private static ICriterion GetPermissionQueryInternal(IUser user, string operation, string securityKeyProperty) { string[] operationNames = Strings.GetHierarchicalOperationNames(operation); DetachedCriteria criteria = DetachedCriteria.For <Permission>("permission") .CreateAlias("Operation", "op") .CreateAlias("EntitiesGroup", "entityGroup", JoinType.LeftOuterJoin) .CreateAlias("entityGroup.Entities", "entityKey", JoinType.LeftOuterJoin) .SetProjection(Projections.Property("Allow")) .Add(Restrictions.In("op.Name", operationNames)) .Add(Restrictions.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add( Property.ForName(securityKeyProperty).EqProperty("permission.EntitySecurityKey") || Property.ForName(securityKeyProperty).EqProperty("entityKey.EntitySecurityKey") || ( Restrictions.IsNull("permission.EntitySecurityKey") && Restrictions.IsNull("permission.EntitiesGroup") ) ) .SetMaxResults(1) .AddOrder(Order.Desc("Level")) .AddOrder(Order.Asc("Allow")); return(Subqueries.Eq(true, criteria)); }
/// <summary> /// Gets all permissions for the specified group /// </summary> /// <param name="group">The group</param> /// <returns></returns> public Permission[] GetPermissionsFor(UsersGroup group) { DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(group).SetProjection(Projections.Id()))); return(FindResults(criteria)); }
/// <summary> /// Gets the permissions for the specified user /// </summary> /// <param name="user">The user.</param> /// <returns></returns> public Permission[] GetPermissionsFor(IUser user) { DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))); return(FindResults(criteria)); }
/// <summary> /// Gets the groups the specified entity is associated with /// </summary> /// <typeparam name="TEntity">The type of the entity.</typeparam> /// <param name="entity">The entity.</param> /// <returns></returns> public virtual EntitiesGroup[] GetAssociatedEntitiesGroupsFor <TEntity>(TEntity entity) where TEntity : class { ICollection <EntitiesGroup> entitiesGroups = SecurityCriterions.AllGroups(entity) .GetExecutableCriteria(session) .AddOrder(Order.Asc("Name")) .SetCacheable(true) .List <EntitiesGroup>(); return(entitiesGroups.ToArray()); }
/// <summary> /// Gets the associated users group for the specified user. /// </summary> /// <param name="user">The user.</param> public virtual UsersGroup[] GetAssociatedUsersGroupFor(IUser user) { ICollection <UsersGroup> usersGroups = SecurityCriterions.AllGroups(user) .GetExecutableCriteria(session) .AddOrder(Order.Asc("Name")) .SetCacheable(true) .List <UsersGroup>(); return(usersGroups.ToArray()); }
/// <summary> /// Gets the permissions for the specified user and entity /// </summary> /// <typeparam name="TEntity"></typeparam> /// <param name="user">The user.</param> /// <param name="entity"></param> /// <returns></returns> public Permission[] GetPermissionsFor <TEntity>(IUser user, TEntity entity) where TEntity : class { Guid key = Security.ExtractKey(entity); EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity); DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(Expression.Eq("EntitySecurityKey", key) || Expression.In("EntitiesGroup", entitiesGroups)); return(FindResults(criteria)); }
/// <summary> /// Gets the permissions for the specified entity /// </summary> /// <param name="user">The user.</param> /// <param name="operationName">Name of the operation.</param> /// <returns></returns> public Permission[] GetGlobalPermissionsFor(IUser user, string operationName) { string[] operationNames = Strings.GetHierarchicalOperationNames(operationName); DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(Expression.IsNull("EntitiesGroup")) .Add(Expression.IsNull("EntitySecurityKey")) .CreateAlias("Operation", "op") .Add(Expression.In("op.Name", operationNames)); return(FindResults(criteria)); }
