public void AuthorizeResource(long resourceId, PermissionFlag permission = PermissionFlag.ShowPublished) { var user = m_authenticationManager.GetCurrentUser(); if (user != null) { var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetResourceByUserPermissions(user.Id, resourceId, permission)); if (filtered == null) { var errorCode = GetResourceUnauthorizedErrorCodeForPermission(permission); throw new MainServiceException( errorCode, $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with resource with id '{resourceId}'", HttpStatusCode.Forbidden ); } } else { var role = m_authenticationManager.GetUnregisteredRole(); var group = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name)); var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetResourceByUserGroupPermissions(group.Id, resourceId, permission)); if (filtered == null) { throw new MainServiceException( MainServiceErrorCode.UnregisteredUserResourceAccessForbidden, $"Unregistered user does not have permission {permission} on book with resource with id '{resourceId}'", HttpStatusCode.Forbidden ); } } }
public void AuthorizeResourceVersion(long resourceVersionId, PermissionFlag permission) { var user = m_authenticationManager.GetCurrentUser(); if (user != null) { var dbPermissions = m_permissionRepository.InvokeUnitOfWork(x => x.FindPermissionsForResourceVersionByUserId(resourceVersionId, user.Id)); if (dbPermissions == null || !dbPermissions.Any(x => x.Flags.HasFlag(permission))) { var errorCode = GetResourceUnauthorizedErrorCodeForPermission(permission); throw new MainServiceException( errorCode, $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with resource with versionId '{resourceVersionId}'", HttpStatusCode.Forbidden ); } } else { var role = m_authenticationManager.GetUnregisteredRole(); var group = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name)); var dbPermission = m_permissionRepository.InvokeUnitOfWork(x => x.FindPermissionForResourceVersionByGroupId(resourceVersionId, group.Id)); if (dbPermission == null || !dbPermission.Flags.HasFlag(permission)) { throw new MainServiceException( MainServiceErrorCode.UnregisteredUserResourceAccessForbidden, $"Unregistered user does not have permission {permission} on book with resource with versionId '{resourceVersionId}'", HttpStatusCode.Forbidden ); } } }
public void CheckPermissionConsistency(PermissionFlag permission) { if ((permission.HasFlag(PermissionFlag.EditProject) || permission.HasFlag(PermissionFlag.AdminProject)) && !permission.HasFlag(PermissionFlag.ReadProject)) { throw new MainServiceException(MainServiceErrorCode.ReadProjectRequiredForSelectedPermissions, "EditProject and AdminProject permissions require assigned ReadProject permission"); } }
public virtual int GetRequiredPermissionCountForProject(long projectId, PermissionFlag requiredPermission) { var resultCount = GetSession().QueryOver <Permission>() .Where(x => x.Project.Id == projectId) .And(BitwiseExpression.On <Permission>(x => x.Flags).HasBit(requiredPermission)) .RowCount(); return(resultCount); }
public UpdateOrAddProjectsToRoleWork(PermissionRepository permissionRepository, int roleId, IList <long> bookIds, PermissionFlag permissionFlags) : base(permissionRepository) { m_permissionRepository = permissionRepository; m_roleId = roleId; m_bookIds = bookIds; m_permissionFlags = permissionFlags; m_permissionsSubwork = new ProjectPermissionsSubwork(m_permissionRepository); }
public void AuthorizeBookOrPermission(long projectId, PermissionFlag permission, string permissionName) { var userPermissions = m_authenticationManager.GetCurrentUserPermissions(false); if (userPermissions.Any(x => x.Value == permissionName)) { return; } AuthorizeBook(projectId, permission); }
private string DumpPermission(PermissionFlag flag) { var sb = new StringBuilder(); if (flag.HasFlag(PermissionFlag.AdminOnly)) { sb.Append("(管理者限定)"); } if (flag.HasFlag(PermissionFlag.LocalOnly)) { sb.Append("(ローカルユーザー限定)"); } return(sb.ToString()); }
private string GetResourceUnauthorizedErrorCodeForPermission(PermissionFlag permission) { switch (permission) { case PermissionFlag.ShowPublished: return(MainServiceErrorCode.UserResourceAccessForbidden); case PermissionFlag.ReadProject: return(MainServiceErrorCode.UserResourceReadForbidden); case PermissionFlag.EditProject: return(MainServiceErrorCode.UserResourceEditForbidden); default: return(MainServiceErrorCode.UserResourceAccessForbidden); } }
public void AuthorizeTextComment(long commentId, PermissionFlag permission) { var textComment = m_permissionRepository.InvokeUnitOfWork(x => x.FindById <TextComment>(commentId)); AuthorizeResource(textComment.ResourceText.Id, permission); // Authorize comment author if (permission == PermissionFlag.EditProject) { var currentUserId = GetCurrentUserId(); if (textComment.CreatedByUser.Id != currentUserId) { throw new MainServiceException( MainServiceErrorCode.InvalidCommentAuthorForbidden, $"User with id '{currentUserId}' is not author of text comment with id '{commentId}'", HttpStatusCode.Forbidden ); } } }
