/// <summary>
		/// Performs an authorization request.
		/// </summary>
		/// <param name="authorizationRequest">
		/// The authorization request.
		/// </param>
		/// <returns>
		/// True if the request is authorized. False otherwise.
		/// </returns>
		public bool Authorize(AuthorizationRequest authorizationRequest)
		{
			Guard.Will.ThrowExceptionOfType<LeadPipeNetSecurityException>("Authorization requests must supply a user context.").When(authorizationRequest.ApplicationUser.User == null);
			Guard.Will.ThrowExceptionOfType<LeadPipeNetSecurityException>("Authorization requests must supply a name in the user context.").When(string.IsNullOrEmpty(authorizationRequest.ApplicationUser.User.Name));
			Guard.Will.ThrowExceptionOfType<LeadPipeNetSecurityException>("Authorization requests must supply activity names.").When(authorizationRequest.Activities == null);
			Guard.Will.ThrowExceptionOfType<LeadPipeNetSecurityException>("Authorization requests must supply an application name.").When(string.IsNullOrEmpty(authorizationRequest.ApplicationUser.Application.Name));
		
			var grantedActivities = authorizationRequest.ApplicationUser.GetEffectivePermissions();

			var isGranted = false;

			// For each of the activity names in the request...
			foreach (var activityName in authorizationRequest.Activities)
			{
				// Check to see if the user has been granted the activity...
				isGranted = grantedActivities.Any(x => x.Name.Equals(activityName));

				// TODO: Fire a domain event here to handle this.

                // Log the request...
                var authorizationRequestLogEntry = new AuthorizationRequestLogEntry() { Activity = activityName, User = authorizationRequest.ApplicationUser.User, RequestedOn = DateTime.Now, Granted = isGranted };

				// If the user is authorized then we may as well stop here...
				if (isGranted && authorizationRequest.AuthorizeAll.IsFalse())
				{
					return true;
				}
			}

			return isGranted;
		}
示例#2
0
		/// <summary>
		/// Authorizes this instance.
		/// </summary>
		/// <param name="authorizationRequest">
		/// The authorization request.
		/// </param>
		/// <returns>
		/// True if authorized. False otherwise.
		/// </returns>
		private bool Authorize(AuthorizationRequest authorizationRequest)
		{
			var authorizationResult = this.AuthorizationProvider.Authorize(authorizationRequest);

			if (this.shouldThrow)
			{
				// If we don't already have an exception built up then build the default exception...
				if (this.exception == null)
				{
					var exceptionMessage = new StringBuilder();

					exceptionMessage.Append(this.user.Name.FormattedWith("{0} is not authorized to perform "));

					if (authorizationRequest.Activities != null)
					{
						if (authorizationRequest.Activities.Count() > 1)
						{
						    var activityNames = authorizationRequest.Activities.Select(activity => activity.Name).ToList();

						    if (activityNames.Count() > 2)
							{
								activityNames[activityNames.Count() - 1] = "or " + activityNames[activityNames.Count() - 1];

								exceptionMessage.Append(activityNames.WrapEachWith(string.Empty, string.Empty, ", "));
							}
							else
							{
								exceptionMessage.Append(activityNames.WrapEachWith(string.Empty, string.Empty, " or "));
							}
						}
						else if (authorizationRequest.Activities.Count() == 1)
						{
						    var firstOrDefault = authorizationRequest.Activities.FirstOrDefault();

						    exceptionMessage.Append(firstOrDefault != null
						        ? firstOrDefault.Name.ToFriendlyName().FormattedWith("the \"{0}\" activity")
						        : "Unknown".FormattedWith("the \"{0}\" activity"));
						}
					}

					exceptionMessage.Append(authorizationRequest.ApplicationUser.Application.Name.FormattedWith(" in {0}."));

					this.exception = new LeadPipeNetAccessDeniedException(exceptionMessage.ToString());
				}

				// If CAN...
				if (!this.not)
				{
					if (authorizationResult)
					{
						return true;
					}

					throw this.exception;
				}

				// If CAN NOT...
				if (this.not)
				{
					// Throw if they can...
					if (authorizationResult)
					{
						return true;
					}

					throw this.exception;
				}
			}

			// If CAN NOT return the inverse...
			if (this.not)
			{
				return !authorizationResult;
			}

			return authorizationResult;
		}
示例#3
0
		/// <summary>
		/// Sets the application name and performs the authorization assertion.
		/// </summary>
		/// <param name="applicationName">
		/// Name of the application.
		/// </param>
		/// <returns>
		/// <c>true</c> if the user can perform the specified activity; otherwise, <c>false</c>.
		/// </returns>
		public bool In(Application application)
		{
			Guard.Will.ProtectAgainstNullArgument(() => application);

			this.application = application;

		    var applicationUser = new ApplicationUser
		    {
		        Application = this.application,
		        User = this.user
		    };

			var authorizationRequest = new AuthorizationRequest
				{
					ApplicationUser = applicationUser,
					Activities = this.activities,
					AuthorizeAll = this.authorizeAllActivities
				};

			return this.Authorize(authorizationRequest);
		}
示例#4
0
        /// <summary>
        /// Authorizes this instance.
        /// </summary>
        /// <param name="authorizationRequest">
        /// The authorization request.
        /// </param>
        /// <returns>
        /// True if authorized. False otherwise.
        /// </returns>
        private bool Authorize(AuthorizationRequest authorizationRequest)
        {
            var authorizationResult = this.AuthorizationProvider.Authorize(authorizationRequest);

            if (this.shouldThrow)
            {
                // If we don't already have an exception built up then build the default exception...
                if (this.exception == null)
                {
                    var exceptionMessage = new StringBuilder();

                    exceptionMessage.Append(this.user.Login.FormattedWith("{0} is not authorized to perform "));

                    if (authorizationRequest.Activities != null)
                    {
                        if (authorizationRequest.Activities.Count() > 1)
                        {
                            var activityNames = authorizationRequest.Activities.Select(activity => activity.Name).ToList();

                            if (activityNames.Count() > 2)
                            {
                                activityNames[activityNames.Count() - 1] = "or " + activityNames[activityNames.Count() - 1];

                                exceptionMessage.Append(activityNames.WrapEachWith(string.Empty, string.Empty, ", "));
                            }
                            else
                            {
                                exceptionMessage.Append(activityNames.WrapEachWith(string.Empty, string.Empty, " or "));
                            }
                        }
                        else if (authorizationRequest.Activities.Count() == 1)
                        {
                            var firstOrDefault = authorizationRequest.Activities.FirstOrDefault();

                            exceptionMessage.Append(firstOrDefault != null
                                ? firstOrDefault.Name.ToFriendlyName().FormattedWith("the \"{0}\" activity")
                                : "Unknown".FormattedWith("the \"{0}\" activity"));
                        }
                    }

                    exceptionMessage.Append(authorizationRequest.ApplicationUser.Application.Name.FormattedWith(" in {0}."));

                    this.exception = new LeadPipeNetAccessDeniedException(exceptionMessage.ToString());
                }

                // If CAN...
                if (!this.not)
                {
                    if (authorizationResult)
                    {
                        return(true);
                    }

                    throw this.exception;
                }

                // If CAN NOT...
                if (this.not)
                {
                    // Throw if they can...
                    if (authorizationResult)
                    {
                        return(true);
                    }

                    throw this.exception;
                }
            }

            // If CAN NOT return the inverse...
            if (this.not)
            {
                return(!authorizationResult);
            }

            return(authorizationResult);
        }