Class Permission
Represents a general permission abstraction - where permission type represents the path/name of the permission in User's rights and .ctor takes specific parameters to check while authorizing user. Permission-derived class represents a certain permission type, whereas its instance is a check for particular desired level. To authorize certain actions, one creates an instance of Permission-derived class passing in its .ctor required access levels, then calls a Check() method that returns true if action is authorized.
This scheme provides a great deal of flexibility, i.e. for very complex security cases developers may inherit leaf-level permissions from intermediate ones that have logic tied to session-level variables, this way user's access may vary by permission/session state, i.e. a user may have "Patient.Master" level 4 access in database "A", while having access denied to the same named permission in database "B". User's database, or system instance is a flag in user-session context
Inherited Members
Namespace: Azos.Security
Assembly: Azos.dll
Syntax
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Constructor | AttributeTargets.Field | AttributeTargets.Interface | AttributeTargets.Method | AttributeTargets.Property, Inherited = true, AllowMultiple = true)]
public abstract class Permission : Attribute
Constructors
Permission(Int32)
Creates the check instance against the minimum access level for this permission
Declaration
protected Permission(int level)
Parameters
Type | Name | Description |
---|---|---|
System.Int32 | level |
Fields
CONFIG_PERMISSION_SECTION
Declaration
public const string CONFIG_PERMISSION_SECTION = "permission"
Field Value
Type | Description |
---|---|
System.String |
CONFIG_PERMISSIONS_SECTION
Declaration
public const string CONFIG_PERMISSIONS_SECTION = "permissions"
Field Value
Type | Description |
---|---|
System.String |
Properties
Description
Returns the permission description - base implementation returns permission name
Declaration
public virtual string Description { get; }
Property Value
Type | Description |
---|---|
System.String |
FullPath
Returns full permission path - a concatenation of its path and name
Declaration
public string FullPath { get; }
Property Value
Type | Description |
---|---|
System.String |
Level
Specifies the minimum access level for the permission check to pass
Declaration
public int Level { get; }
Property Value
Type | Description |
---|---|
System.Int32 |
Name
Returns the permission name - the last segment of the path
Declaration
public abstract string Name { get; }
Property Value
Type | Description |
---|---|
System.String |
Path
Returns a top-rooted path to this permission (without name)
Declaration
public abstract string Path { get; }
Property Value
Type | Description |
---|---|
System.String |
Methods
AuthorizeAction(IApplication, MemberInfo, ISession, GetSessionFunc)
Checks the action represented by MemberInfo by checking the permission-derived attributes and returns false if any of authorization attributes do not pass
Declaration
public static bool AuthorizeAction(IApplication app, MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
System.Reflection.MemberInfo | actionInfo | |
ISession | session | |
GetSessionFunc | getSessionFunc |
Returns
Type | Description |
---|---|
System.Boolean |
AuthorizeAndGuardAction(IApplication, IEnumerable<Permission>, String, ISession, GetSessionFunc)
Guards the action represented by enumerable of permissions by checking all permissions and throwing exception if any of authorization attributes do not pass
Declaration
public static void AuthorizeAndGuardAction(IApplication app, IEnumerable<Permission> permissions, string actionName, ISession session = null, GetSessionFunc getSessionFunc = null)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
System.Collections.Generic.IEnumerable<Permission> | permissions | |
System.String | actionName | |
ISession | session | |
GetSessionFunc | getSessionFunc |
AuthorizeAndGuardAction(IApplication, MemberInfo, ISession, GetSessionFunc)
Guards the action represented by MemberInfo by checking the permission-derived attributes and throwing exception if any of authorization attributes do not pass
Declaration
public static void AuthorizeAndGuardAction(IApplication app, MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
System.Reflection.MemberInfo | actionInfo | |
ISession | session | |
GetSessionFunc | getSessionFunc |
Check(IApplication, ISession)
Checks the permission for requested action as specified in particular permission .ctor. The check is performed in the scope of supplied session, or if no session was supplied then current execution context session is assumed
Declaration
public virtual bool Check(IApplication app, ISession sessionInstance = null)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
ISession | sessionInstance |
Returns
Type | Description |
---|---|
System.Boolean | True when action is authorized, false otherwise |
Check(IApplication, User)
Shortcut method that creates a temp/mock BaseSession object thus checking permission in mock BaseSession context
Declaration
public bool Check(IApplication app, User user)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
User | user |
Returns
Type | Description |
---|---|
System.Boolean |
DoCheckAccessLevel(ISession, AccessLevel)
Override to perform access level checks per user's AccessLevel instance. True if accessLevel satisfies permission requirements. The default implementation checks the access.Level
Declaration
protected virtual bool DoCheckAccessLevel(ISession session, AccessLevel access)
Parameters
Type | Name | Description |
---|---|---|
ISession | session | |
AccessLevel | access |
Returns
Type | Description |
---|---|
System.Boolean |
FindAuthorizationFailingPermission(IApplication, MemberInfo, ISession, GetSessionFunc)
Checks the action represented by MemberInfo by checking the permission-derived attributes and returns false if any of authorization attributes do not pass
Declaration
public static Permission FindAuthorizationFailingPermission(IApplication app, MemberInfo actionInfo, ISession session = null, GetSessionFunc getSessionFunc = null)
Parameters
Type | Name | Description |
---|---|---|
IApplication | app | |
System.Reflection.MemberInfo | actionInfo | |
ISession | session | |
GetSessionFunc | getSessionFunc |
Returns
Type | Description |
---|---|
Permission |
MultipleFromConf(IConfigSectionNode, String, String)
Makes multiple permissions from conf node
Declaration
public static IEnumerable<Permission> MultipleFromConf(IConfigSectionNode node, string shortNodeName = null, string typePattern = null)
Parameters
Type | Name | Description |
---|---|---|
IConfigSectionNode | node | |
System.String | shortNodeName | |
System.String | typePattern |
Returns
Type | Description |
---|---|
System.Collections.Generic.IEnumerable<Permission> |
ToString()
Declaration
public override string ToString()
Returns
Type | Description |
---|---|
System.String |