private PermissionPolicyRole CreateDefaultRole()
{
PermissionPolicyRole defaultRole = ObjectSpace.FirstOrDefault <PermissionPolicyRole>(role => role.Name == "Default");
if (defaultRole == null)
{
defaultRole = ObjectSpace.CreateObject <PermissionPolicyRole>();
defaultRole.Name = "Default";
defaultRole.AddObjectPermissionFromLambda <ApplicationUser>(SecurityOperations.Read, cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Department_ListView", SecurityPermissionState.Allow);
defaultRole.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Employee_ListView", SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <ApplicationUser>(SecurityOperations.Write, "StoredPassword", cm => cm.Oid == (Guid)CurrentUserIdOperator.CurrentUserId(), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifference>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <ModelDifferenceAspect>(SecurityOperations.Create, SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <Department>(SecurityOperations.Read, SecurityPermissionState.Deny);
defaultRole.AddObjectPermissionFromLambda <Department>(SecurityOperations.Read, d => d.Title.Contains("Development"), SecurityPermissionState.Allow);
defaultRole.AddTypePermissionsRecursively <Employee>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
defaultRole.AddObjectPermissionFromLambda <Employee>(SecurityOperations.Delete, e => e.Department.Title.Contains("Development"), SecurityPermissionState.Allow);
defaultRole.AddMemberPermissionFromLambda <Employee>(SecurityOperations.Write, "LastName", e => !e.Department.Title.Contains("Development"), SecurityPermissionState.Deny);
defaultRole.AddActionPermission("RoleGeneratorAction");
}
return(defaultRole);
}
public void CreateDefaultRole()
{
PermissionPolicyRole role = ObjectSpace.FindObject <PermissionPolicyRole>(new BinaryOperator("Name", "Default"));
if (role == null)
{
role = ObjectSpace.CreateObject <PermissionPolicyRole>();
role.Name = "Default";
role.PermissionPolicy = SecurityPermissionPolicy.DenyAllByDefault;
role.AddTypePermission <PermissionPolicyRole>(SecurityOperations.Read, SecurityPermissionState.Deny);
role.AddTypePermission <Employee>(SecurityOperations.ReadWriteAccess, SecurityPermissionState.Allow);
role.AddObjectPermission <Employee>(SecurityOperations.Delete, "Contains([Department.Title], 'Development')", SecurityPermissionState.Allow);
role.AddMemberPermission <Employee>(SecurityOperations.Write, "LastName", "Not Contains([Department.Title], 'Development')", SecurityPermissionState.Deny);
role.AddTypePermission <ModelDifferenceAspect>("Read;Write;Create", SecurityPermissionState.Allow);
role.AddTypePermission <Department>(SecurityOperations.Read, SecurityPermissionState.Deny);
role.AddObjectPermission <Department>(SecurityOperations.Read, "Contains([Title], 'Development')", SecurityPermissionState.Allow);
role.AddObjectPermission <ApplicationUser>(SecurityOperations.Read, "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
role.AddMemberPermission <ApplicationUser>(SecurityOperations.Write, "StoredPassword", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
role.AddMemberPermission <ApplicationUser>(SecurityOperations.Write, "ChangePasswordOnFirstLogon", "[Oid] = CurrentUserId()", SecurityPermissionState.Allow);
role.AddTypePermission <ModelDifference>("Read;Write;Create", SecurityPermissionState.Allow);
role.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Employee_ListView", SecurityPermissionState.Allow);
role.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/MyDetails", SecurityPermissionState.Allow);
role.AddNavigationPermission(@"Application/NavigationItems/Items/Default/Items/Department_ListView", SecurityPermissionState.Allow);
role.AddActionPermission("RoleGeneratorAction");
}
}