示例#1
0
        static void Main()
        {
            var storage = new Dictionary <Guid, List <object> >();
            Func <Guid, Tuple <Int32, IEnumerable <object> > > reader = id => {
                List <object> events;
                if (storage.TryGetValue(id, out events))
                {
                    return(new Tuple <int, IEnumerable <object> >(events.Count, events));
                }
                return(null);
            };
            var unitOfWork = new UnitOfWork();

            var roleRepository        = new Repository <Role>(Role.Factory, unitOfWork, reader);
            var roleGroupRepository   = new Repository <RoleGroup>(RoleGroup.Factory, unitOfWork, reader);
            var userAccountRepository = new Repository <UserAccount>(UserAccount.Factory, unitOfWork, reader);

            // Setting up security (accounts, roles and authorization)
            var administratorRoleId = new RoleId(Guid.NewGuid());
            var administratorRole   = new Role(administratorRoleId, new Name("Administrator"));

            administratorRole.AddPermissions(SecurityPermissions.All);
            administratorRole.AllowPermissions(SecurityPermissions.All);
            roleRepository.Add(administratorRole.Id, administratorRole);
            var subRole1Id = new RoleId(Guid.NewGuid());
            var subRole1   = new Role(subRole1Id, new Name("SubRole1"));

            subRole1.AddPermission(SecurityPermissions.AddRole);
            subRole1.DenyPermission(SecurityPermissions.AddRole);
            roleRepository.Add(subRole1.Id, subRole1);
            var subRole2Id = new RoleId(Guid.NewGuid());
            var subRole2   = new Role(subRole2Id, new Name("SubRole2"));

            subRole2.AddPermission(SecurityPermissions.AddRole);
            subRole2.AllowPermission(SecurityPermissions.AddRole);
            roleRepository.Add(subRole2.Id, subRole2);
            var group1Id = new RoleGroupId(Guid.NewGuid());
            var group1   = new RoleGroup(group1Id, new Name("SubRole 1 & 2"));

            group1.AddRole(subRole1);
            group1.AddRole(subRole2);
            roleGroupRepository.Add(group1.Id, group1);

            var administratorId = new UserAccountId(Guid.NewGuid());
            var administrator   = new UserAccount(administratorId, new UserAccountName("Administrator"));

            administrator.GrantRole(administratorRole);
            administrator.GrantRoleGroup(group1);
            userAccountRepository.Add(administrator.Id, administrator);

            // Using security - in domain layer code
            var combinator = new AccessDecisionCombinator();

            administrator.CombineDecisions(combinator, roleRepository, roleGroupRepository);
            var decider = combinator.BuildDecider();

            Console.WriteLine(decider.IsAllowed(SecurityPermissions.AddUserAccount));

            // Using security - in application layer code

            var command = new AddUserAccount(
                new Guid("735A259F-996B-4174-9899-3D40242BF6B1"),
                "Pierke Pol");
            var resolver = new PermissionResolver();
            var service  =
                new UserAccountApplicationService(
                    userAccountRepository,
                    roleRepository,
                    roleGroupRepository);
            var authorizer =
                new MessageAuthorizer(
                    resolver,
                    userAccountRepository,
                    roleRepository,
                    roleGroupRepository);
            var commandHandler = service.Secure <AddUserAccount>(authorizer);

            commandHandler.Handle(new SecurityContext <AddUserAccount>(administratorId, command));

            // Using security - in projection code
            var builder = new SqlConnectionStringBuilder("Data Source=.\\SQLEXPRESS;Initial Catalog=<YourStoreHere>;Integrated Security=SSPI;");

            // What that table could look like ...
            //CREATE TABLE [UserAccountEffectiveRoles](
            //  [UserAccountId] [uniqueidentifier] NOT NULL,
            //  [RoleId] [uniqueidentifier] NULL,
            //  [RoleGroupId] [uniqueidentifier] NULL,
            //  [Id] [int] IDENTITY(1,1) NOT NULL,
            //  CONSTRAINT [PK_UserAccountEffectiveRoles] PRIMARY KEY CLUSTERED ( [Id] ASC )
            //)

            var observer = new SqlStatementObserver();
            // var lookup = new MemoryRoleGroupLookup(new Dictionary<Guid, HashSet<Guid>>());
            var lookupInitializer          = new SqlBasedLookupRolesOfRoleGroupInitializer(builder);
            var lookup                     = lookupInitializer.Initialize();
            var projectionHandler          = new UserAccountEffectiveRolesProjectionHandler(observer, lookup);
            var compositeProjectionHandler = new CompositeHandler(
                new IHandle <object>[] {
                new HandlerAdapter <AddedRoleToRoleGroup>(lookup),
                new HandlerAdapter <RemovedRoleFromRoleGroup>(lookup),
                new HandlerAdapter <DisabledUserAccount>(projectionHandler),
                new HandlerAdapter <RoleGrantedToUserAccount>(projectionHandler),
                new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
                new HandlerAdapter <RoleGroupGrantedToUserAccount>(projectionHandler),
                new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
                new HandlerAdapter <AddedRoleToRoleGroup>(projectionHandler),
                new HandlerAdapter <RemovedRoleFromRoleGroup>(projectionHandler)
            });

            foreach (var change in unitOfWork.GetChanges())
            {
                compositeProjectionHandler.Handle(change);
            }

            new BatchedSqlStatementFlusher(
                builder).
            Flush(observer.Statements);

            Console.ReadLine();
        }