• [XAF] How to use the Allow/Deny permissions policy in the existing project


    https://www.devexpress.com/Support/Center/Question/Details/T418166

    Clear
    [C#]
    using DevExpress.Persistent.BaseImpl.PermissionPolicy;
    using DevExpress.ExpressApp.Security.Strategy;
    using System.Collections.Generic;  
    //..
            public override void UpdateDatabaseAfterUpdateSchema() {
                base.UpdateDatabaseAfterUpdateSchema();
                foreach (SecuritySystemUser securitySystemUser in ObjectSpace.GetObjects<SecuritySystemUser>()) {
                    CopyUser(securitySystemUser);
                }
                foreach (SecuritySystemRole securitySystemRole in ObjectSpace.GetObjects<SecuritySystemRole>()) {
                    CopyRole(securitySystemRole, null);
                }
                ObjectSpace.CommitChanges();
            }
             private void CopyUser(SecuritySystemUser securitySystemUser) {
                PermissionPolicyUser permissionPolicyUser = ObjectSpace.FindObject<PermissionPolicyUser>(new BinaryOperator("UserName", securitySystemUser.UserName));
                 if (permissionPolicyUser == null) {
                    permissionPolicyUser = ObjectSpace.CreateObject<PermissionPolicyUser>();
                    permissionPolicyUser.UserName = securitySystemUser.UserName;
                    permissionPolicyUser.IsActive = securitySystemUser.IsActive;
                    permissionPolicyUser.ChangePasswordOnFirstLogon = securitySystemUser.ChangePasswordOnFirstLogon;
                     foreach (SecuritySystemRole securitySystemRole in securitySystemUser.Roles) {
                         CopyRole(securitySystemRole, permissionPolicyUser);
                     }
                }
            }
             private void CopyRole(SecuritySystemRole securitySystemRole, PermissionPolicyUser permissionPolicyUser) {
                PermissionPolicyRole permissionPolicyRole = ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", securitySystemRole.Name));
                 if (permissionPolicyRole == null) {
                    permissionPolicyRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
                    permissionPolicyRole.Name = securitySystemRole.Name;
                    permissionPolicyRole.PermissionPolicy = SecurityPermissionPolicy.DenyAllByDefault;
                    permissionPolicyRole.IsAdministrative = securitySystemRole.IsAdministrative;
                    permissionPolicyRole.CanEditModel = securitySystemRole.CanEditModel;
                     foreach (SecuritySystemTypePermissionObject securitySystemTypePermissionObject in securitySystemRole.TypePermissions) {
                        CopyTypePermissions(securitySystemTypePermissionObject, securitySystemRole, permissionPolicyRole);
                    }
                     foreach (SecuritySystemRole parentRole in securitySystemRole.ParentRoles) {
                        CopyParentRole(parentRole, permissionPolicyRole);
                    }
                     if (permissionPolicyUser != null) {
                        permissionPolicyUser.Roles.Add(permissionPolicyRole);
                    }
                }
            }
             private void CopyParentRole(SecuritySystemRole parentRole, PermissionPolicyRole permissionPolicyRole) {
                if (parentRole.IsAdministrative) {
                    permissionPolicyRole.IsAdministrative = true;
                }
                
