示例#1
0
        public void AuthorizeResource(long resourceId, PermissionFlag permission = PermissionFlag.ShowPublished)
        {
            var user = m_authenticationManager.GetCurrentUser();

            if (user != null)
            {
                var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetResourceByUserPermissions(user.Id, resourceId, permission));

                if (filtered == null)
                {
                    var errorCode = GetResourceUnauthorizedErrorCodeForPermission(permission);

                    throw new MainServiceException(
                              errorCode,
                              $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with resource with id '{resourceId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
            else
            {
                var role     = m_authenticationManager.GetUnregisteredRole();
                var group    = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name));
                var filtered = m_permissionRepository.InvokeUnitOfWork(x => x.GetResourceByUserGroupPermissions(group.Id, resourceId, permission));

                if (filtered == null)
                {
                    throw new MainServiceException(
                              MainServiceErrorCode.UnregisteredUserResourceAccessForbidden,
                              $"Unregistered user does not have permission {permission} on book with resource with id '{resourceId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
        }
示例#2
0
        public void AuthorizeResourceVersion(long resourceVersionId, PermissionFlag permission)
        {
            var user = m_authenticationManager.GetCurrentUser();

            if (user != null)
            {
                var dbPermissions = m_permissionRepository.InvokeUnitOfWork(x => x.FindPermissionsForResourceVersionByUserId(resourceVersionId, user.Id));

                if (dbPermissions == null || !dbPermissions.Any(x => x.Flags.HasFlag(permission)))
                {
                    var errorCode = GetResourceUnauthorizedErrorCodeForPermission(permission);

                    throw new MainServiceException(
                              errorCode,
                              $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with resource with versionId '{resourceVersionId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
            else
            {
                var role         = m_authenticationManager.GetUnregisteredRole();
                var group        = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name));
                var dbPermission = m_permissionRepository.InvokeUnitOfWork(x => x.FindPermissionForResourceVersionByGroupId(resourceVersionId, group.Id));

                if (dbPermission == null || !dbPermission.Flags.HasFlag(permission))
                {
                    throw new MainServiceException(
                              MainServiceErrorCode.UnregisteredUserResourceAccessForbidden,
                              $"Unregistered user does not have permission {permission} on book with resource with versionId '{resourceVersionId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
        }
示例#3
0
 public void CheckPermissionConsistency(PermissionFlag permission)
 {
     if ((permission.HasFlag(PermissionFlag.EditProject) || permission.HasFlag(PermissionFlag.AdminProject)) && !permission.HasFlag(PermissionFlag.ReadProject))
     {
         throw new MainServiceException(MainServiceErrorCode.ReadProjectRequiredForSelectedPermissions, "EditProject and AdminProject permissions require assigned ReadProject permission");
     }
 }
示例#4
0
        public virtual int GetRequiredPermissionCountForProject(long projectId, PermissionFlag requiredPermission)
        {
            var resultCount = GetSession().QueryOver <Permission>()
                              .Where(x => x.Project.Id == projectId)
                              .And(BitwiseExpression.On <Permission>(x => x.Flags).HasBit(requiredPermission))
                              .RowCount();

            return(resultCount);
        }
示例#5
0
 public UpdateOrAddProjectsToRoleWork(PermissionRepository permissionRepository, int roleId, IList <long> bookIds,
                                      PermissionFlag permissionFlags) : base(permissionRepository)
 {
     m_permissionRepository = permissionRepository;
     m_roleId             = roleId;
     m_bookIds            = bookIds;
     m_permissionFlags    = permissionFlags;
     m_permissionsSubwork = new ProjectPermissionsSubwork(m_permissionRepository);
 }
示例#6
0
        public void AuthorizeBookOrPermission(long projectId, PermissionFlag permission, string permissionName)
        {
            var userPermissions = m_authenticationManager.GetCurrentUserPermissions(false);

            if (userPermissions.Any(x => x.Value == permissionName))
            {
                return;
            }

