-
Notifications
You must be signed in to change notification settings - Fork 57
/
Copy pathProgram.cs
124 lines (95 loc) · 4.45 KB
/
Program.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
using PostSharp.Samples.Authorization.BusinessObjects;
using PostSharp.Samples.Authorization.Framework;
using PostSharp.Samples.Authorization.RoleBased;
using System;
using System.Security;
using SecurityContext = PostSharp.Samples.Authorization.Framework.SecurityContext;
namespace PostSharp.Samples.Authorization
{
internal class Program
{
private static void Main(string[] args)
{
var securityPolicy = new RoleBasedSecurityPolicy();
// Set up role-permission assignments. Depending on your application, this can be hardcoded or stored in a database.
// By default, everybody can read an entity but only the owner can write it.
securityPolicy.AddRolePermissionAssignment(typeof(object), Permission.Read, Role.Everyone,
PermissionAction.Grant);
securityPolicy.AddRolePermissionAssignment(typeof(object), Permission.Write, Role.Owner, PermissionAction.Grant);
securityPolicy.AddRolePermissionAssignment(typeof(object), Permission.Assign, Role.Owner, PermissionAction.Grant);
// Sales managers have Write and Assign rights to invoices in their business unit.
securityPolicy.AddRolePermissionAssignment(typeof(Invoice), Permission.Write, Role.SalesManager,
PermissionAction.Grant);
securityPolicy.AddRolePermissionAssignment(typeof(Invoice), Permission.Assign, Role.SalesManager,
PermissionAction.Grant);
// Administrators have the right to assign roles.
securityPolicy.AddRolePermissionAssignment(typeof(object), Permission.ManageRoles, Role.Administrator,
PermissionAction.Grant);
// Set up an object graph. This would typically be stored in a database.
// Note that security is disabled at this point because SecurityContext.Current is null.
var company = new BusinessUnit { Name = "Contoso s.r.o." };
var mikki = new User(Guid.NewGuid()) { Name = "Mikki Grisham" };
company.UserRoleAssignments.Add(mikki, Role.Everyone);
var silva = new User(Guid.NewGuid()) { Name = "Silva Pollard" };
company.UserRoleAssignments.Add(silva, Role.Everyone);
var admin = new User(Guid.NewGuid()) { Name = "Administrator" };
company.UserRoleAssignments.Add(admin, Role.Everyone);
company.UserRoleAssignments.Add(admin, Role.Administrator);
var department = new BusinessUnit { ParentUnit = company, Name = "Trolls & gnomes wholesale" };
var invoice = new Invoice
{
Owner = mikki,
BusinessUnit = department,
Amount = 50,
Description = "Kuroji trolls XXL"
};
// Now enable security.
var context = new SimpleSecurityContext
{
Policy = securityPolicy
};
SecurityContext.Current = context;
// Test some operations.
context.Subject = mikki;
ShouldNotThrow(() => invoice.Amount = 53, "Changing the invoice amount as mikki");
context.Subject = silva;
ShouldThrow(() => invoice.Amount = 53, "Changing the invoice amount as silva");
context.Subject = mikki;
ShouldThrow(() => department.UserRoleAssignments.Add(silva, Role.SalesManager), "Changing roles as mikki");
context.Subject = admin;
ShouldNotThrow(() => department.UserRoleAssignments.Add(silva, Role.SalesManager), "Changing roles as admin");
context.Subject = silva;
ShouldNotThrow(() => invoice.Amount = 53, "Changing the invoice amount as silva");
}
public static void ShouldThrow(Action action, string description)
{
try
{
action();
Console.WriteLine($"BAD. The operation '{description}' has succeeded but should have failed.");
}
catch (SecurityException e)
{
Console.WriteLine($"GOOD. The operation '{description}' has failed as expected: {e.Message}");
}
}
public static void ShouldNotThrow(Action action, string description)
{
try
{
action();
Console.WriteLine($"GOOD. The operation '{description}' has succeeded as expected.");
}
catch (SecurityException e)
{
Console.WriteLine($"BAD. The operation '{description}' has failed: {e.Message}");
}
}
private class SimpleSecurityContext : ISecurityContext
{
public ISubject Subject { get; set; }
public ISecurityPolicy Policy { get; set; }
public ISecurityExceptionHandler ExceptionHandler { get; set; }
}
}
}