                if (parentRole.CanEditModel) {
                    permissionPolicyRole.IsAdministrative = true;
                }
                 foreach (SecuritySystemTypePermissionObject securitySystemTypePermissionObject in parentRole.TypePermissions) {
                    CopyTypePermissions(securitySystemTypePermissionObject, parentRole, permissionPolicyRole);
                }
                 foreach (SecuritySystemRole subParentRole in parentRole.ParentRoles) {
                    CopyParentRole(subParentRole, permissionPolicyRole);
                }
            }
             private void CopyTypePermissions(SecuritySystemTypePermissionObject securitySystemTypePermissionObject, SecuritySystemRole securitySystemRole, PermissionPolicyRole permissionPolicyRole) {
                PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject = ObjectSpace.FindObject<PermissionPolicyTypePermissionObject>(new BinaryOperator("TargetType", securitySystemTypePermissionObject.TargetType));
                permissionPolicyTypePermissionObject = ObjectSpace.CreateObject<PermissionPolicyTypePermissionObject>();
                permissionPolicyTypePermissionObject.TargetType = GetTargetType(securitySystemTypePermissionObject.TargetType);
                permissionPolicyTypePermissionObject.Role = permissionPolicyRole;
                 if (securitySystemTypePermissionObject.AllowRead) {
                    permissionPolicyTypePermissionObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowWrite) {
                    permissionPolicyTypePermissionObject.WriteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowCreate) {
                    permissionPolicyTypePermissionObject.CreateState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowDelete) {
                    permissionPolicyTypePermissionObject.DeleteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowNavigate) {
                    permissionPolicyTypePermissionObject.NavigateState = SecurityPermissionState.Allow;
                }
                 foreach (SecuritySystemObjectPermissionsObject securitySystemObjectPermissionsObject in securitySystemTypePermissionObject.ObjectPermissions) {
                    CopyObjectPermissions(securitySystemObjectPermissionsObject, permissionPolicyTypePermissionObject);
                }
                foreach (SecuritySystemMemberPermissionsObject securitySystemMemberPermissionsObject in securitySystemTypePermissionObject.MemberPermissions) {
                    CopyMemberPermission(securitySystemMemberPermissionsObject, permissionPolicyTypePermissionObject);
                }
                permissionPolicyRole.TypePermissions.Add(permissionPolicyTypePermissionObject);
            }
             private void CopyMemberPermission(SecuritySystemMemberPermissionsObject securitySystemMemberPermissionsObject, PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject) {
                PermissionPolicyMemberPermissionsObject permissionPolicyMemberPermissionsObject = ObjectSpace.CreateObject<PermissionPolicyMemberPermissionsObject>();
                permissionPolicyMemberPermissionsObject.TypePermissionObject = permissionPolicyTypePermissionObject;
                 if (securitySystemMemberPermissionsObject.AllowRead) {
                    permissionPolicyMemberPermissionsObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemMemberPermissionsObject.AllowWrite) {
                    permissionPolicyMemberPermissionsObject.WriteState = SecurityPermissionState.Allow;
                }
                permissionPolicyMemberPermissionsObject.Members = securitySystemMemberPermissionsObject.Members;
                permissionPolicyMemberPermissionsObject.Criteria = securitySystemMemberPermissionsObject.Criteria;
                permissionPolicyTypePermissionObject.MemberPermissions.Add(permissionPolicyMemberPermissionsObject);
            }
             private void CopyObjectPermissions(SecuritySystemObjectPermissionsObject securitySystemObjectPermissionsObject, PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject) {
                PermissionPolicyObjectPermissionsObject permissionPolicyObjectPermissionsObject = ObjectSpace.CreateObject<PermissionPolicyObjectPermissionsObject>();
                permissionPolicyObjectPermissionsObject.TypePermissionObject = permissionPolicyTypePermissionObject;
                if (securitySystemObjectPermissionsObject.AllowRead) {
                    permissionPolicyObjectPermissionsObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowWrite) {
                    permissionPolicyObjectPermissionsObject.WriteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowDelete) {
                    permissionPolicyObjectPermissionsObject.DeleteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowNavigate) {
                    permissionPolicyObjectPermissionsObject.NavigateState = SecurityPermissionState.Allow;
                }
                permissionPolicyObjectPermissionsObject.Criteria = securitySystemObjectPermissionsObject.Criteria;
                permissionPolicyTypePermissionObject.ObjectPermissions.Add(permissionPolicyObjectPermissionsObject);
            }
             private Type GetTargetType(Type currentType) {
                Type outType;
                if (!SecurityAssociationClassDictionary.TryGetValue(currentType, out outType)) {
                    outType = currentType;
                }
                return outType;
            }
            private static Dictionary<Type, Type> SecurityAssociationClassDictionary = new Dictionary<Type, Type>(){
                { typeof(SecuritySystemUser),typeof(PermissionPolicyUser) },
                { typeof(SecuritySystemRole),typeof(PermissionPolicyRole) },
                { typeof(SecuritySystemTypePermissionObject ),typeof(PermissionPolicyTypePermissionObject ) },
                { typeof(SecuritySystemObjectPermissionsObject ),typeof(PermissionPolicyObjectPermissionsObject ) },
                { typeof(SecuritySystemMemberPermissionsObject ),typeof(PermissionPolicyMemberPermissionsObject ) }
            };
    //...
    Close
    Your email address tq.y@qq.com appears to be unreachable. Please Update Now    Welcome, ytq 2080 (A807018)    
    Download Your Products    
    Log Out
    Products Free Trials & Demos Buy Support My Account About Us
    SUPPORT CENTER
    FAQ
    Training Events
    Localization
    Examples
    Tickets
    Submit a Support Ticket
    
    Type search string and press Enter
    Add to Favorites
    Kb
    How to use the Allow/Deny permissions policy in the existing project
    Tags: .NET, Frameworks (XAF & XPO), eXpressApp Framework
    0
    Alexey (DevExpress Support)2 weeks ago
    Starting with version 16.1, application administrators can allow accessing all data within the application for a specific role and simultaneously prevent the access to a few data types or members. Alternatively, an end-user can deny access to all data for a role and only allow access to a strict list of objects or members.
    
    See Security - Introduce the 'Allow' and 'Deny' modifiers for permissions.
    
