What question are you asking?
Get permissions isn't actually that useful for the user, it is the question
that you ask when you want to know if it has a permission to do X on
anything.Anything include entities group.
The question that you are likely asking is IsAllowed(), and in this case, I
think that you are correct, if it is allowed to do this in general, it is
allowed to do so.
The problem is that I am not sure that your solution is the appropriate one.
GetPermissionsFor is used by the Rhino Security infrastructure, and we need
to review this to make sure it doesn't break things.
For that matter, we also need to handle the case where a permission was
given directly on an entity.
On Thu, Dec 11, 2008 at 3:18 AM, Bart Reyserhove
<[EMAIL PROTECTED]>wrote:
> The "PermissionsService" contains the following method:
> /// <summary>
> /// Gets the permissions for the specified etntity
> /// </summary>
> /// <param name="user">The user.</param>
> /// <param name="operationName">Name of the operation.</param>
> /// <returns></returns>
> public Permission[] GetPermissionsFor(IUser user, string operationName)
> {
> string[] operationNames =
> Strings.GetHierarchicalOperationNames(operationName);
> DetachedCriteria criteria = DetachedCriteria.For<Permission>()
> .Add(Expression.Eq("User", user)
> || Subqueries.PropertyIn("UsersGroup.Id",
>
> SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
>
> .CreateAlias("Operation", "op")
> .Add(Expression.In("op.Name", operationNames));
>
> return FindResults(criteria);
> }
>
> This method returns all permissions for a user for a certain operation.
> With "All" I mean also the ones that are defined on entitiesgroups. I have
> for example an operation "/Department/List" with the permission "on
> everything" set to "allow" and with the permission on group "departments of
> company x" set on "deny". Now if the user wants to access the "
> http://localhost/Department/List"; it is not allowed because Rhino.Security
> finds a "deny" permission for a certain entitiesgroup. In my opinion it
> should not take the permissions on entititiesgroups into account in this
> case. It could also be that I have configured it in the wrong way of course.
>
> This fixed it for me:
>
> /// <summary>
> /// Gets the permissions for the specified etntity
> /// </summary>
> /// <param name="user">The user.</param>
> /// <param name="operationName">Name of the operation.</param>
> /// <returns></returns>
> public Permission[] GetPermissionsFor(IUser user, string operationName)
> {
> string[] operationNames =
> Strings.GetHierarchicalOperationNames(operationName);
> DetachedCriteria criteria = DetachedCriteria.For<Permission>()
> .Add(Expression.Eq("User", user)
> || Subqueries.PropertyIn("UsersGroup.Id",
>
> SecurityCriterions.AllGroups(user).SetProjection(Projections.Id())))
> .Add(Expression.IsNull("EntitiesGroup"))
> .CreateAlias("Operation", "op")
> .Add(Expression.In("op.Name", operationNames));
>
> return FindResults(criteria);
> }
>
> Bart
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Rhino Tools Dev" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rhino-tools-dev?hl=en
-~----------~----~----~----~------~----~------~--~---
