Class Permission
Represents a general permission abstraction - where permission type represents the path/name of the permission in User's rights and .ctor takes specific parameters to check while authorizing user. Permission-derived class represents a certain permission type, whereas its instance is a check for particular desired level. To authorize certain actions, one creates an instance of Permission-derived class passing in its .ctor required access levels, then calls a Check() method that returns true if action is authorized.
This scheme provides a great deal of flexibility, i.e. for very complex security cases developers may inherit leaf-level permissions from intermediate ones that have logic tied to session-level variables, this way user's access may vary by permission/session state, i.e. a user may have "Patient.Master" level 4 access in database "A", while having acess denied to the same named permission in database "B". User's database, or system instance is a flag in user-session context
Inherited Members
Namespace: NFX.Security
Assembly: NFX.dll
Syntax
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Field | AttributeTargets.Interface | AttributeTargets.Method | AttributeTargets.Property, Inherited = true, AllowMultiple = true)]
public abstract class Permission : AttributeConstructors
Permission(Int32)
Creates the check instance against the minimum access level for this permission
Declaration
protected Permission(int level)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | level |
Fields
CONFIG_PERMISSION_SECTION
Declaration
public const string CONFIG_PERMISSION_SECTION = "permission"Field Value
| Type | Description |
|---|---|
| System.String |
CONFIG_PERMISSIONS_SECTION
Declaration
public const string CONFIG_PERMISSIONS_SECTION = "permissions"Field Value
| Type | Description |
|---|---|
| System.String |
Properties
Description
Returns the permission description - base implementation returns permission name
Declaration
public virtual string Description { get; }Property Value
| Type | Description |
|---|---|
| System.String |
FullPath
Returns full permission path - a concatenation of its path and name
Declaration
public string FullPath { get; }Property Value
| Type | Description |
|---|---|
| System.String |
Level
Specifies the minimum access level for the permission check to pass
Declaration
public int Level { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
Name
Returns the permission name - the last segment of the path
Declaration
public abstract string Name { get; }Property Value
| Type | Description |
|---|---|
| System.String |
Path
Returns a top-rooted path to this permission (without name)
Declaration
public abstract string Path { get; }Property Value
| Type | Description |
|---|---|
| System.String |
Methods
AuthorizeAction(MemberInfo, ISession, GetSessionFunc)
Checks the action represented by MemberInfo by checking the permission-derived attributes and returns false if any of authorization attributes do not pass
Declaration
public static bool AuthorizeAction(MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.Reflection.MemberInfo | actionInfo | |
| ISession | session | |
| GetSessionFunc | getSessionFunc |
Returns
| Type | Description |
|---|---|
| System.Boolean |
AuthorizeAndGuardAction(IEnumerable<Permission>, String, ISession, GetSessionFunc)
Guards the action represented by enumerable of permissions by checking all permissions and throwing exception if any of authorization attributes do not pass
Declaration
public static void AuthorizeAndGuardAction(IEnumerable<Permission> permissions, string actionName, ISession session = null, GetSessionFunc getSessionFunc = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.Collections.Generic.IEnumerable<Permission> | permissions | |
| System.String | actionName | |
| ISession | session | |
| GetSessionFunc | getSessionFunc |
AuthorizeAndGuardAction(MemberInfo, ISession, GetSessionFunc)
Guards the action represented by MemberInfo by checking the permission-derived attributes and throwing exception if any of authorization attributes do not pass
Declaration
public static void AuthorizeAndGuardAction(MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.Reflection.MemberInfo | actionInfo | |
| ISession | session | |
| GetSessionFunc | getSessionFunc |
Check(ISession)
Checks the permission for requested action as specified in particular permission .ctor. The check is performed in the scope of supplied session, or if no session was supplied then current execution context session is assumed
Declaration
public virtual bool Check(ISession sessionInstance = null)Parameters
| Type | Name | Description |
|---|---|---|
| ISession | sessionInstance |
Returns
| Type | Description |
|---|---|
| System.Boolean | True when action is authorized, false otherwise |
Check(User)
Shortcut method that creates a temp/mock BaseSession object thus checking permission in mock BaseSession context
Declaration
public bool Check(User user)Parameters
| Type | Name | Description |
|---|---|---|
| User | user |
Returns
| Type | Description |
|---|---|
| System.Boolean |
DoCheckAccessLevel(ISession, AccessLevel)
Override to perform access level checks per user's AccessLevel instance. True if accessLevel satisfies permission requirements. The default implementation checks the access.Level
Declaration
protected virtual bool DoCheckAccessLevel(ISession session, AccessLevel access)Parameters
| Type | Name | Description |
|---|---|---|
| ISession | session | |
| AccessLevel | access |
Returns
| Type | Description |
|---|---|
| System.Boolean |
FindAuthorizationFailingPermission(MemberInfo, ISession, GetSessionFunc)
Checks the action represented by MemberInfo by checking the permission-derived attributes and returns false if any of authorization attributes do not pass
Declaration
public static Permission FindAuthorizationFailingPermission(MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.Reflection.MemberInfo | actionInfo | |
| ISession | session | |
| GetSessionFunc | getSessionFunc |
Returns
| Type | Description |
|---|---|
| Permission |
MultipleFromConf(IConfigSectionNode, String, String)
Makes multiple permissions from conf node
Declaration
public static IEnumerable<Permission> MultipleFromConf(IConfigSectionNode node, string shortNodeName = null, string typePattern = null)Parameters
| Type | Name | Description |
|---|---|---|
| IConfigSectionNode | node | |
| System.String | shortNodeName | |
| System.String | typePattern |
Returns
| Type | Description |
|---|---|
| System.Collections.Generic.IEnumerable<Permission> |
ToString()
Declaration
public override string ToString()Returns
| Type | Description |
|---|---|
| System.String |