private void AgregarPermiso(Rol rol, RolParametros parametros, ReflectionClassInfo RefInfo) { SecuritySystemTypePermissionObject PermisoDeObjeto = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); PermisoDeObjeto.TargetType = RefInfo.ClassType; if (parametros.Leer) { PermisoDeObjeto.AllowRead = true; } if (parametros.Escribir) { PermisoDeObjeto.AllowWrite = true; } if (parametros.Crear) { PermisoDeObjeto.AllowCreate = true; } if (parametros.Borrar) { PermisoDeObjeto.AllowDelete = true; } if (parametros.Navegar) { PermisoDeObjeto.AllowNavigate = true; } rol.TypePermissions.Add(PermisoDeObjeto); }
public static SecuritySystemMemberPermissionsObject CreateMemberPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemMemberPermissionsObject> action, bool defaultAllowValues = true) { IObjectSpace objectSpace = XPObjectSpace.FindObjectSpaceByObject(securitySystemTypePermissionObject); var permission = objectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); permission.AllowRead = defaultAllowValues; permission.AllowWrite = defaultAllowValues; permission.EffectiveRead = defaultAllowValues; permission.EffectiveWrite = defaultAllowValues; securitySystemTypePermissionObject.MemberPermissions.Add(permission); action.Invoke(permission); return(permission); }
private void CreateLogin() { #region CreateDefaultAdminRole ExtendedSecurityRole adminRole = ObjectSpace.FindObject <ExtendedSecurityRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <ExtendedSecurityRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } #endregion CreateDefaultAdminRole #region CreateDefaultUserRole ExtendedSecurityRole userRole = ObjectSpace.FindObject <ExtendedSecurityRole>( new BinaryOperator("Name", "User")); if (userRole == null) { userRole = ObjectSpace.CreateObject <ExtendedSecurityRole>(); userRole.Name = "User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); userRole.TypePermissions.Add(userTypePermission); } #endregion CreateDefaultUserRole #region CreateDefaultAdminAccount SecurityApplicationUser defaultEmployeeUserAccount = ObjectSpace.FindObject <SecurityApplicationUser>(new BinaryOperator("UserName", "admin")); if (defaultEmployeeUserAccount == null) { defaultEmployeeUserAccount = ObjectSpace.CreateObject <SecurityApplicationUser>(); defaultEmployeeUserAccount.UserName = "******"; defaultEmployeeUserAccount.ExtendedSecurityRoles.Add(adminRole); defaultEmployeeUserAccount.SetPassword("@123456"); } #endregion CreateDefaultAdminAccount }
public static SecuritySystemObjectPermissionsObject AddNewObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemObjectPermissionsObject> action, bool defaultAllowValues = true) { var objectSpace = XPObjectSpace.FindObjectSpaceByObject(securitySystemTypePermissionObject); var permission = objectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); permission.AllowDelete = defaultAllowValues; permission.AllowNavigate = defaultAllowValues; permission.AllowRead = defaultAllowValues; permission.AllowWrite = defaultAllowValues; permission.EffectiveDelete = defaultAllowValues; permission.EffectiveNavigate = defaultAllowValues; permission.EffectiveRead = defaultAllowValues; permission.EffectiveWrite = defaultAllowValues; securitySystemTypePermissionObject.ObjectPermissions.Add(permission); action?.Invoke(permission); return(permission); }
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateDefaultRole() { DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole defaultRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Default")); if (defaultRole == null) { defaultRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(); defaultRole.Name = "Default"; SecuritySystemTypePermissionObject securityDemoUserPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); securityDemoUserPermissions.TargetType = typeof(SecuritySystemUser); defaultRole.TypePermissions.Add(securityDemoUserPermissions); SecuritySystemObjectPermissionsObject myDetailsPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //myDetailsPermission.TargetType = typeof(SecuritySystemUser); myDetailsPermission.Criteria = "[Oid] = CurrentUserId()"; myDetailsPermission.AllowNavigate = true; myDetailsPermission.AllowRead = true; securityDemoUserPermissions.ObjectPermissions.Add(myDetailsPermission); //defaultRole.PersistentPermissions.Add(myDetailsPermission); SecuritySystemTypePermissionObject userPermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userPermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemUser); defaultRole.TypePermissions.Add(userPermissions); SecuritySystemMemberPermissionsObject ownPasswordPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //ownPasswordPermission.TargetType = typeof(SecurityUser); ownPasswordPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword"; ownPasswordPermission.AllowWrite = true; userPermissions.MemberPermissions.Add(ownPasswordPermission); //defaultRole.PersistentPermissions.Add(ownPasswordPermission); SecuritySystemTypePermissionObject securityRolePermissions = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); securityRolePermissions.