    Prior to version 16.1, the SecuritySystemUser and SecuritySystemRole classes were used to create and process permissions. By default, the DenyAll policy was used, and it was necessary to add the Allow permission for objects and types. These classes are not compatible with the Allow/Deny permissions model.
    
    This topic describes how to migrate to Allow/Deny security model in the existing application.
    
    Leave a Comment
    1 Solution
    0
    Alexey (DevExpress Support)2 weeks ago
    If you do not need to transfer existing permissions to the new permissions policy, invoke the Application Designer for the YourSolutionName.Wxx/WxxApplication.xx file and set the UserType and RoleType properties of the SecurityStrategyComplex component to the PermissionPolicyUser and PermissionPolicyRole  values respectively. After that, update your code that creates predefined users, roles and the required permissions as per the Using the Security System help article.
    
    If your database already contains permissions configured by end-users, you can use the example below in the YourSolutionName.Module/DatabaseUpdate/Updater.cs file to copy them to new security classes. 
    NOTE: we cannot guarantee that all permissions will be converted correctly, because these classes use different permissions mechanisms.
    
    [C#]Open in popup window
    using DevExpress.Persistent.BaseImpl.PermissionPolicy;
    using DevExpress.ExpressApp.Security.Strategy;
    using System.Collections.Generic;  
    //..
            public override void UpdateDatabaseAfterUpdateSchema() {
                base.UpdateDatabaseAfterUpdateSchema();
                foreach (SecuritySystemUser securitySystemUser in ObjectSpace.GetObjects<SecuritySystemUser>()) {
                    CopyUser(securitySystemUser);
                }
                foreach (SecuritySystemRole securitySystemRole in ObjectSpace.GetObjects<SecuritySystemRole>()) {
                    CopyRole(securitySystemRole, null);
                }
                ObjectSpace.CommitChanges();
            }
             private void CopyUser(SecuritySystemUser securitySystemUser) {
                PermissionPolicyUser permissionPolicyUser = ObjectSpace.FindObject<PermissionPolicyUser>(new BinaryOperator("UserName", securitySystemUser.UserName));
                 if (permissionPolicyUser == null) {
                    permissionPolicyUser = ObjectSpace.CreateObject<PermissionPolicyUser>();
                    permissionPolicyUser.UserName = securitySystemUser.UserName;
                    permissionPolicyUser.IsActive = securitySystemUser.IsActive;
                    permissionPolicyUser.ChangePasswordOnFirstLogon = securitySystemUser.ChangePasswordOnFirstLogon;
                     foreach (SecuritySystemRole securitySystemRole in securitySystemUser.Roles) {
                         CopyRole(securitySystemRole, permissionPolicyUser);
                     }
                }
            }
             private void CopyRole(SecuritySystemRole securitySystemRole, PermissionPolicyUser permissionPolicyUser) {
                PermissionPolicyRole permissionPolicyRole = ObjectSpace.FindObject<PermissionPolicyRole>(new BinaryOperator("Name", securitySystemRole.Name));
                 if (permissionPolicyRole == null) {
                    permissionPolicyRole = ObjectSpace.CreateObject<PermissionPolicyRole>();
                    permissionPolicyRole.Name = securitySystemRole.Name;
                    permissionPolicyRole.PermissionPolicy = SecurityPermissionPolicy.DenyAllByDefault;
                    permissionPolicyRole.IsAdministrative = securitySystemRole.IsAdministrative;
                    permissionPolicyRole.CanEditModel = securitySystemRole.CanEditModel;
                     foreach (SecuritySystemTypePermissionObject securitySystemTypePermissionObject in securitySystemRole.TypePermissions) {
                        CopyTypePermissions(securitySystemTypePermissionObject, securitySystemRole, permissionPolicyRole);
                    }
                     foreach (SecuritySystemRole parentRole in securitySystemRole.ParentRoles) {
                        CopyParentRole(parentRole, permissionPolicyRole);
                    }
                     if (permissionPolicyUser != null) {
                        permissionPolicyUser.Roles.Add(permissionPolicyRole);
                    }
                }
            }
             private void CopyParentRole(SecuritySystemRole parentRole, PermissionPolicyRole permissionPolicyRole) {
                if (parentRole.IsAdministrative) {
                    permissionPolicyRole.IsAdministrative = true;
                }
                
