324 lines
11 KiB
C#
324 lines
11 KiB
C#
using System;
|
|
using System.Collections;
|
|
using System.Collections.Generic;
|
|
using System.ComponentModel;
|
|
|
|
namespace Csla.Security
|
|
{
|
|
|
|
/// <summary>
|
|
/// Maintains a list of allowed and denied user roles
|
|
/// for each property.
|
|
/// </summary>
|
|
/// <remarks></remarks>
|
|
[Serializable()]
|
|
public class AuthorizationRules
|
|
{
|
|
|
|
private Type _businessObjectType;
|
|
private AuthorizationRulesManager _typeRules;
|
|
private AuthorizationRulesManager _instanceRules;
|
|
|
|
/// <summary>
|
|
/// Creates an instance of the object, initializing
|
|
/// it with the business object type.
|
|
/// </summary>
|
|
/// <param name="businessObjectType">
|
|
/// Type of the business object to which the rules
|
|
/// apply.
|
|
/// </param>
|
|
public AuthorizationRules(Type businessObjectType)
|
|
{
|
|
_businessObjectType = businessObjectType;
|
|
}
|
|
|
|
private AuthorizationRulesManager InstanceRules
|
|
{
|
|
get
|
|
{
|
|
if (_instanceRules == null)
|
|
_instanceRules = new AuthorizationRulesManager();
|
|
return _instanceRules;
|
|
}
|
|
}
|
|
|
|
private AuthorizationRulesManager TypeRules
|
|
{
|
|
get
|
|
{
|
|
if (_typeRules == null)
|
|
_typeRules = SharedAuthorizationRules.GetManager(_businessObjectType, true);
|
|
return _typeRules;
|
|
}
|
|
}
|
|
|
|
#region Add Per-Instance Roles
|
|
|
|
/// <summary>
|
|
/// Specify the roles allowed to read a given
|
|
/// property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles granted read access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of allowed roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void InstanceAllowRead(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = InstanceRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.ReadAllowed.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles denied read access to
|
|
/// a given property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles denied read access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of denied roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void InstanceDenyRead(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = InstanceRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.ReadDenied.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles allowed to write a given
|
|
/// property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles granted write access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of allowed roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void InstanceAllowWrite(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = InstanceRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.WriteAllowed.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles denied write access to
|
|
/// a given property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles denied write access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of denied roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void InstanceDenyWrite(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = InstanceRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.WriteDenied.Add(item);
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region Add Per-Type Roles
|
|
|
|
/// <summary>
|
|
/// Specify the roles allowed to read a given
|
|
/// property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles granted read access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of allowed roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void AllowRead(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = TypeRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.ReadAllowed.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles denied read access to
|
|
/// a given property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles denied read access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of denied roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void DenyRead(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = TypeRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.ReadDenied.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles allowed to write a given
|
|
/// property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles granted write access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of allowed roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void AllowWrite(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = TypeRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.WriteAllowed.Add(item);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify the roles denied write access to
|
|
/// a given property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
/// <param name="roles">List of roles denied write access.</param>
|
|
/// <remarks>
|
|
/// This method may be called multiple times, with the roles in
|
|
/// each call being added to the end of the list of denied roles.
|
|
/// In other words, each call is cumulative, adding more roles
|
|
/// to the list.
|
|
/// </remarks>
|
|
public void DenyWrite(string propertyName, params string[] roles)
|
|
{
|
|
RolesForProperty currentRoles = TypeRules.GetRolesForProperty(propertyName);
|
|
foreach (string item in roles)
|
|
currentRoles.WriteDenied.Add(item);
|
|
}
|
|
|
|
#endregion
|
|
|
|
#region Check Roles
|
|
|
|
/// <summary>
|
|
/// Indicates whether the property has a list
|
|
/// of roles granted read access.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool HasReadAllowedRoles(string propertyName)
|
|
{
|
|
if (InstanceRules.GetRolesForProperty(propertyName).ReadAllowed.Count > 0)
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).ReadAllowed.Count > 0;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the current user as defined by
|
|
/// <see cref="Csla.ApplicationContext.User" />
|
|
/// is explicitly allowed to read the property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool IsReadAllowed(string propertyName)
|
|
{
|
|
System.Security.Principal.IPrincipal user = ApplicationContext.User;
|
|
if (InstanceRules.GetRolesForProperty(propertyName).IsReadAllowed(user))
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).IsReadAllowed(user);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the property has a list
|
|
/// of roles denied read access.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool HasReadDeniedRoles(string propertyName)
|
|
{
|
|
if (InstanceRules.GetRolesForProperty(propertyName).ReadDenied.Count > 0)
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).ReadDenied.Count > 0;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the current user as defined by
|
|
/// <see cref="Csla.ApplicationContext.User" />
|
|
/// is explicitly denied read access to the property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool IsReadDenied(string propertyName)
|
|
{
|
|
System.Security.Principal.IPrincipal user = ApplicationContext.User;
|
|
if (InstanceRules.GetRolesForProperty(propertyName).IsReadDenied(user))
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).IsReadDenied(user);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the property has a list
|
|
/// of roles granted write access.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool HasWriteAllowedRoles(string propertyName)
|
|
{
|
|
if (InstanceRules.GetRolesForProperty(propertyName).WriteAllowed.Count > 0)
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).WriteAllowed.Count > 0;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the current user as defined by
|
|
/// <see cref="Csla.ApplicationContext.User" />
|
|
/// is explicitly allowed to set the property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool IsWriteAllowed(string propertyName)
|
|
{
|
|
System.Security.Principal.IPrincipal user = ApplicationContext.User;
|
|
if (InstanceRules.GetRolesForProperty(propertyName).IsWriteAllowed(user))
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).IsWriteAllowed(user);
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the property has a list
|
|
/// of roles denied write access.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool HasWriteDeniedRoles(string propertyName)
|
|
{
|
|
if (InstanceRules.GetRolesForProperty(propertyName).WriteDenied.Count > 0)
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).WriteDenied.Count > 0;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Indicates whether the current user as defined by
|
|
/// <see cref="Csla.ApplicationContext.User" />
|
|
/// is explicitly denied write access to the property.
|
|
/// </summary>
|
|
/// <param name="propertyName">Name of the property.</param>
|
|
public bool IsWriteDenied(string propertyName)
|
|
{
|
|
System.Security.Principal.IPrincipal user = ApplicationContext.User;
|
|
if (InstanceRules.GetRolesForProperty(propertyName).IsWriteDenied(user))
|
|
return true;
|
|
return TypeRules.GetRolesForProperty(propertyName).IsWriteDenied(user);
|
|
}
|
|
|
|
#endregion
|
|
|
|
}
|
|
} |