public void AuthorizeBook(long projectId, PermissionFlag permission) { var user = m_authenticationManager.GetCurrentUser(); if (user != null) { var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetFilteredBookIdListByUserPermissions(user.Id, new List <long> { projectId }, permission)); if (filtered == null || filtered.Count == 0) { var errorCode = GetUnauthorizedErrorCodeForPermission(permission); throw new MainServiceException( errorCode, $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with id '{projectId}'", HttpStatusCode.Forbidden ); } } else { var role = m_authenticationManager.GetUnregisteredRole(); var group = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name)); var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetFilteredBookIdListByGroupPermissions(group.Id, new List <long> { projectId }, permission)); if (filtered == null || filtered.Count == 0) { throw new MainServiceException( MainServiceErrorCode.UnregisteredUserBookAccessForbidden, $"Unregistered user does not have permission {permission} on book with id '{projectId}'", HttpStatusCode.Forbidden ); } } }
public void FilterProjectIdList(ref IList <long> projectIds, PermissionFlag permission) { if (projectIds == null || projectIds.Count == 0) { return; } IList <long> filtered; var user = m_authenticationManager.GetCurrentUser(); if (user != null) { filtered = m_permissionRepository.GetFilteredBookIdListByUserPermissions(user.Id, projectIds, permission); } else { var role = m_authenticationManager.GetUnregisteredRole(); var group = m_permissionRepository.FindGroupByExternalIdOrCreate(role.Id, role.Name); filtered = m_permissionRepository.GetFilteredBookIdListByGroupPermissions(group.Id, projectIds, permission); } projectIds = filtered; }
public virtual Resource GetResourceByUserGroupPermissions(int groupId, long resourceId, PermissionFlag permission) { Resource resourceAlias = null; Project projectAlias = null; Permission permissionAlias = null; UserGroup groupAlias = null; var filteredResource = GetSession().QueryOver(() => resourceAlias) .JoinQueryOver(x => x.Project, () => projectAlias) .JoinQueryOver(x => x.Permissions, () => permissionAlias) .JoinQueryOver(x => x.UserGroup, () => groupAlias) .Where(() => groupAlias.Id == groupId && resourceAlias.Id == resourceId && projectAlias.IsRemoved == false) .And(BitwiseExpression.On(() => permissionAlias.Flags).HasBit(permission)) .SingleOrDefault(); return(filteredResource); }
public virtual IList <long> GetFilteredBookIdListByGroupPermissions(int groupId, IEnumerable <long> bookIds, PermissionFlag permission) { Project projectAlias = null; Permission permissionAlias = null; UserGroup groupAlias = null; var filteredBookIds = GetSession().QueryOver(() => projectAlias) .JoinQueryOver(x => x.Permissions, () => permissionAlias) .JoinQueryOver(x => permissionAlias.UserGroup, () => groupAlias) .Select(Projections.Distinct(Projections.Property(() => projectAlias.Id))) .Where(() => groupAlias.Id == groupId && projectAlias.IsRemoved == false) .AndRestrictionOn(() => projectAlias.Id).IsInG(bookIds) .And(BitwiseExpression.On(() => permissionAlias.Flags).HasBit(permission)) .List <long>(); return(filteredBookIds); }
public async Task <int> UpdatePatrons() { List <string> patrons = new List <string>(); List <string> patronizer = new List <string>(); List <string> patronized = new List <string>(); Dictionary <string, string> emojis = new Dictionary <string, string>(); // collect ids of patron members DiscordGuild typotestground = await Program.Client.GetGuildAsync(779435254225698827); foreach (DiscordMember member in await typotestground.GetAllMembersAsync()) { if (member.Roles.Any(role => role.Id == 832744566905241610)) { patrons.Add(member.Id.ToString()); } if (member.Roles.Any(role => role.Id == 859100010184572938)) { patronizer.Add(member.Id.ToString()); } } ; PatronCount = patrons.Count(); PalantirDbContext db = new PalantirDbContext(); // iterate through palantir members and set flags await db.Members.ForEachAsync(member => { PermissionFlag flag = new PermissionFlag((byte)member.Flag); flag.Patron = patrons.Any(patron => member.Member.Contains(patron)); if (patronizer.Any(id => member.Member.Contains(id))) { flag.Patronizer = true; if (member.Patronize is not null) { patronized.Add(member.Patronize.Split("#")[0]); } } else { flag.Patronizer = false; } string emoji = String.IsNullOrEmpty(member.Emoji) ? "" : member.Emoji; if (flag.Patron || flag.BotAdmin) { emojis.Add(member.Login, emoji); } member.Flag = flag.CalculateFlag(); }); // set flags of patronized members patronized.ForEach(id => { if (db.Members.Any(member => member.Member.Contains(id))) { MemberEntity member = db.Members.FirstOrDefault(member => member.Member.Contains(id)); PermissionFlag flag = new PermissionFlag((byte)member.Flag); flag.Patron = true; string emoji = String.IsNullOrEmpty(member.Emoji) ? "" : member.Emoji; emojis.Add(member.Login, emoji); member.Flag = flag.CalculateFlag(); } }); db.SaveChanges(); db.Dispose(); PatronEmojis = emojis; return(patrons.Count); }