示例#1
0
        /// <summary>
        /// Gets the permissions for the specified user and entity
        /// </summary>
        /// <typeparam name="TEntity"></typeparam>
        /// <param name="user">The user.</param>
        /// <param name="entity"></param>
        /// <returns></returns>
        public Permission[] GetPermissionsFor <TEntity>(IUser user, TEntity entity) where TEntity : class
        {
            Guid key = Security.ExtractKey(entity);

            EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity);

            DetachedCriteria criteria = DetachedCriteria.For <Permission>()
                                        .Add(Expression.Eq("User", user) ||
                                             Subqueries.PropertyIn("UsersGroup.Id",
                                                                   SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
                                        .Add(Expression.Eq("EntitySecurityKey", key) || Expression.In("EntitiesGroup", entitiesGroups));

            return(FindResults(criteria));
        }
示例#2
0
        private void AddPermissionDescriptionToAuthorizationInformation <TEntity>(string operation,
                                                                                  AuthorizationInformation info,
                                                                                  IUser user, Permission[] permissions,
                                                                                  TEntity entity)
            where TEntity : class
        {
            string entityDescription         = "";
            string entitiesGroupsDescription = "";

            if (entity != null)
            {
                EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity);
                entityDescription         = Security.GetDescription(entity);
                entitiesGroupsDescription = Strings.Join(entitiesGroups);
            }
            if (permissions.Length == 0)
            {
                UsersGroup[] usersGroups = authorizationRepository.GetAssociatedUsersGroupFor(user);

                if (entity == null)                 //not on specific entity
                {
                    info.AddDeny(Resources.PermissionForOperationNotGrantedToUser,
                                 operation,
                                 user.SecurityInfo.Name,
                                 Strings.Join(usersGroups)
                                 );
                }
                else
                {
                    info.AddDeny(Resources.PermissionForOperationNotGrantedToUserOnEntity,
                                 operation,
                                 user.SecurityInfo.Name,
                                 Strings.Join(usersGroups),
                                 entityDescription,
                                 entitiesGroupsDescription);
                }
                return;
            }
            foreach (Permission permission in permissions)
            {
                AddUserLevelPermissionMessage(operation, info, user, permission, entityDescription,
                                              entitiesGroupsDescription);
                AddUserGroupLevelPermissionMessage(operation, info, user, permission, entityDescription,
                                                   entitiesGroupsDescription);
            }
        }