private static void ContactSecuritySetUp(SecurityRole roleForUser)
{
// "Address" member of contacts "Jack", "Barry" and "Mike" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Department != null && obj.Department.Office == "Texas");
// Contacts "Zack", "Marina", "Kate" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Department != null && obj.Department.Title == "Sales");
// Contact "Ezra" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Task.Description == "Draw"));
}
private static void SecuritySetUp()
{
using (PermissionProviderContext context = new PermissionProviderContext()) {
SecurityUser user = new SecurityUser()
{
Name = "John", Password = "******"
};
SecurityUser admin = new SecurityUser()
{
Name = "Admin", Password = "******"
};
SecurityRole roleForUser = new SecurityRole();
// "Address" member of contacts "Ezra" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, "Address", (db, obj) => obj.Name == "Ezra");
// Contact "Kevin" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Contact>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Address == "California");
admin.AddRole(new SecurityRole());
user.AddRole(roleForUser);
context.Add(user);
context.Add(admin);
context.SaveChanges();
}
}
private static void TaskSecuritySetUp(SecurityRole roleForUser)
{
// "Note" member of task "TopManagement", "Write" and "Draw" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, "Note", (db, obj) => obj.PercentCompleted < 50);
// Task "Hardcode" will be denied
roleForUser.AddObjectPermission <EFCoreDemoDbContext, DemoTask>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.ContactTasks.Any(p => p.Contact.Name == "John"));
}
private static void DepartmentSecuritySetUp(SecurityRole roleForUser)
{
// Department "Sales" will be denied
roleForUser.AddMemberPermission <EFCoreDemoDbContext, Department>(SecurityOperation.Read, OperationState.Deny, "Office", (db, obj) => obj.Title == "Sales");
roleForUser.AddObjectPermission <EFCoreDemoDbContext, Department>(SecurityOperation.Read, OperationState.Deny, (db, obj) => obj.Contacts.Any(c => c.Name == "Barry"));
}