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole); defaultRole.TypePermissions.Add(userPermissions); SecuritySystemObjectPermissionsObject defaultRolePermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //defaultRolePermission.TargetType = typeof(DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole); defaultRolePermission.Criteria = "[Name] = 'Default'"; defaultRolePermission.AllowNavigate = true; defaultRolePermission.AllowRead = true; securityRolePermissions.ObjectPermissions.Add(defaultRolePermission); //defaultRole.PersistentPermissions.Add(defaultRolePermission); } return(defaultRole); }
// Grant full access if permission object not found for the owner // note that if you want to grant full access, you need to delete the existing permissions object private void GrantFullAcccess(Type targetType, SecuritySystemRole role) { var opArArtfRecon = CriteriaOperator.Parse("TargetType = ? And Owner = ?", targetType, role); SecuritySystemTypePermissionObject typePermission = ObjectSpace.FindObject <SecuritySystemTypePermissionObject>(opArArtfRecon); if (typePermission == null) { typePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); typePermission.TargetType = targetType; typePermission.AllowCreate = true; typePermission.AllowDelete = true; typePermission.AllowNavigate = true; typePermission.AllowRead = true; typePermission.AllowWrite = true; role.TypePermissions.Add(typePermission); } }
private void PermisosTipos(List <Type> tipos, SecuritySystemRole rol, bool create, bool del, bool navigate, bool read, bool write) { foreach (Type tp in tipos) { SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = tp; userTypePermission.AllowCreate = create; userTypePermission.AllowDelete = del; userTypePermission.AllowNavigate = navigate; userTypePermission.AllowRead = read; userTypePermission.AllowWrite = write; rol.TypePermissions.Add(userTypePermission); } }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); // Administrative role SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } // Administrator user SecuritySystemUser adminUser = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Administrator")); if (adminUser == null) { adminUser = ObjectSpace.CreateObject <SecuritySystemUser>(); adminUser.UserName = "******"; adminUser.SetPassword(""); adminUser.Roles.Add(adminRole); } // A role whith type-level permissions SecuritySystemRole contactsManagerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contacts Manager")); if (contactsManagerRole == null) { contactsManagerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactsManagerRole.Name = "Contacts Manager"; SecuritySystemTypePermissionObject contactTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactTypePermission.TargetType = typeof(Contact); contactTypePermission.AllowCreate = true; contactTypePermission.AllowDelete = true; contactTypePermission.AllowNavigate = true; contactTypePermission.AllowRead = true; contactTypePermission.AllowWrite = true; contactsManagerRole.TypePermissions.Add(contactTypePermission); } SecuritySystemUser userSam = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Sam")); if (userSam == null) { userSam = ObjectSpace.CreateObject <SecuritySystemUser>(); userSam.UserName = "******"; userSam.SetPassword(""); userSam.Roles.Add(contactsManagerRole); } // A role with object-level permissions SecuritySystemRole basicUserRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Basic User")); if (basicUserRole == null) { basicUserRole = ObjectSpace.CreateObject <SecuritySystemRole>(); basicUserRole.Name = "Basic User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); basicUserRole.TypePermissions.Add(userTypePermission); } SecuritySystemUser userJohn = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "John")); if (userJohn == null) { userJohn = ObjectSpace.CreateObject <SecuritySystemUser>(); userJohn.UserName = "******"; userJohn.SetPassword(""); userJohn.Roles.Add(basicUserRole); } // A role with member-level permissions SecuritySystemRole contactViewerRole = ObjectSpace.FindObject <SecuritySystemRole>( new BinaryOperator("Name", "Contact Viewer")); if (contactViewerRole == null) { contactViewerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); contactViewerRole.Name = "Contact Viewer"; SecuritySystemTypePermissionObject contactLimitedTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); contactLimitedTypePermission.TargetType = typeof(Contact); contactLimitedTypePermission.AllowNavigate = true; SecuritySystemMemberPermissionsObject contactMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); contactMemberPermission.Members = "Name"; contactMemberPermission.AllowRead = true; contactLimitedTypePermission.MemberPermissions.Add(contactMemberPermission); contactViewerRole.TypePermissions.Add(contactLimitedTypePermission); } SecuritySystemUser userBill = ObjectSpace.FindObject <SecuritySystemUser>( new BinaryOperator("UserName", "Bill")); if (userBill == null) { userBill = ObjectSpace.CreateObject <SecuritySystemUser>(); userBill.UserName = "******"; userBill.SetPassword(""); userBill.Roles.Add(contactViewerRole); } // Contact objects are created for demo purposes Contact contactMary = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "Mary Tellitson")); if (contactMary == null) { contactMary = ObjectSpace.CreateObject <Contact>(); contactMary.Name = "Mary Tellitson"; contactMary.Email = "*****@*****.**"; } Contact contactJohn = ObjectSpace.FindObject <Contact>( new BinaryOperator("Name", "John Nilsen")); if (contactJohn == null) { contactJohn = ObjectSpace.CreateObject <Contact>(); contactJohn.Name = "John Nilsen"; contactJohn.Email = "*****@*****.**"; } ObjectSpace.CommitChanges(); }
private void CreatePermissionRule(ExtendedSecurityRole role, Type type, bool create = true, bool delete = true, bool read = true, bool write = true, bool navigate = true) { var permission = new SecuritySystemTypePermissionObject(Session) { TargetType = type, AllowCreate = create, AllowDelete = delete, AllowRead = read, AllowWrite = write, AllowNavigate = navigate }; role.TypePermissions.Add(permission); }
private DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole CreateSecurityDemoRole() { DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole securityDemoRole = ObjectSpace.FindObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(new BinaryOperator("Name", "Demo")); if (securityDemoRole == null) { securityDemoRole = ObjectSpace.CreateObject <DevExpress.ExpressApp.Security.Strategy.SecuritySystemRole>(); securityDemoRole.Name = "Demo"; // Type Operation Permissions SecuritySystemTypePermissionObject fullAccessPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); fullAccessPermission.TargetType = typeof(FullAccessObject); fullAccessPermission.AllowCreate = true; fullAccessPermission.AllowDelete = true; fullAccessPermission.AllowNavigate = true; fullAccessPermission.AllowRead = true; fullAccessPermission.AllowWrite = true; fullAccessPermission.Save(); securityDemoRole.TypePermissions.Add(fullAccessPermission); SecuritySystemTypePermissionObject protectedContentPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); protectedContentPermission.TargetType = typeof(ProtectedContentObject); protectedContentPermission.AllowNavigate = true; protectedContentPermission.Save(); securityDemoRole.TypePermissions.Add(protectedContentPermission); SecuritySystemTypePermissionObject readOnlyPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); readOnlyPermission.TargetType = typeof(ReadOnlyObject); readOnlyPermission.AllowNavigate = true; readOnlyPermission.AllowRead = true; readOnlyPermission.Save(); securityDemoRole.TypePermissions.Add(readOnlyPermission); SecuritySystemTypePermissionObject irremovablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); irremovablePermission.TargetType = typeof(IrremovableObject); irremovablePermission.AllowCreate = true; irremovablePermission.AllowNavigate = true; irremovablePermission.AllowRead = true; irremovablePermission.AllowWrite = true; irremovablePermission.Save(); securityDemoRole.TypePermissions.Add(irremovablePermission); SecuritySystemTypePermissionObject uncreatablePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); uncreatablePermission.TargetType = typeof(UncreatableObject); uncreatablePermission.AllowDelete = true; uncreatablePermission.AllowNavigate = true; uncreatablePermission.AllowRead = true; uncreatablePermission.AllowWrite = true; uncreatablePermission.Save(); securityDemoRole.TypePermissions.Add(uncreatablePermission); // Member Operation Permissions SecuritySystemTypePermissionObject navigateMemberLevelOperationObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); navigateMemberLevelOperationObjectPermission.TargetType = typeof(MemberLevelSecurityObject); navigateMemberLevelOperationObjectPermission.AllowCreate = true; navigateMemberLevelOperationObjectPermission.AllowDelete = true; navigateMemberLevelOperationObjectPermission.AllowNavigate = true; navigateMemberLevelOperationObjectPermission.Save(); securityDemoRole.TypePermissions.Add(navigateMemberLevelOperationObjectPermission); SecuritySystemMemberPermissionsObject readWriteMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //readWriteMemberPermission.TargetType = typeof(MemberLevelSecurityObject); readWriteMemberPermission.Members = "ReadWriteProperty; Name; oid; Oid; OptimisticLockField"; // TODO - Slava D - service fields - XPO responsibility readWriteMemberPermission.AllowRead = true; readWriteMemberPermission.AllowWrite = true; readWriteMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readWriteMemberPermission); //securityDemoRole.TypePermissions.Add(readWriteMemberPermission); SecuritySystemMemberPermissionsObject protectedContentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //protectedContentMemberPermission.TargetType = typeof(MemberLevelSecurityObject); protectedContentMemberPermission.Members = "ProtectedContentProperty; ProtectedContentCollection"; protectedContentMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(protectedContentMemberPermission); //securityDemoRole.TypePermissions.Add(protectedContentMemberPermission); SecuritySystemMemberPermissionsObject readOnlyMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); //readOnlyMemberPermission.TargetType = typeof(MemberLevelSecurityObject); readOnlyMemberPermission.Members = "ReadOnlyProperty; ReadOnlyCollection"; readOnlyMemberPermission.AllowRead = true; readOnlyMemberPermission.Save(); navigateMemberLevelOperationObjectPermission.MemberPermissions.Add(readOnlyMemberPermission); //securityDemoRole.TypePermissions.Add(readOnlyMemberPermission); SecuritySystemTypePermissionObject memberLevelReferencedObject1Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); memberLevelReferencedObject1Permission.TargetType = typeof(MemberLevelReferencedObject1); memberLevelReferencedObject1Permission.AllowRead = true; memberLevelReferencedObject1Permission.AllowWrite = true; memberLevelReferencedObject1Permission.AllowCreate = true; memberLevelReferencedObject1Permission.AllowDelete = true; memberLevelReferencedObject1Permission.Save(); securityDemoRole.TypePermissions.Add(memberLevelReferencedObject1Permission); SecuritySystemTypePermissionObject memberLevelReferencedObject2Permission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); memberLevelReferencedObject2Permission.TargetType = typeof(MemberLevelReferencedObject2); memberLevelReferencedObject2Permission.AllowRead = true; memberLevelReferencedObject2Permission.AllowWrite = true; memberLevelReferencedObject2Permission.AllowCreate = true; memberLevelReferencedObject2Permission.AllowDelete = true; memberLevelReferencedObject2Permission.Save(); securityDemoRole.TypePermissions.Add(memberLevelReferencedObject2Permission); // Object Operation Permissions SecuritySystemTypePermissionObject navigateObjectLevelSecurityObjectPermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); navigateObjectLevelSecurityObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); navigateObjectLevelSecurityObjectPermission.AllowNavigate = true; navigateObjectLevelSecurityObjectPermission.Save(); securityDemoRole.TypePermissions.Add(navigateObjectLevelSecurityObjectPermission); SecuritySystemObjectPermissionsObject fullAccessObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //fullAccessObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); fullAccessObjectPermission.Criteria = "[Name] Like '%Fully Accessible%'"; //fullAccessObjectPermission.AllowCreate = true; fullAccessObjectPermission.AllowDelete = true; fullAccessObjectPermission.AllowNavigate = true; fullAccessObjectPermission.AllowRead = true; fullAccessObjectPermission.AllowWrite = true; fullAccessObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(fullAccessObjectPermission); //securityDemoRole.TypePermissions.Add(fullAccessObjectPermission); SecuritySystemObjectPermissionsObject protectedContentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //protectedContentObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); protectedContentObjectPermission.Criteria = "[Name] Like '%Protected%'"; protectedContentObjectPermission.AllowNavigate = true; protectedContentObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(protectedContentObjectPermission); //securityDemoRole.TypePermissions.Add(protectedContentObjectPermission); SecuritySystemObjectPermissionsObject readOnlyObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //readOnlyObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); readOnlyObjectPermission.Criteria = "[Name] Like '%Read-Only%'"; readOnlyObjectPermission.AllowNavigate = true; readOnlyObjectPermission.AllowRead = true; readOnlyObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(readOnlyObjectPermission); //securityDemoRole.TypePermissions.Add(readOnlyObjectPermission); SecuritySystemObjectPermissionsObject irremovableObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); //irremovableObjectPermission.TargetType = typeof(ObjectLevelSecurityObject); irremovableObjectPermission.Criteria = "[Name] Like '%Protected Deletion%'"; //irremovableObjectPermission.AllowCreate = true; irremovableObjectPermission.AllowNavigate = true; irremovableObjectPermission.AllowRead = true; irremovableObjectPermission.AllowWrite = true; irremovableObjectPermission.Save(); navigateObjectLevelSecurityObjectPermission.ObjectPermissions.Add(irremovableObjectPermission); //securityDemoRole.TypePermissions.Add(irremovableObjectPermission); securityDemoRole.Save(); } return(securityDemoRole); }
public static SecuritySystemObjectPermissionsObject CreateObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, bool defaultAllowValues = true) { return(CreateObjectPermission(securitySystemTypePermissionObject, null, defaultAllowValues)); }
public override void UpdateDatabaseAfterUpdateSchema() { base.UpdateDatabaseAfterUpdateSchema(); if (ObjectSpace.CreateCollection(typeof(Company)).Count == 0) { SecuritySystemRole adminRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", SecurityStrategy.AdministratorRoleName)); if (adminRole == null) { adminRole = ObjectSpace.CreateObject <SecuritySystemRole>(); adminRole.Name = SecurityStrategy.AdministratorRoleName; adminRole.IsAdministrative = true; } SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "User")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "User"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(SecuritySystemUser); SecuritySystemObjectPermissionsObject currentUserObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); currentUserObjectPermission.Criteria = "[Oid] = CurrentUserId()"; currentUserObjectPermission.AllowNavigate = true; currentUserObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(currentUserObjectPermission); userRole.TypePermissions.Add(userTypePermission); SecuritySystemTypePermissionObject validatedObjectTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); validatedObjectTypePermission.TargetType = typeof(ValidatedObject); validatedObjectTypePermission.AllowWrite = true; validatedObjectTypePermission.AllowNavigate = true; validatedObjectTypePermission.AllowCreate = true; validatedObjectTypePermission.AllowDelete = true; validatedObjectTypePermission.AllowRead = true; userRole.TypePermissions.Add(validatedObjectTypePermission); SecuritySystemTypePermissionObject companyTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); companyTypePermission.TargetType = typeof(Company); companyTypePermission.AllowRead = true; userRole.TypePermissions.Add(companyTypePermission); } Employee admin = ObjectSpace.CreateObject <Employee>(); admin.UserName = "******"; admin.SetPassword(""); admin.Roles.Add(adminRole); admin.Save(); Company company1 = ObjectSpace.CreateObject <Company>(); company1.Name = "Company 1"; company1.Employees.Add(admin); company1.Save(); Employee user = ObjectSpace.CreateObject <Employee>(); user.UserName = "******"; user.SetPassword(""); user.Roles.Add(userRole); user.Save(); Employee user2 = ObjectSpace.CreateObject <Employee>(); user2.UserName = "******"; user2.SetPassword(""); user2.Roles.Add(userRole); user2.Save(); Company company2 = ObjectSpace.CreateObject <Company>(); company2.Name = "Company 2"; company2.Employees.Add(user); company2.Employees.Add(user2); company2.Save(); } }
