|
using System;
using System.Collections.Generic;
using System.Reflection;
using System.Text;
using SecuredLibrary.BusinessObjects;
using SecuredLibrary.Common;
using SecuredLibrary.Common.Exceptions;
using SecuredLibrary.Model;
using SecuredLibrary.Model.Interfaces;
using SecuredLibrary.SecurityModel.Interfaces;
namespace SecuredLibrary.SecurityModel
{
public class ExampleSecurityMangaer : ISecurityManager
{
private IModel model;
public ExampleSecurityMangaer()
{
model = ModelFactory.Model;
}
#region ISecurityManager Members
/// <summary>
/// Indicates if CurrentUser is permited to call SecuredMethod
/// </summary>
/// <param name="SecuredMethod"></param>
/// <param name="CurrentUser"></param>
/// <returns></returns>
public bool IsPermited(MethodBase SecuredMethod, User CurrentUser)
{
return IsPermited(SecuredMethod, CurrentUser, false);
}
/// <summary>
/// Indicates if CurrentUser is permited to call SecuredMethod.
/// </summary>
/// <param name="SecuredMethod"></param>
/// <param name="CurrentUser"></param>
/// <param name="ThrowException">If set to true throws exception if user is not authenticated.</param>
/// <returns></returns>
/// <exception cref="UserNotAuthorizedException"></exception>
public bool IsPermited(MethodBase SecuredMethod, User CurrentUser, bool ThrowException)
{
object[] attribs = SecuredMethod.GetCustomAttributes(typeof(MethodSecuredAttribute), false);
if (attribs.Length == 0)
{
throw new NotValidValueException("Method: " + SecuredMethod.Name +
" have to be marked with MethodSecuredAttribute");
}
string MethodFullName = SecuredMethod.ReflectedType.FullName + "." + SecuredMethod.Name;
SecuredObject securedObject = model.GetSecuredObject(MethodFullName, CurrentUser.Id);
bool isPermited = false;
if(securedObject != null)
{
isPermited = true;
}
if (ThrowException && !isPermited)
{
string message = "User:" + CurrentUser.Id +
" is not permited to call method: " + MethodFullName;
throw new UserNotAuthorizedException(message);
}
return isPermited;
}
#endregion
}
}
|
By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.
If a file you wish to view isn't highlighted, and is a text file (not binary), please
let us know and we'll add colourisation support for it.