroupType.SiteAdmin) && group.GroupType == GroupType.ExchangeAdmin ||
admin == null && group.GroupType == GroupType.SiteAdmin)
{
admin = group;
}
if (group.GroupType == GroupType.User)
{
user = group;
}
groups.Add(group);
}
this.Dispatcher.BeginInvoke(new Action(() => this.Populate(canWrite, admin, user)), DispatcherPriority.Normal);
}
}
/// <summary>
/// Revoke any and all access a rights holder has to an entity.
/// </summary>
/// <param name="rightsHolderId">The rights holder's id.</param>
/// <param name="entityId">The entity's id.</param>
/// <returns>The error code.</returns>
internal static ErrorCode RevokeAccess(Guid rightsHolderId, Guid entityId)
{
DataModelTransaction transaction = DataModelTransaction.Current;
DataModel dataModel = new DataModel();
Guid currentUserId = TradingSupport.UserId;
UserRow currentUserRow = DataModel.User.UserKey.Find(currentUserId);
RightsHolderRow rightsHolderRow = DataModel.RightsHolder.RightsHolderKey.Find(rightsHolderId);
Guid rightsHolderTenantId;
AccessControlRow accessControlRow = DataModel.AccessControl.AccessControlKeyRightsHolderIdEntityId.Find(rightsHolderId, entityId);
// Determine whether current user has write access to the entity.
if (!DataModelFilters.HasAccess(transaction, currentUserId, entityId, AccessRight.Write))
{
return(ErrorCode.AccessDenied);
}
rightsHolderRow.AcquireReaderLock(transaction);
rightsHolderTenantId = rightsHolderRow.TenantId;
rightsHolderRow.ReleaseReaderLock(transaction.TransactionId);
// Determine whether current user's tenant is upstream from rights holder we're modifying.
if (!DataModelFilters.HasTenantAccess(transaction, currentUserId, rightsHolderTenantId))
{
return(ErrorCode.AccessDenied);
}
if (accessControlRow != null)
{
accessControlRow.AcquireWriterLock(transaction);
dataModel.DestroyAccessControl(new object[] { accessControlRow.AccessControlId }, accessControlRow.RowVersion);
}
else
{
return(ErrorCode.RecordNotFound);
}
return(ErrorCode.Success);
}
