private void AutoApplyFilters(ReadCommandInfo commandInfo) { if (_applyFiltersOnClientRead.TryGetValue(commandInfo.DataSource, out List <ApplyFilterWhere> applyFilters)) { commandInfo.Filters ??= Array.Empty <FilterCriteria>(); var newFilters = applyFilters .Where(applyFilter => applyFilter.Where == null || applyFilter.Where(commandInfo)) .Where(applyFilter => !commandInfo.Filters.Any(existingFilter => GenericFilterHelper.EqualsSimpleFilter(existingFilter, applyFilter.FilterName))) .Select(applyFilter => new FilterCriteria { Filter = applyFilter.FilterName }) .ToList(); _logger.Trace(() => "AutoApplyFilters: " + string.Join(", ", newFilters.Select(f => f.Filter))); commandInfo.Filters = commandInfo.Filters.Concat(newFilters).ToArray(); } }
private void AutoApplyFilters(ReadCommandInfo commandInfo) { List <string> filterNames; if (_applyFiltersOnClientRead.TryGetValue(commandInfo.DataSource, out filterNames)) { commandInfo.Filters = commandInfo.Filters ?? new FilterCriteria[] { }; var newFilters = filterNames .Where(name => !commandInfo.Filters.Any(existingFilter => GenericFilterHelper.EqualsSimpleFilter(existingFilter, name))) .Select(name => new FilterCriteria { Filter = name }) .ToList(); _logger.Trace(() => "AutoApplyFilters: " + string.Join(", ", newFilters.Select(f => f.Filter))); commandInfo.Filters = commandInfo.Filters.Concat(newFilters).ToArray(); } }
public void SimpleRowPermissionRules() { InsertCurrentPrincipal(); // Not related to row permissions. // Insert the test data (server code bypasses row permissions): using (var container = new RhetosTestContainer(commitChanges: true)) { var repository = container.Resolve<Common.DomRepository>(); var context = container.Resolve<Common.ExecutionContext>(); repository.DemoRowPermissions1.Document.Delete(repository.DemoRowPermissions1.Document.All()); repository.DemoRowPermissions1.Employee.Delete(repository.DemoRowPermissions1.Employee.All()); repository.DemoRowPermissions1.Division.Delete(repository.DemoRowPermissions1.Division.All()); var div1 = new DemoRowPermissions1.Division { Name = "div1" }; var div2 = new DemoRowPermissions1.Division { Name = "div2" }; repository.DemoRowPermissions1.Division.Insert(new[] { div1, div2 }); // The current user: var emp1 = new DemoRowPermissions1.Employee { UserName = context.UserInfo.UserName, DivisionID = div1.ID }; repository.DemoRowPermissions1.Employee.Insert(new[] { emp1 }); // The user can access doc1, because it's in the same division: var doc1 = new DemoRowPermissions1.Document { Title = "doc1", DivisionID = div1.ID }; // The user cannot access doc2: var doc2 = new DemoRowPermissions1.Document { Title = "doc2", DivisionID = div2.ID }; repository.DemoRowPermissions1.Document.Insert(new[] { doc1, doc2 }); } // Simulate client request: Reading all documents (access denied) using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.IsTrue(report.Contains("You are not authorized")); } // Simulate client request: Reading the user's documents using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions1.Document).FullName, ReadRecords = true, Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.AreEqual("doc1", report); } }
public void CombiningMultipleRules() { InsertCurrentPrincipal(); // Not related to row permissions. // Insert the test data (server code bypasses row permissions): using (var container = new RhetosTestContainer(commitChanges: true)) { var repository = container.Resolve<Common.DomRepository>(); var context = container.Resolve<Common.ExecutionContext>(); repository.DemoRowPermissions2.DocumentApproval.Delete(repository.DemoRowPermissions2.DocumentApproval.All()); repository.DemoRowPermissions2.DocumentComment.Delete(repository.DemoRowPermissions2.DocumentComment.All()); repository.DemoRowPermissions2.Document.Delete(repository.DemoRowPermissions2.Document.All()); repository.DemoRowPermissions2.RegionSupervisor.Delete(repository.DemoRowPermissions2.RegionSupervisor.All()); repository.DemoRowPermissions2.Employee.Delete(repository.DemoRowPermissions2.Employee.All()); repository.DemoRowPermissions2.Division.Delete(repository.DemoRowPermissions2.Division.All()); repository.DemoRowPermissions2.Region.Delete(repository.DemoRowPermissions2.Region.All()); var reg3 = new DemoRowPermissions2.Region { Name = "reg3" }; repository.DemoRowPermissions2.Region.Insert(new[] { reg3 }); var div1 = new DemoRowPermissions2.Division { Name = "div1" }; var div2 = new DemoRowPermissions2.Division { Name = "div2" }; var div3 = new DemoRowPermissions2.Division { Name = "div3", RegionID = reg3.ID }; repository.DemoRowPermissions2.Division.Insert(new[] { div1, div2, div3 }); // The current user: var emp1 = new DemoRowPermissions2.Employee { UserName = context.UserInfo.UserName, DivisionID = div1.ID }; repository.DemoRowPermissions2.Employee.Insert(new[] { emp1 }); var sup3 = new DemoRowPermissions2.RegionSupervisor { EmployeeID = emp1.ID, RegionID = reg3.ID }; repository.DemoRowPermissions2.RegionSupervisor.Insert(new[] { sup3 }); // The user can access doc1, because it's in the same division: var doc1 = new DemoRowPermissions2.Document { Title = "doc1", DivisionID = div1.ID }; // The user cannot access doc2: var doc2 = new DemoRowPermissions2.Document { Title = "doc2", DivisionID = div2.ID }; // The user can access doc3, because it's in the region he supervises: var doc3 = new DemoRowPermissions2.Document { Title = "doc3", DivisionID = div3.ID }; // The user can access doc4 (same division), but cannot edit it (previous year): var doc4 = new DemoRowPermissions2.Document { Title = "doc4", DivisionID = div1.ID, Created = DateTime.Now.AddYears(-1) }; repository.DemoRowPermissions2.Document.Insert(new[] { doc1, doc2, doc3, doc4 }); } // Simulate client request: Reading all documents (access denied) using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions2.Document).FullName, ReadRecords = true }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.IsTrue(report.Contains("You are not authorized")); } // Simulate client request: Reading the user's documents using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new ReadCommandInfo { DataSource = typeof(DemoRowPermissions2.Document).FullName, ReadRecords = true, Filters = new[] { new FilterCriteria(typeof(Common.RowPermissionsReadItems)) } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.AreEqual("doc1, doc3, doc4", report); } // Simulate client request: Edit doc1 (ok) using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var repository = container.Resolve<Common.DomRepository>(); var doc1 = repository.DemoRowPermissions2.Document.Query().Where(d => d.Title == "doc1").Single(); doc1.Title += "x"; var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new SaveEntityCommandInfo { Entity = typeof(DemoRowPermissions2.Document).FullName, DataToUpdate = new[] { doc1 } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.AreEqual("Comand executed", report); var documents = repository.DemoRowPermissions2.Document.Query().Select(d => d.Title).OrderBy(t => t); Assert.AreEqual("doc1x, doc2, doc3, doc4", string.Join(", ", documents)); } // Simulate client request: Edit doc4 (acces denied) using (var container = new RhetosTestContainer()) { container.AddIgnoreClaims(); var repository = container.Resolve<Common.DomRepository>(); var doc4 = repository.DemoRowPermissions2.Document.Query().Where(d => d.Title == "doc4").Single(); doc4.Title += "x"; var processingEngine = container.Resolve<IProcessingEngine>(); var serverCommand = new SaveEntityCommandInfo { Entity = typeof(DemoRowPermissions2.Document).FullName, DataToUpdate = new[] { doc4 } }; var serverResponse = processingEngine.Execute(new[] { serverCommand }); var report = GenerateReport(serverResponse); Console.WriteLine("Server response: " + report); Assert.IsTrue(report.Contains("Insufficient permissions")); } }
public void SortAndPaginateKeepsOriginalQueryableType() { var readCommand = new ReadCommandInfo { OrderByProperties = new[] { new OrderByProperty { Property = "Name", Descending = true } }, Skip = 1, Top = 2, }; IQueryable<object> query = new[] { "a", "b", "c", "d" }.AsQueryable().Select(name => new C { Name = name }); Console.WriteLine(query.GetType()); Assert.IsTrue(query is IQueryable<C>); var result = GenericFilterHelper.SortAndPaginate<object>(query, readCommand); Assert.AreEqual("c, b", TestUtility.Dump(result, item => ((C)item).Name)); Console.WriteLine(result.GetType()); Assert.IsTrue(result is IQueryable<C>); }
public void Sort() { var readCommand = new ReadCommandInfo { OrderByProperties = new[] { new OrderByProperty { Property = "Name", Descending = true }, new OrderByProperty { Property = "Size", Descending = false }, } }; IQueryable<Entity2> query = new[] { new Entity2 { Name = "b", Size = 2, Ignore = 1 }, new Entity2 { Name = "b", Size = 2, Ignore = 2 }, new Entity2 { Name = "b", Size = 3, Ignore = 3 }, new Entity2 { Name = "b", Size = 1, Ignore = 4 }, new Entity2 { Name = "a", Size = 1, Ignore = 5 }, new Entity2 { Name = "c", Size = 3, Ignore = 6 } }.AsQueryable(); query = query.OrderBy(item => item.Ignore); // SortAndPaginate should ignore previous ordering, not append to it. var result = GenericFilterHelper.SortAndPaginate(query, readCommand); Console.WriteLine(result.ToString()); Assert.AreEqual( "c3, b1, b2, b2, b3, a1", TestUtility.Dump(result, item => item.Name + item.Size)); }
public IList <Claim> GetRequiredClaims(ICommandInfo info) { ReadCommandInfo commandInfo = (ReadCommandInfo)info; return(new[] { new Claim(commandInfo.DataSource, "Read") }); }
private bool AlreadyFilteredByRowPermissions(ReadCommandInfo readCommand) { if (readCommand.Filters != null && readCommand.Filters.Length > 0) { int lastRowPermissionFilter = -1; for (int f = readCommand.Filters.Length - 1; f >= 0; f--) if (GenericFilterHelper.EqualsSimpleFilter(readCommand.Filters[f], RowPermissionsReadInfo.FilterName)) { lastRowPermissionFilter = f; break; } if (lastRowPermissionFilter >= 0) if (lastRowPermissionFilter == readCommand.Filters.Length - 1) { _logger.Trace(() => string.Format("(DataStructure:{0}) Last filter is '{1}', skipping RowPermissionsRead validation.", readCommand.DataSource, RowPermissionsReadInfo.FilterName)); return true; } else _logger.Trace(() => string.Format("(DataStructure:{0}) Warning: Improve performance by moving filter '{1}' to last position, in order to skip RowPermissionsRead validation.", readCommand.DataSource, RowPermissionsReadInfo.FilterName)); } return false; }