            AuthorizeBook(projectId, permission);
        }
示例#7
0
        private string DumpPermission(PermissionFlag flag)
        {
            var sb = new StringBuilder();

            if (flag.HasFlag(PermissionFlag.AdminOnly))
            {
                sb.Append("(管理者限定)");
            }
            if (flag.HasFlag(PermissionFlag.LocalOnly))
            {
                sb.Append("(ローカルユーザー限定)");
            }
            return(sb.ToString());
        }
示例#8
0
        private string GetResourceUnauthorizedErrorCodeForPermission(PermissionFlag permission)
        {
            switch (permission)
            {
            case PermissionFlag.ShowPublished:
                return(MainServiceErrorCode.UserResourceAccessForbidden);

            case PermissionFlag.ReadProject:
                return(MainServiceErrorCode.UserResourceReadForbidden);

            case PermissionFlag.EditProject:
                return(MainServiceErrorCode.UserResourceEditForbidden);

            default:
                return(MainServiceErrorCode.UserResourceAccessForbidden);
            }
        }
示例#9
0
        public void AuthorizeTextComment(long commentId, PermissionFlag permission)
        {
            var textComment = m_permissionRepository.InvokeUnitOfWork(x => x.FindById <TextComment>(commentId));

            AuthorizeResource(textComment.ResourceText.Id, permission);

            // Authorize comment author
            if (permission == PermissionFlag.EditProject)
            {
                var currentUserId = GetCurrentUserId();
                if (textComment.CreatedByUser.Id != currentUserId)
                {
                    throw new MainServiceException(
                              MainServiceErrorCode.InvalidCommentAuthorForbidden,
                              $"User with id '{currentUserId}' is not author of text comment with id '{commentId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
        }
示例#10
0
        public void AuthorizeBook(long projectId, PermissionFlag permission)
        {
            var user = m_authenticationManager.GetCurrentUser();

            if (user != null)
            {
                var filtered = m_permissionRepository.InvokeUnitOfWork(x =>
                                                                       x.GetFilteredBookIdListByUserPermissions(user.Id, new List <long> {
                    projectId
                }, permission));
                if (filtered == null || filtered.Count == 0)
                {
                    var errorCode = GetUnauthorizedErrorCodeForPermission(permission);

                    throw new MainServiceException(
                              errorCode,
                              $"User with id '{user.Id}' (external id '{user.ExternalId}') does not have permission {permission} on book with id '{projectId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
            else
            {
                var role     = m_authenticationManager.GetUnregisteredRole();
                var group    = m_permissionRepository.InvokeUnitOfWork(x => x.FindGroupByExternalIdOrCreate(role.Id, role.Name));
                var filtered = m_permissionRepository.InvokeUnitOfWork(x =>
                                                                       x.GetFilteredBookIdListByGroupPermissions(group.Id, new List <long> {
                    projectId
                }, permission));

                if (filtered == null || filtered.Count == 0)
                {
                    throw new MainServiceException(
                              MainServiceErrorCode.UnregisteredUserBookAccessForbidden,
                              $"Unregistered user does not have permission {permission} on book with id '{projectId}'",
                              HttpStatusCode.Forbidden
                              );
                }
            }
        }
示例#11
0
        public void FilterProjectIdList(ref IList <long> projectIds, PermissionFlag permission)
        {
            if (projectIds == null || projectIds.Count == 0)
            {
                return;
            }

            IList <long> filtered;
            var          user = m_authenticationManager.GetCurrentUser();

            if (user != null)
            {
                filtered = m_permissionRepository.GetFilteredBookIdListByUserPermissions(user.Id, projectIds, permission);
            }
            else
            {
                var role  = m_authenticationManager.GetUnregisteredRole();
                var group = m_permissionRepository.FindGroupByExternalIdOrCreate(role.Id, role.Name);
                filtered = m_permissionRepository.GetFilteredBookIdListByGroupPermissions(group.Id, projectIds, permission);
            }

            projectIds = filtered;
        }
示例#12
0
        public virtual Resource GetResourceByUserGroupPermissions(int groupId, long resourceId, PermissionFlag permission)
        {
            Resource   resourceAlias   = null;
            Project    projectAlias    = null;
            Permission permissionAlias = null;
            UserGroup  groupAlias      = null;

