public virtual bool HasPermission(PermissionType permission, Guid? scope)
{
if (this.IsAdmin)
{
return true;
}
if (this.IsUser)
{
if (myAuthzs.Any(f => f.Permission == permission && (scope == null || f.Scope == scope)))
{
return true;
}
using (var ctx = storeFactory.Create(this.UserLogin))
{
//// Authorization can be assigned directly to the user.
//if (ctx.Authorization.Any(f => f.Permission == permission && f.Scope == scope && f.UserName == this.UserLogin))
//{
// return true;
//}
FieldInfo fi = permission.GetType().GetField(permission.ToString());
PermissionScopeAttribute[] attributes = (PermissionScopeAttribute[])fi.GetCustomAttributes(typeof(PermissionScopeAttribute), false);
foreach (var attrib in attributes)
{
if (attrib.ScopeType == PermissionScopeType.Organization)
{
var authzdRoles = ctx.Authorization.IncludePaths("Role").Where(f => f.Permission == permission && f.Scope == scope && f.Role != null).ToList();
var me = ctx.Users.IncludePaths("Roles.Role").Single(f => f.Username == this.UserLogin);
var myDirectRoles = me.Roles.Select(f => f.Role).ToList();
// If my direct membership in a role means that I end up being in a role that's got the authorization, then I get the authorization.
if (authzdRoles.Any(f =>
{
RoleKey key = new RoleKey { Name = f.Role.Name, OrgId = f.Scope };
return flattenedRoles.ContainsKey(key) && (from have in myDirectRoles join need in flattenedRoles[key] on have.Id equals need.Id select have).Any();
}))
{
return true;
}
}
else if (attrib.ScopeType == PermissionScopeType.MemberOfOrganization)
{
// Figure out if the user has permissions on a member due to being able to manage an organization to which the user belongs
// Get the member's current org id's
IEnumerable<Guid> orgIds = ctx.Members.Where(f => f.Id == scope.Value).SelectMany(
f => f.Memberships.Select(g => g.OrganizationId)).AsEnumerable();
// If any of the users authorizations are of the given permission on a scope of one of the user's orgs,
// then grant the operation.
if (myAuthzs.Any(f => f.Permission == permission && orgIds.Any(g => g == f.Scope)))
{
return true;
}
}
else if (attrib.ScopeType == PermissionScopeType.Member)
{
if (myAuthzs.Any(f => f.Permission == permission && f.Scope == scope))
{
return true;
}
}
else
{
throw new NotImplementedException("Don't know PermissionScope " + attrib.ScopeType.ToString());
}
}
//Type t = PermissionScopeTypeAttribute.GetScopeType(permission);
//if (t == typeof(Organization))
//{
// var me = ctx.Users.IncludePaths("Roles.Role").Single(f => f.Username == this.UserLogin);
// var myDirectRoles = me.Roles.Select(f => f.Role).ToList();
// // If my direct membership in a role means that I end up being in a role that's got the authorization, then I get the authorization.
// if (authzdRoles.Any(f =>
// {
// RoleKey key = new RoleKey { Name = f.Role.Name, OrgId = f.Scope };
// return flattenedRoles.ContainsKey(key) && (from have in myDirectRoles join need in flattenedRoles[key] on have.Id equals need.Id select have).Any();
// }))
// {
// return true;
// }
//}
}
}
return false;
}
// if (myRoles == null)
// {
// var me = ctx.Users.IncludePaths("Roles.Role.Organization").Single(
//f => f.Username == this.UserLogin
//);
// myRoles = me.Roles.Select(f => f.Role).ToList();
// }
// if (myAuthzs == null)
// {
// using (var ctx = storeFactory.Create(this.UserLogin))
// {
// foreach (var authz in ctx.Authorization.Where(f => f.Role != null))
// {
// // if (
// }
// }
// }
// }
// }
private void Init()
{
if (flattenedRoles.Count == 0)
{
using (var ctx = storeFactory.Create(this.UserLogin))
{
flattenedRoles = GetRoleMemberLookup(ctx);
}
}
if (this.IsUser)
{
//using (var ctx = storeFactory.Create(this.UserLogin))
//{
// var me =
// ctx.Users.IncludePaths("Roles.Role.Organization").Single(
// f => f.Username == this.UserLogin
// );
// myRoles = me.Roles.Select(f => f.Role).ToList();
//}
FillMyData();
RoleKey adminKey = new RoleKey(ADMIN_ROLE, null);
this.IsAdmin = HasPermission(PermissionType.SiteAdmin, null); // flattenedRoles.ContainsKey(adminKey) && (from have in myRoles join need in flattenedRoles[adminKey] on have.Id equals need.Id select have).Any();
}
}
public virtual void CreateRole(RoleKey role, bool system, RoleKey? parent)
{
if (string.IsNullOrWhiteSpace(role.Name))
{
throw new ArgumentException("role", "Role name cannot be null or empty");
}
using (var ctx = storeFactory.Create(this.UserLogin))
{
Role newRole = ctx.Roles.SingleOrDefault(f => f.Name == role.Name && f.OrganizationId == role.OrgId);
if (newRole != null) throw new InvalidOperationException("Role " + role.Name + " already exists");
newRole = new Role
{
Name = role.Name,
OrganizationId = role.OrgId,
SystemRole = system,
};
if (parent != null)
{
if (string.IsNullOrWhiteSpace(parent.Value.Name))
{
throw new ArgumentException("parent", "Parent role name cannot be null or empty");
}
RoleKey p = parent.Value;
var query = ctx.Roles.Where(f => f.Name == p.Name && f.OrganizationId == p.OrgId);
//if (parent.Value.OrgId.HasValue)
//{
// Guid workaround = parent.Value.OrgId.Value;
// query = query.Where(f => f.Organization.Id == workaround);
//}
//else
//{
// query = query.Where(f => f.Organization == null);
//}
Role parentRole = query.SingleOrDefault();
if (parentRole == null)
{
throw new InvalidOperationException("Parent role does not exist");
}
else
{
newRole.MemberOfRoles.Add(new RoleRoleMembership { Parent = parentRole, Child = newRole, IsSystem = system });
}
}
ctx.Roles.Add(newRole);
ctx.SaveChanges();
}
}
