public UserRecordPermission(AccessType accessTypes, EntityMemberMask memberMask = null)
{
Peek = new OperationPermission(AccessType.Peek, accessTypes.IsSet(AccessType.Peek), memberMask);
ReadStrict = new OperationPermission(AccessType.ReadStrict, accessTypes.IsSet(AccessType.ReadStrict), memberMask);
UpdateStrict = new OperationPermission(AccessType.UpdateStrict, accessTypes.IsSet(AccessType.UpdateStrict), memberMask);
AccessTypes = accessTypes;
}
public bool IsAccessAllowed <TEntity>(AccessType accessType)
{
var entInfo = GetEntityInfo(typeof(TEntity));
var access = Context.User.Authority.GetEntityTypePermissions(Context, entInfo);
//Check each action type separately
if (accessType.IsSet(AccessType.CreateStrict) && !access.AccessTypes.IsSet(AccessType.CreateStrict))
{
return(false);
}
if (accessType.IsSet(AccessType.Peek) && !access.Peek.Allowed())
{
return(false);
}
if (accessType.IsSet(AccessType.ReadStrict) && !access.ReadStrict.Allowed())
{
return(false);
}
if (accessType.IsSet(AccessType.UpdateStrict) && !access.UpdateStrict.Allowed())
{
return(false);
}
if (accessType.IsSet(AccessType.DeleteStrict) && !access.AccessTypes.IsSet(AccessType.DeleteStrict))
{
return(false);
}
return(true);
}
public UserRecordPermission(AccessType accessTypes, EntityMemberMask memberMask = null)
{
Peek = new OperationPermission(AccessType.Peek, accessTypes.IsSet(AccessType.Peek), memberMask);
ReadStrict = new OperationPermission(AccessType.ReadStrict, accessTypes.IsSet(AccessType.ReadStrict), memberMask);
UpdateStrict = new OperationPermission(AccessType.UpdateStrict, accessTypes.IsSet(AccessType.UpdateStrict), memberMask);
AccessTypes = accessTypes;
}
public static UserRecordPermission Create(EntityInfo entity, string properties, AccessType accessType)
{
if (string.IsNullOrWhiteSpace(properties)) {
if (accessType.IsSet(AccessType.Update))
return UserRecordPermission.AllowAll;
if (accessType.IsSet(AccessType.ReadStrict))
return UserRecordPermission.AllowReadAll;
if (accessType.IsSet(AccessType.Peek))
return UserRecordPermission.AllowPeekAll;
return UserRecordPermission.AllowNone;
}
var mask = EntityMemberMask.Create(entity, properties);
return new UserRecordPermission(accessType, mask);
}
public static UserRecordPermission Create(EntityInfo entity, string properties, AccessType accessType)
{
if (string.IsNullOrWhiteSpace(properties))
{
if (accessType.IsSet(AccessType.Update))
{
return(UserRecordPermission.AllowAll);
}
if (accessType.IsSet(AccessType.ReadStrict))
{
return(UserRecordPermission.AllowReadAll);
}
if (accessType.IsSet(AccessType.Peek))
{
return(UserRecordPermission.AllowPeekAll);
}
return(UserRecordPermission.AllowNone);
}
var mask = EntityMemberMask.Create(entity, properties);
return(new UserRecordPermission(accessType, mask));
}
// Private utilities ========================================================================
private bool CheckEntityAccess(EntityInfo entity, AccessType accessType, out UserEntityTypePermission permissions)
{
if (Context.User.Kind == UserKind.System || entity.Flags.IsSet(EntityFlags.BypassAuthorization))
{
permissions = UserEntityTypePermission.Empty;
return(true);
}
permissions = Context.User.Authority.GetEntityTypePermissions(Context, entity);
if (permissions.AccessTypes.IsSet(accessType))
{
return(true);
}
var isReadAction = accessType.IsSet(AccessType.Read);
if (this.DenyReadAction == DenyReadActionType.Throw)
{
AccessDenied(accessType, entity, permissions);
}
return(false);
}