            var filteredResource = GetSession().QueryOver(() => resourceAlias)
                                   .JoinQueryOver(x => x.Project, () => projectAlias)
                                   .JoinQueryOver(x => x.Permissions, () => permissionAlias)
                                   .JoinQueryOver(x => x.UserGroup, () => groupAlias)
                                   .Where(() => groupAlias.Id == groupId && resourceAlias.Id == resourceId && projectAlias.IsRemoved == false)
                                   .And(BitwiseExpression.On(() => permissionAlias.Flags).HasBit(permission))
                                   .SingleOrDefault();

            return(filteredResource);
        }
示例#13
0
        public virtual IList <long> GetFilteredBookIdListByGroupPermissions(int groupId, IEnumerable <long> bookIds, PermissionFlag permission)
        {
            Project    projectAlias    = null;
            Permission permissionAlias = null;
            UserGroup  groupAlias      = null;

            var filteredBookIds = GetSession().QueryOver(() => projectAlias)
                                  .JoinQueryOver(x => x.Permissions, () => permissionAlias)
                                  .JoinQueryOver(x => permissionAlias.UserGroup, () => groupAlias)
                                  .Select(Projections.Distinct(Projections.Property(() => projectAlias.Id)))
                                  .Where(() => groupAlias.Id == groupId && projectAlias.IsRemoved == false)
                                  .AndRestrictionOn(() => projectAlias.Id).IsInG(bookIds)
                                  .And(BitwiseExpression.On(() => permissionAlias.Flags).HasBit(permission))
                                  .List <long>();

            return(filteredBookIds);
        }
示例#14
0
        public async Task <int> UpdatePatrons()
        {
            List <string> patrons              = new List <string>();
            List <string> patronizer           = new List <string>();
            List <string> patronized           = new List <string>();
            Dictionary <string, string> emojis = new Dictionary <string, string>();
            // collect ids of patron members
            DiscordGuild typotestground = await Program.Client.GetGuildAsync(779435254225698827);

            foreach (DiscordMember member in await typotestground.GetAllMembersAsync())
            {
                if (member.Roles.Any(role => role.Id == 832744566905241610))
                {
                    patrons.Add(member.Id.ToString());
                }
                if (member.Roles.Any(role => role.Id == 859100010184572938))
                {
                    patronizer.Add(member.Id.ToString());
                }
            }
            ;
            PatronCount = patrons.Count();
            PalantirDbContext db = new PalantirDbContext();
            // iterate through palantir members and set flags
            await db.Members.ForEachAsync(member =>
            {
                PermissionFlag flag = new PermissionFlag((byte)member.Flag);
                flag.Patron         = patrons.Any(patron => member.Member.Contains(patron));
                if (patronizer.Any(id => member.Member.Contains(id)))
                {
                    flag.Patronizer = true;
                    if (member.Patronize is not null)
                    {
                        patronized.Add(member.Patronize.Split("#")[0]);
                    }
                }
                else
                {
                    flag.Patronizer = false;
                }
                string emoji = String.IsNullOrEmpty(member.Emoji) ? "" : member.Emoji;
                if (flag.Patron || flag.BotAdmin)
                {
                    emojis.Add(member.Login, emoji);
                }
                member.Flag = flag.CalculateFlag();
            });

            // set flags of patronized members
            patronized.ForEach(id =>
            {
                if (db.Members.Any(member => member.Member.Contains(id)))
                {
                    MemberEntity member = db.Members.FirstOrDefault(member => member.Member.Contains(id));
                    PermissionFlag flag = new PermissionFlag((byte)member.Flag);
                    flag.Patron         = true;
                    string emoji        = String.IsNullOrEmpty(member.Emoji) ? "" : member.Emoji;
                    emojis.Add(member.Login, emoji);
                    member.Flag = flag.CalculateFlag();
                }
            });

            db.SaveChanges();
            db.Dispose();
            PatronEmojis = emojis;
            return(patrons.Count);
        }