/// <summary> /// Gets the ancestry association of an entity with the named entity group. /// This allows to track how an entity is associated to a group through /// their ancestry. /// </summary> /// <param name="entity">The entity.</param> /// <param name="entityGroupName">Name of the entity group.</param> /// <returns></returns> public virtual EntitiesGroup[] GetAncestryAssociationOfEntity <TEntity>(TEntity entity, string entityGroupName) where TEntity : class { EntitiesGroup desiredGroup = GetEntitiesGroupByName(entityGroupName); ICollection <EntitiesGroup> directGroups = SecurityCriterions.DirectEntitiesGroups(entity) .GetExecutableCriteria(session) .SetCacheable(true) .List <EntitiesGroup>(); if (directGroups.Contains(desiredGroup)) { return(new[] { desiredGroup }); } // as a nice benefit, this does an eager load of all the groups in the hierarchy // in an efficient way, so we don't have SELECT N + 1 here, nor do we need // to load the Entities collection (which may be very large) to check if we are associated // directly or not EntitiesGroup[] associatedGroups = GetAssociatedEntitiesGroupsFor(entity); if (Array.IndexOf(associatedGroups, desiredGroup) == -1) { return(new EntitiesGroup[0]); } // now we need to find out the path to it List <EntitiesGroup> shortest = new List <EntitiesGroup>(); foreach (EntitiesGroup entitiesGroup in associatedGroups) { List <EntitiesGroup> path = new List <EntitiesGroup>(); EntitiesGroup current = entitiesGroup; while (current != null && current != desiredGroup) { path.Add(current); current = current.Parent; } if (current != null) { path.Add(current); } // Valid paths are those that are contains the desired group // and start in one of the groups that are directly associated // with the user if (path.Contains(desiredGroup) && directGroups.Contains(path[0])) { shortest = Min(shortest, path); } } return(shortest.ToArray()); }
/// <summary> /// Removes the user from rhino security. /// This does NOT delete the user itself, merely reset all the /// information that rhino security knows about it. /// It also allows it to be removed by external API without violating /// FK constraints /// </summary> /// <param name="user">The user.</param> public void RemoveUser(IUser user) { ICollection <UsersGroup> groups = SecurityCriterions.DirectUsersGroups((user)) .GetExecutableCriteria(session) .SetCacheable(true) .List <UsersGroup>(); foreach (UsersGroup group in groups) { group.Users.Remove(user); } session.CreateQuery("delete Permission p where p.User = :user") .SetEntity("user", user) .ExecuteUpdate(); }
/// <summary> /// Gets the permissions for the specified operations /// </summary> /// <param name="user">The user.</param> /// <param name="operationNames">Names of the operations.</param> /// <returns></returns> public Permission[] GetGlobalPermissionsFor(IUser user, string[] operationNames) { if (operationNames == null) { throw new ArgumentNullException("operationNames"); } //string[] allOperationNames = Strings.GetHierarchicalOperationNames(operationNames); DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(UserRestriction(user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(Restrictions.IsNull("EntitiesGroup")) .Add(Restrictions.IsNull("EntitySecurityKey")) .CreateAlias("Operation", "op") .Add(Restrictions.In("op.Name", operationNames)); return(FindResults(criteria)); }
/// <summary> /// Gets the permissions for the specified entity /// </summary> /// <typeparam name="TEntity">The type of the entity.</typeparam> /// <param name="user">The user.</param> /// <param name="entity">The entity.</param> /// <param name="operationNames">Names of the operations.</param> /// <returns></returns> public Permission[] GetPermissionsFor <TEntity>(IUser user, TEntity entity, string[] operationNames) where TEntity : class { Guid key = Security.ExtractKey(entity); string[] allOperationNames = Strings.GetHierarchicalOperationNames(operationNames); EntitiesGroup[] entitiesGroups = authorizationRepository.GetAssociatedEntitiesGroupsFor(entity); AbstractCriterion onCriteria = (Restrictions.Eq("EntitySecurityKey", key) || Restrictions.In("EntitiesGroup", entitiesGroups)) || (Restrictions.IsNull("EntitiesGroup") && Restrictions.IsNull("EntitySecurityKey")); DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Restrictions.Eq("User", user) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(user).SetProjection(Projections.Id()))) .Add(onCriteria) .CreateAlias("Operation", "op") .Add(Restrictions.In("op.Name", allOperationNames)); return(FindResults(criteria)); }