/// <summary>
/// Sets the operation log
/// </summary>
/// <param name="request">
/// The initial request
/// </param>
/// <param name="apiField">
/// The connection field
/// </param>
/// <param name="context">
/// The request context
/// </param>
/// <param name="action">
/// The action performed
/// </param>
protected static void SetLog(
ApiRequest request,
ApiField apiField,
RequestContext context,
EnConnectionAction action)
{
if (apiField.LogAccessRules == null || !apiField.LogAccessRules.Any())
{
return;
}
var rule =
apiField.LogAccessRules.OrderByDescending(r => r.Severity)
.FirstOrDefault(r => r.ConnectionActions.HasFlag(action));
if (rule == null)
{
return;
}
var operationGranted = EnSecurityLogType.OperationGranted;
switch (action)
{
case EnConnectionAction.Create:
operationGranted = EnSecurityLogType.DataCreateGranted;
break;
case EnConnectionAction.Update:
operationGranted = EnSecurityLogType.DataUpdateGranted;
break;
case EnConnectionAction.Delete:
operationGranted = EnSecurityLogType.DataDeleteGranted;
break;
}
SecurityLog.CreateRecord(
operationGranted,
rule.Severity,
context,
rule.LogMessage,
((JObject)request.Arguments).ToString(Formatting.None));
}
/// <summary>
/// Checks if provided context is authorized to access this field
/// </summary>
/// <param name="context">
/// The request context
/// </param>
/// <param name="action">
/// The performed action.
/// </param>
/// <returns>
/// Whether context is authorized to access this field
/// </returns>
public bool CheckAuthorization(RequestContext context, EnConnectionAction action)
{
var accessTicket = context?.Authentication;
if (accessTicket == null)
{
return(!this.RequireAuthenticatedSession);
}
if (accessTicket.User == null && this.RequireAuthenticatedUserSession)
{
return(false);
}
if (this.AuthorizationRules == null)
{
return(true);
}
foreach (var rule in this.AuthorizationRules)
{
if ((accessTicket.User != null && rule.IgnoreOnUserPresent) ||
(accessTicket.User == null && rule.IgnoreOnUserNotPresent))
{
continue;
}
if (this.Flags.HasFlag(EnFieldFlags.IsConnection))
{
if (!rule.ConnectionActions.HasFlag(action))
{
continue;
}
}
var rulePrivilege = rule.Privilege;
if (rule.AddActionNameToRequiredPrivilege)
{
rulePrivilege = $"{rulePrivilege}.{action}";
}
if (rule.Scope != EnPrivilegeScope.User)
{
var clientHasPrivilege = accessTicket.ClientScope.Contains(rulePrivilege);
if (!clientHasPrivilege &&
(rule.Scope == EnPrivilegeScope.Both || rule.Scope == EnPrivilegeScope.Client))
{
return(false);
}
if (clientHasPrivilege &&
(rule.Scope == EnPrivilegeScope.Any || rule.Scope == EnPrivilegeScope.Client))
{
continue;
}
}
var userHasPrivilege = accessTicket.UserScope.Contains(rulePrivilege);
if (!userHasPrivilege)
{
return(false);
}
}
return(true);
}