CSLA.NET 6.0.0
CSLA .NET is a software development framework that helps you build a reusable, maintainable object-oriented business layer for your app.
ActiveAuthorizer.cs
Go to the documentation of this file.
1//-----------------------------------------------------------------------
2// <copyright file="ActiveAuthorizer.cs" company="Marimer LLC">
3// Copyright (c) Marimer LLC. All rights reserved.
4// Website: https://cslanet.com
5// </copyright>
6// <summary>Implementation of the authorizer that</summary>
7//-----------------------------------------------------------------------
8using System;
9using Csla.Properties;
10using Csla.Rules;
11using Csla.Security;
12
13namespace Csla.Server
14{
20 public class ActiveAuthorizer : IAuthorizeDataPortal
21 {
26 public ActiveAuthorizer(ApplicationContext applicationContext)
27 {
28 ApplicationContext = applicationContext;
29 }
30
31 private ApplicationContext ApplicationContext { get; set; }
32
39 public void Authorize(AuthorizeRequest clientRequest)
40 {
41 if (ApplicationContext.LogicalExecutionLocation == ApplicationContext.LogicalExecutionLocations.Server &&
42 ApplicationContext.ExecutionLocation == ApplicationContext.ExecutionLocations.Server)
43 {
44 if (clientRequest.Operation == DataPortalOperations.Update ||
45 clientRequest.Operation == DataPortalOperations.Execute)
46 {
47 // Per-Instance checks
48 if (!BusinessRules.HasPermission(ApplicationContext, clientRequest.Operation.ToAuthAction(), clientRequest.RequestObject))
49 {
50 throw new SecurityException(
51 string.Format(Resources.UserNotAuthorizedException,
52 clientRequest.Operation.ToSecurityActionDescription(),
53 clientRequest.ObjectType.Name)
54 );
55 }
56 }
57
58 // Per-Type checks
59 if (!BusinessRules.HasPermission(ApplicationContext, clientRequest.Operation.ToAuthAction(), clientRequest.ObjectType))
60 {
61 throw new SecurityException(
62 string.Format(Resources.UserNotAuthorizedException,
63 clientRequest.Operation.ToSecurityActionDescription(),
64 clientRequest.ObjectType.Name)
65 );
66 }
67 }
68 }
69 }
70}
Csla.ApplicationContext
Provides consistent context information between the client and server DataPortal objects.
Definition: ApplicationContext.cs:22
Csla.ApplicationContext.LogicalExecutionLocation
LogicalExecutionLocations LogicalExecutionLocation
Return Logical Execution Location - Client or Server This is applicable to Local mode as well
Definition: ApplicationContext.cs:336
Csla.ApplicationContext.ExecutionLocation
ExecutionLocations ExecutionLocation
Returns a value indicating whether the application code is currently executing on the client or serve...
Definition: ApplicationContext.cs:256
Csla.ApplicationContext.ExecutionLocations
ExecutionLocations
Enum representing the locations code can execute.
Definition: ApplicationContext.cs:202
Csla.ApplicationContext.LogicalExecutionLocations
LogicalExecutionLocations
Enum representing the logical execution location The setting is set to server when server is execting...
Definition: ApplicationContext.cs:319
Csla.Properties.Resources
A strongly-typed resource class, for looking up localized strings, etc.
Definition: Csla/Properties/Resources.Designer.cs:25
Csla.Properties.Resources.UserNotAuthorizedException
static string UserNotAuthorizedException
Looks up a localized string similar to User not authorized to {0} object type {1}.
Definition: Csla/Properties/Resources.Designer.cs:1128
Csla.Rules.BusinessRules
Tracks the business rules for a business object.
Definition: BusinessRules.cs:26
Csla.Rules.BusinessRules.HasPermission
static bool HasPermission(ApplicationContext applicationContext, AuthorizationActions action, Type objectType)
Checks per-type authorization rules.
Definition: BusinessRules.cs:327
Csla.Server.ActiveAuthorizer
Implementation of the authorizer that checks per-type authorization rules for each request.
Definition: ActiveAuthorizer.cs:21
Csla.Server.ActiveAuthorizer.ActiveAuthorizer
ActiveAuthorizer(ApplicationContext applicationContext)
Creates an instance of the type.
Definition: ActiveAuthorizer.cs:26
Csla.Server.ActiveAuthorizer.Authorize
void Authorize(AuthorizeRequest clientRequest)
Checks authorization rules for the request.
Definition: ActiveAuthorizer.cs:39
Csla.Server.AuthorizeRequest
Object containing information about the client request to the data portal.
Definition: AuthorizeRequest.cs:17
Csla.Server.AuthorizeRequest.RequestObject
object RequestObject
Gets a reference to the criteria or business object passed from the client to the server.
Definition: AuthorizeRequest.cs:28
Csla.Server.AuthorizeRequest.ObjectType
Type ObjectType
Gets the type of business object affected by the client request.
Definition: AuthorizeRequest.cs:22
Csla.Server.AuthorizeRequest.Operation
DataPortalOperations Operation
Gets the data portal operation requested by the client.
Definition: AuthorizeRequest.cs:33
Csla.Server.IAuthorizeDataPortal
Interface to be implemented by a custom authorization provider.
Definition: IAuthorizeDataPortal.cs:20
Csla.DataPortalOperations
DataPortalOperations
List of data portal operations.
Definition: DataPortalOperations.cs:17