public static SecuritySystemObjectPermissionsObject CreateObjectPermission(this SecuritySystemTypePermissionObject securitySystemTypePermissionObject, Action <SecuritySystemObjectPermissionsObject> action, bool defaultAllowValues = true) { return(AddNewObjectPermission(securitySystemTypePermissionObject, action, defaultAllowValues)); }
//Managers can access and fully edit (including create and delete capabilities) data from their own department. However, they cannot access data from other departments. private SecuritySystemRole GetManagerRole() { SecuritySystemRole managerRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Managers")); if (managerRole == null) { managerRole = ObjectSpace.CreateObject <SecuritySystemRole>(); managerRole.Name = "Managers"; managerRole.ChildRoles.Add(GetUserRole()); SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); departmentTypePermission.TargetType = typeof(Department); departmentTypePermission.AllowNavigate = true; managerRole.TypePermissions.Add(departmentTypePermission); SecuritySystemObjectPermissionsObject canEditOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canEditOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditOwnDepartmentObjectPermission.AllowNavigate = true; canEditOwnDepartmentObjectPermission.AllowRead = true; canEditOwnDepartmentObjectPermission.AllowWrite = true; canEditOwnDepartmentObjectPermission.AllowDelete = true; canEditOwnDepartmentObjectPermission.Save(); departmentTypePermission.ObjectPermissions.Add(canEditOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject employeeTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); employeeTypePermission.TargetType = typeof(Employee); employeeTypePermission.AllowNavigate = true; employeeTypePermission.AllowCreate = true; managerRole.TypePermissions.Add(employeeTypePermission); SecuritySystemObjectPermissionsObject canEditEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = "IsNull(Department) || Department.Employees[Oid=CurrentUserId()]"; //canEditEmployeesFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("Department")) | new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString(); canEditEmployeesFromOwnDepartmentObjectPermission.AllowWrite = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowDelete = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true; canEditEmployeesFromOwnDepartmentObjectPermission.AllowRead = true; canEditEmployeesFromOwnDepartmentObjectPermission.Save(); employeeTypePermission.ObjectPermissions.Add(canEditEmployeesFromOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); taskTypePermission.TargetType = typeof(EmployeeTask); taskTypePermission.AllowNavigate = true; taskTypePermission.AllowCreate = true; managerRole.TypePermissions.Add(taskTypePermission); SecuritySystemObjectPermissionsObject canEditTasksOnlyFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = "IsNull(AssignedTo) || IsNull(AssignedTo.Department) || AssignedTo.Department.Employees[Oid=CurrentUserId()]"; //canEditTasksOnlyFromOwnDepartmentObjectPermission.Criteria = (new NullOperator(new OperandProperty("AssignedTo")) | new NullOperator(new OperandProperty("AssignedTo.Department")) | new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal)).ToString(); canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowNavigate = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowRead = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowWrite = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.AllowDelete = true; canEditTasksOnlyFromOwnDepartmentObjectPermission.Save(); taskTypePermission.ObjectPermissions.Add(canEditTasksOnlyFromOwnDepartmentObjectPermission); } return(managerRole); }
//Users can access and partially edit data (no create and delete capabilities) from their own department. private SecuritySystemRole GetUserRole() { SecuritySystemRole userRole = ObjectSpace.FindObject <SecuritySystemRole>(new BinaryOperator("Name", "Users")); if (userRole == null) { userRole = ObjectSpace.CreateObject <SecuritySystemRole>(); userRole.Name = "Users"; SecuritySystemTypePermissionObject userTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); userTypePermission.TargetType = typeof(Employee); userRole.TypePermissions.Add(userTypePermission); SecuritySystemObjectPermissionsObject canViewEmployeesFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canViewEmployeesFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewEmployeesFromOwnDepartmentObjectPermission.AllowNavigate = true; canViewEmployeesFromOwnDepartmentObjectPermission.AllowRead = true; userTypePermission.ObjectPermissions.Add(canViewEmployeesFromOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditOwnUserMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditOwnUserMemberPermission.Members = "ChangePasswordOnFirstLogon; StoredPassword; FirstName; LastName;"; canEditOwnUserMemberPermission.Criteria = "Oid=CurrentUserId()"; canEditOwnUserMemberPermission.Criteria = (new OperandProperty("Oid") == new FunctionOperator(CurrentUserIdOperator.OperatorName)).ToString(); canEditOwnUserMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditOwnUserMemberPermission); SecuritySystemMemberPermissionsObject canEditUserAssociationsFromOwnDepartmentMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditUserAssociationsFromOwnDepartmentMemberPermission.Members = "Tasks; Department;"; canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = "Department.Employees[Oid = CurrentUserId()]"; //canEditUserAssociationsFromOwnDepartmentMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditUserAssociationsFromOwnDepartmentMemberPermission.AllowWrite = true; userTypePermission.MemberPermissions.Add(canEditUserAssociationsFromOwnDepartmentMemberPermission); SecuritySystemTypePermissionObject roleTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); roleTypePermission.TargetType = typeof(SecuritySystemRole); roleTypePermission.AllowRead = true; userRole.TypePermissions.Add(roleTypePermission); SecuritySystemTypePermissionObject taskTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); taskTypePermission.TargetType = typeof(EmployeeTask); taskTypePermission.AllowNavigate = true; userRole.TypePermissions.Add(taskTypePermission); SecuritySystemMemberPermissionsObject canEditTaskAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditTaskAssociationsMemberPermission.Members = "AssignedTo;"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditTaskAssociationsMemberPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canEditTaskAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditTaskAssociationsMemberPermission.AllowWrite = true; taskTypePermission.MemberPermissions.Add(canEditTaskAssociationsMemberPermission); SecuritySystemObjectPermissionsObject canyEditTasksFromOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canyEditTasksFromOwnDepartmentObjectPermission.Criteria = "AssignedTo.Department.Employees[Oid = CurrentUserId()]"; //canyEditTasksFromOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("AssignedTo.Department.Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canyEditTasksFromOwnDepartmentObjectPermission.AllowNavigate = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowWrite = true; canyEditTasksFromOwnDepartmentObjectPermission.AllowRead = true; taskTypePermission.ObjectPermissions.Add(canyEditTasksFromOwnDepartmentObjectPermission); SecuritySystemTypePermissionObject departmentTypePermission = ObjectSpace.CreateObject <SecuritySystemTypePermissionObject>(); departmentTypePermission.TargetType = typeof(Department); userRole.TypePermissions.Add(departmentTypePermission); SecuritySystemObjectPermissionsObject canViewOwnDepartmentObjectPermission = ObjectSpace.CreateObject <SecuritySystemObjectPermissionsObject>(); canViewOwnDepartmentObjectPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canViewOwnDepartmentObjectPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canViewOwnDepartmentObjectPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canViewOwnDepartmentObjectPermission.AllowNavigate = true; canViewOwnDepartmentObjectPermission.AllowRead = true; canViewOwnDepartmentObjectPermission.Save(); departmentTypePermission.ObjectPermissions.Add(canViewOwnDepartmentObjectPermission); SecuritySystemMemberPermissionsObject canEditAssociationsMemberPermission = ObjectSpace.CreateObject <SecuritySystemMemberPermissionsObject>(); canEditAssociationsMemberPermission.Members = "Employees;"; canEditAssociationsMemberPermission.Criteria = "Oid=[<Employee>][Oid=CurrentUserId()].Single(Department.Oid)"; canEditAssociationsMemberPermission.Criteria = "Employees[Oid=CurrentUserId()]"; //canEditAssociationsMemberPermission.Criteria = new BinaryOperator(new OperandProperty("Oid"), currentlyLoggedEmployeeDepartmemntOid, BinaryOperatorType.Equal).ToString(); canEditAssociationsMemberPermission.AllowWrite = true; departmentTypePermission.MemberPermissions.Add(canEditAssociationsMemberPermission); } return(userRole); }