public Authorization GetAuthorization(IUserGroup group, ISecurableAction action) { var viewAlbumItem = action as ViewAction<AlbumItem>; if (viewAlbumItem == null || !viewAlbumItem.Target.IsProposedToBeDeleted || !(group is IUser)) return Authorization.Unknown; return viewAlbumItem.Target.ProposedToBeDeletedBy == group ? Authorization.Unknown : Authorization.Denied; }
public void AuthorizeTo(ISecurableAction action, IEnumerable<IUserGroup> userGroups) { var provider = this.providers.OrderByDescending(p => p.Priority) .FirstOrDefault(p => p.CanSetPermissions(action)); if (provider == null) throw new NotSupportedException(); provider.SetPermissions(action, userGroups); }
public IEnumerable<IUserGroup> GetAuthorizedTo(ISecurableAction action) { var authorizedByProviders = ( from provider in this.providers where provider.CanGetPermissions(action) from @group in provider.GetPermissions(action) select @group ).ToSet(); var allGroups = this.userGroupRepository.Query().ToList(); foreach (var group in allGroups) { var groupAuthorization = GetAuthorization(@group, action, authorizedByProviders); if (groupAuthorization == Authorization.UndeniablyAllowed) { yield return group; continue; } var allMembers = ((IUserGroup) group).GetUsers().ToArray(); var authorizedMembers = ( from member in allMembers let memberAuthorization = GetAuthorization(member, action, authorizedByProviders) where memberAuthorization == Authorization.UndeniablyAllowed || (groupAuthorization != Authorization.Denied && memberAuthorization == Authorization.Allowed) || (groupAuthorization == Authorization.Allowed && memberAuthorization != Authorization.Denied) select member ).ToList(); if (authorizedMembers.Count == 0) continue; if (authorizedMembers.Count == allMembers.Length) { yield return @group; continue; } foreach (var member in authorizedMembers) { yield return member; } } }
public Authorization GetAuthorization(IUserGroup group, ISecurableAction action) { return group.Name == Owners ? Authorization.UndeniablyAllowed : Authorization.Unknown; }
public Authorization GetAuthorization(IUserGroup group, ISecurableAction action) { return action is ViewAction<AlbumItem> ? Authorization.Allowed : Authorization.Unknown; }
private Authorization GetAuthorization(IUserGroup @group, ISecurableAction action, HashSet<IUserGroup> authorizedByProviders) { var authorization = GetAuthorizationAccordingToRules(group, action); if (authorization == Authorization.Unknown && authorizedByProviders.Contains(@group)) authorization = Authorization.Allowed; return authorization; }
public bool IsAuthorized(IUser user, ISecurableAction action) { return user == KnownUser.System || GetAuthorizedTo(action).Any(g => g.GetUsers().Contains(user)); }
private Authorization GetAuthorizationAccordingToRules(IUserGroup @group, ISecurableAction action) { var authorization = Authorization.Unknown; foreach (var rule in this.rules) { var result = rule.GetAuthorization(@group, action); if (result == Authorization.Unknown) continue; if (result == Authorization.UndeniablyAllowed) return result; if (result == Authorization.Allowed && authorization == Authorization.Unknown) authorization = result; if (result == Authorization.Denied) authorization = result; } return authorization; }