/// <summary>
        /// This method will return all allowed permission for the given <paramref name="userToken"/> and given the <paramref name="entityToken"/>.
        /// </summary>
        /// <param name="userToken">UserToken to get permissions for.</param>
        /// <param name="entityToken">EntityToken to get permissions for.</param>
        /// <returns>Allowed permission types</returns>
        public static IEnumerable <PermissionType> GetPermissions(UserToken userToken, EntityToken entityToken)
        {
            IEnumerable <UserPermissionDefinition>      userPermissionDefinitions      = PermissionTypeFacade.GetUserPermissionDefinitions(userToken.Username);
            IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinitions = PermissionTypeFacade.GetUserGroupPermissionDefinitions(userToken.Username);

            IEnumerable <PermissionType> permissions = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinitions).Evaluate();

            return(permissions);
        }
        /// <exclude />
        public static SecurityResult Resolve(UserToken userToken, IEnumerable <PermissionType> requiredPermissions, EntityToken entityToken, IEnumerable <UserPermissionDefinition> userPermissionDefinitions, IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinition)
        {
            if (userToken == null)
            {
                throw new ArgumentNullException("userToken");
            }
            if (requiredPermissions == null)
            {
                throw new ArgumentNullException("requiredPermissions");
            }

            if ((entityToken is NoSecurityEntityToken))
            {
                return(SecurityResult.Allowed);
            }

            requiredPermissions = requiredPermissions.Evaluate();

            if (!requiredPermissions.Any())
            {
                return(SecurityResult.Allowed);
            }

            IEnumerable <PermissionType> currentPermissionTypes = PermissionTypeFacade.GetCurrentPermissionTypes(userToken, entityToken, userPermissionDefinitions, userGroupPermissionDefinition);

            if (!currentPermissionTypes.Any())
            {
                return(SecurityResult.Disallowed);
            }

            // At least one of the permissions should be allowed
            foreach (PermissionType permissionType in currentPermissionTypes)
            {
                if (requiredPermissions.Contains(permissionType))
                {
                    return(SecurityResult.Allowed);
                }
            }

            return(SecurityResult.Disallowed);
        }
示例#3
0
        /// <summary>
        /// Used for "first time" login on systems configured for this. A way to create the first user. This only works on systems
        /// with no users and with a valid "auto create admin username" specified by the global settings.
        /// </summary>
        /// <param name="userName">The user name - must match GlobalSettingsProvider.AutoCreatedAdministratorUserName</param>
        /// <param name="password">A password that meets a minimum requirement.</param>
        /// <param name="email">THe users email.</param>
        /// <param name="validateAutoCreateUserName">When true only the username specified in Composite.config as auto createable (usually 'admin') is allowed. Set to false to use a different user name.</param>
        /// <returns>true if the user was auto created. Otherwise false.</returns>
        public static void AutoCreateAdministrator(string userName, string password, string email, bool validateAutoCreateUserName = true)
        {
            if (validateAutoCreateUserName && !CanBeAutoCreated(userName))
            {
                throw new InvalidOperationException("Unable to auto create account. Either the user name is not eligble for auto creation or other users exists in the system. This feature only works for a specific user name and when no users exists.");
            }

            if (!LoginProviderPluginFacade.CanAddNewUser)
            {
                throw new InvalidOperationException("Unable to auto create account. The current login provider does not support adding users");
            }

            if (!PermissionTypeFacade.CanAlterDefinitions)
            {
                throw new InvalidOperationException("Unable to auto create account. The current permission defintion provider does not support changes");
            }

            //PasswordValidator validator = new PasswordValidator();
            //ValidationResults validationResults = validator.Validate(password);
            //if (validationResults.IsValid == false)
            //{
            //    throw new InvalidOperationException("Unable to auto create account. The specified password is not strong enough.");
            //}


            // All seems bo be ok green light go for auto creating the user.
            string group = StringResourceSystemFacade.GetString("Composite.C1Console.Users", "AdministratorAutoCreator.DefaultGroupName");

            LoginProviderPluginFacade.FormAddNewUser(userName, password, group, email);
            Log.LogVerbose("AdministratorAutoCreator", String.Format("Auto Created Administrator with user name '{0}'.", userName), LoggingService.Category.Audit);

            IUser      user      = DataFacade.GetData <IUser>().Where(f => f.Username == userName).SingleOrDefault();
            IUserGroup userGroup = DataFacade.GetData <IUserGroup>().Where(f => f.Name == "Administrator").SingleOrDefault();

            if (user != null && userGroup != null)
            {
                IUserUserGroupRelation userUserGroupRelation = DataFacade.BuildNew <IUserUserGroupRelation>();
                userUserGroupRelation.UserId      = user.Id;
                userUserGroupRelation.UserGroupId = userGroup.Id;
                DataFacade.AddNew <IUserUserGroupRelation>(userUserGroupRelation);
            }
            else
            {
                foreach (Element appRootElement in ElementFacade.GetRootsWithNoSecurity())
                {
                    string serializedEntityToken = EntityTokenSerializer.Serialize(appRootElement.ElementHandle.EntityToken);
                    LoggingService.LogVerbose("AdministratorAutoCreator", String.Format("Adding '{0}' on element '{1}' ('{2}').", userName, appRootElement.VisualData.Label ?? "(no label)", serializedEntityToken), LoggingService.Category.Audit);

                    UserPermissionDefinition userPermissionDefinition = new ConstructorBasedUserPermissionDefinition(userName, PermissionTypeFacade.GrantingPermissionTypes, serializedEntityToken);
                    PermissionTypeFacade.SetUserPermissionDefinition(userPermissionDefinition);
                }

                Log.LogVerbose("AdministratorAutoCreator", string.Format("Activating all known perspectives for user '{0}'", userName));
                IEnumerable <EntityToken> perspectiveEntityTokens = ElementFacade.GetPerspectiveElementsWithNoSecurity().Select(f => f.ElementHandle.EntityToken);
                UserPerspectiveFacade.SetEntityTokens(userName, perspectiveEntityTokens);
            }

            foreach (CultureInfo cultureInfo in DataLocalizationFacade.ActiveLocalizationCultures)
            {
                UserSettings.AddActiveLocaleCultureInfo(userName, cultureInfo);

                if (Core.Localization.LocalizationFacade.IsDefaultLocale(cultureInfo))
                {
                    UserSettings.SetCurrentActiveLocaleCultureInfo(userName, cultureInfo);
                    UserSettings.SetForeignLocaleCultureInfo(userName, cultureInfo);
                }
            }
        }
        /// <exclude />
        public static SecurityResult Resolve(SecurityToken securityToken)
        {
            if (securityToken == null)
            {
                throw new ArgumentNullException("securityToken");
            }

            IEnumerable <UserPermissionDefinition>      userPermissionDefinitions     = PermissionTypeFacade.GetUserPermissionDefinitions(securityToken.UserToken.Username);
            IEnumerable <UserGroupPermissionDefinition> userGroupPermissionDefinition = PermissionTypeFacade.GetUserGroupPermissionDefinitions(securityToken.UserToken.Username);

            return(Resolve(securityToken.UserToken, securityToken.ActionToken, securityToken.EntityToken, userPermissionDefinitions, userGroupPermissionDefinition));
        }