154 lines
5.9 KiB
C#
154 lines
5.9 KiB
C#
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
using System.Web;
|
|
using System.Web.Mvc;
|
|
using Microsoft.AspNet.Identity;
|
|
using System.Security.Principal;
|
|
using EnVisage.Code.Cache;
|
|
using EnVisage.Models.Cache;
|
|
|
|
namespace EnVisage.Code
|
|
{
|
|
/// <summary>
|
|
/// Manager for check security operations
|
|
/// </summary>
|
|
/// <remarks>Created by SA</remarks>
|
|
public class SecurityManager
|
|
{
|
|
/// <summary>
|
|
/// Returns current user Principal Id (GUID)
|
|
/// </summary>
|
|
public static Guid GetUserPrincipal()
|
|
{
|
|
string userIdAsText = HttpContext.Current.User.Identity.GetID();
|
|
Guid userId = new Guid(userIdAsText);
|
|
return userId;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns true if passed Area is allowed to be accessed by passed Principal with desired Type of access
|
|
/// </summary>
|
|
public static bool CheckSecurityObjectPermission(Areas area, AccessLevel type)
|
|
{
|
|
try
|
|
{
|
|
List<Areas> areas = new List<Areas>();
|
|
areas.Add(area);
|
|
return CheckAnySecurityObjectPermission(areas, type);
|
|
}
|
|
catch (Exception D) { }
|
|
return false;
|
|
}
|
|
|
|
/// <summary>
|
|
/// Returns true if any of passed Areas is allowed to be accessed by passed Principal with desired Type of access
|
|
/// </summary>
|
|
public static bool CheckAnySecurityObjectPermission(List<Areas> areas, AccessLevel type)
|
|
{
|
|
List<string> stringAreas = new List<string>();
|
|
if (areas != null && areas.Count > 0)
|
|
areas.ForEach(a => stringAreas.Add(a.ToString()));
|
|
|
|
var principalId = HttpContext.Current.User.Identity.GetID();
|
|
|
|
if (principalId == null || principalId== Guid.Empty.ToString()) return false;
|
|
//EnVisageEntities context = new EnVisageEntities();
|
|
SecurityAreasCache securityAreaCache = new SecurityAreasCache();
|
|
/*var user = (from pr in context.AspNetUsers
|
|
where pr.Id == principalId
|
|
select pr).FirstOrDefault();*/
|
|
|
|
List<UserAreaAccess> s = new List<UserAreaAccess>();
|
|
foreach (var area in stringAreas)
|
|
s.AddRange(securityAreaCache.Value.Where(x => x.PrincipalId == new Guid(principalId) && x.SecurityObject == area));
|
|
|
|
if (s.Any())
|
|
{
|
|
if (type == AccessLevel.Write)
|
|
{
|
|
return s.Any(x => x.Write == 1);
|
|
}
|
|
if (type == AccessLevel.Read)
|
|
{
|
|
return s.Any(x => (x.Read == 1 || x.Write == 1));
|
|
}
|
|
}
|
|
|
|
//var roles = user.AspNetRoles.Select(x => new Guid(x.Id));
|
|
var roles = new UsersCache().Value.FirstOrDefault(x => x.Id == new Guid(principalId)).Roles;
|
|
s = new List<UserAreaAccess>();
|
|
foreach (var role in roles)
|
|
{
|
|
foreach (var area in stringAreas)
|
|
s.AddRange(securityAreaCache.Value.Where(x => x.PrincipalId == role && x.SecurityObject == area));
|
|
}
|
|
|
|
if (s.Any())
|
|
{
|
|
if (type == AccessLevel.Write)
|
|
return s.Any(x => x.Write == 1);
|
|
if (type == AccessLevel.Read)
|
|
return s.Any(x => (x.Read == 1 || x.Write == 1));
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
public static bool CheckProjectPermission(Guid ProjectId, AccessLevel Type)
|
|
{
|
|
var PrincipalId = HttpContext.Current.User.Identity.GetID();
|
|
if (PrincipalId == null || ProjectId == null || PrincipalId == Guid.Empty.ToString()) return false;
|
|
|
|
//EnVisageEntities context = new EnVisageEntities();
|
|
ProjectAccessCache projectAccessCache = new ProjectAccessCache();
|
|
|
|
var projectAccess = projectAccessCache.Value
|
|
.FirstOrDefault(x => x.PrincipalId == new Guid(PrincipalId) && x.ProjectId == ProjectId);
|
|
|
|
if (projectAccess != null)
|
|
{
|
|
if (Type == AccessLevel.Write && projectAccess.Write == 1)
|
|
return true;
|
|
else if (Type == AccessLevel.Read && (projectAccess.Read == 1 || projectAccess.Write == 1))
|
|
return true;
|
|
}
|
|
|
|
//var roles = context.AspNetUsers.FirstOrDefault(x => x.Id == PrincipalId).AspNetRoles.Select(x => new Guid(x.Id));
|
|
var roles = new UsersCache().Value.FirstOrDefault(x => x.Id == new Guid(PrincipalId)).Roles;
|
|
|
|
List<UserProjectAccess> projectAccesses = new List<UserProjectAccess>();
|
|
|
|
foreach (var role in roles)
|
|
{
|
|
projectAccesses.AddRange(projectAccessCache.Value
|
|
.Where(x => x.PrincipalId == role && x.ProjectId == ProjectId && (x.Read == 1 || x.Write == 1)));
|
|
}
|
|
|
|
if (projectAccesses == null || !projectAccesses.Any())
|
|
return false;
|
|
|
|
if (Type == AccessLevel.Write && projectAccesses.Any(x => x.Write == 1))
|
|
return true;
|
|
if (Type == AccessLevel.Read && projectAccesses.Any(x => (x.Read == 1 || x.Write == 1)))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
public static bool CheckScenarioPermission(Guid ScenarioId, AccessLevel Type)
|
|
{
|
|
// Get parent project (part) id for this scenario
|
|
EnVisageEntities dbContext = new EnVisageEntities();
|
|
Scenario scenario = dbContext.Scenarios.FirstOrDefault(x => x.Id.Equals(ScenarioId));
|
|
|
|
if ((scenario != null) && scenario.ParentId.HasValue)
|
|
{
|
|
Guid projectId = scenario.ParentId.Value;
|
|
return CheckProjectPermission(projectId, Type);
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
} |