                if (parentRole.CanEditModel) {
                    permissionPolicyRole.IsAdministrative = true;
                }
                 foreach (SecuritySystemTypePermissionObject securitySystemTypePermissionObject in parentRole.TypePermissions) {
                    CopyTypePermissions(securitySystemTypePermissionObject, parentRole, permissionPolicyRole);
                }
                 foreach (SecuritySystemRole subParentRole in parentRole.ParentRoles) {
                    CopyParentRole(subParentRole, permissionPolicyRole);
                }
            }
             private void CopyTypePermissions(SecuritySystemTypePermissionObject securitySystemTypePermissionObject, SecuritySystemRole securitySystemRole, PermissionPolicyRole permissionPolicyRole) {
                PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject = ObjectSpace.FindObject<PermissionPolicyTypePermissionObject>(new BinaryOperator("TargetType", securitySystemTypePermissionObject.TargetType));
                permissionPolicyTypePermissionObject = ObjectSpace.CreateObject<PermissionPolicyTypePermissionObject>();
                permissionPolicyTypePermissionObject.TargetType = GetTargetType(securitySystemTypePermissionObject.TargetType);
                permissionPolicyTypePermissionObject.Role = permissionPolicyRole;
                 if (securitySystemTypePermissionObject.AllowRead) {
                    permissionPolicyTypePermissionObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowWrite) {
                    permissionPolicyTypePermissionObject.WriteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowCreate) {
                    permissionPolicyTypePermissionObject.CreateState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowDelete) {
                    permissionPolicyTypePermissionObject.DeleteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemTypePermissionObject.AllowNavigate) {
                    permissionPolicyTypePermissionObject.NavigateState = SecurityPermissionState.Allow;
                }
                 foreach (SecuritySystemObjectPermissionsObject securitySystemObjectPermissionsObject in securitySystemTypePermissionObject.ObjectPermissions) {
                    CopyObjectPermissions(securitySystemObjectPermissionsObject, permissionPolicyTypePermissionObject);
                }
                foreach (SecuritySystemMemberPermissionsObject securitySystemMemberPermissionsObject in securitySystemTypePermissionObject.MemberPermissions) {
                    CopyMemberPermission(securitySystemMemberPermissionsObject, permissionPolicyTypePermissionObject);
                }
                permissionPolicyRole.TypePermissions.Add(permissionPolicyTypePermissionObject);
            }
             private void CopyMemberPermission(SecuritySystemMemberPermissionsObject securitySystemMemberPermissionsObject, PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject) {
                PermissionPolicyMemberPermissionsObject permissionPolicyMemberPermissionsObject = ObjectSpace.CreateObject<PermissionPolicyMemberPermissionsObject>();
                permissionPolicyMemberPermissionsObject.TypePermissionObject = permissionPolicyTypePermissionObject;
                 if (securitySystemMemberPermissionsObject.AllowRead) {
                    permissionPolicyMemberPermissionsObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemMemberPermissionsObject.AllowWrite) {
                    permissionPolicyMemberPermissionsObject.WriteState = SecurityPermissionState.Allow;
                }
                permissionPolicyMemberPermissionsObject.Members = securitySystemMemberPermissionsObject.Members;
                permissionPolicyMemberPermissionsObject.Criteria = securitySystemMemberPermissionsObject.Criteria;
                permissionPolicyTypePermissionObject.MemberPermissions.Add(permissionPolicyMemberPermissionsObject);
            }
             private void CopyObjectPermissions(SecuritySystemObjectPermissionsObject securitySystemObjectPermissionsObject, PermissionPolicyTypePermissionObject permissionPolicyTypePermissionObject) {
                PermissionPolicyObjectPermissionsObject permissionPolicyObjectPermissionsObject = ObjectSpace.CreateObject<PermissionPolicyObjectPermissionsObject>();
                permissionPolicyObjectPermissionsObject.TypePermissionObject = permissionPolicyTypePermissionObject;
                if (securitySystemObjectPermissionsObject.AllowRead) {
                    permissionPolicyObjectPermissionsObject.ReadState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowWrite) {
                    permissionPolicyObjectPermissionsObject.WriteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowDelete) {
                    permissionPolicyObjectPermissionsObject.DeleteState = SecurityPermissionState.Allow;
                }
                 if (securitySystemObjectPermissionsObject.AllowNavigate) {
                    permissionPolicyObjectPermissionsObject.NavigateState = SecurityPermissionState.Allow;
                }
                permissionPolicyObjectPermissionsObject.Criteria = securitySystemObjectPermissionsObject.Criteria;
                permissionPolicyTypePermissionObject.ObjectPermissions.Add(permissionPolicyObjectPermissionsObject);
            }
             private Type GetTargetType(Type currentType) {
                Type outType;
                if (!SecurityAssociationClassDictionary.TryGetValue(currentType, out outType)) {
                    outType = currentType;
                }
                return outType;
            }
            private static Dictionary<Type, Type> SecurityAssociationClassDictionary = new Dictionary<Type, Type>(){
                { typeof(SecuritySystemUser),typeof(PermissionPolicyUser) },
                { typeof(SecuritySystemRole),typeof(PermissionPolicyRole) },
                { typeof(SecuritySystemTypePermissionObject ),typeof(PermissionPolicyTypePermissionObject ) },
                { typeof(SecuritySystemObjectPermissionsObject ),typeof(PermissionPolicyObjectPermissionsObject ) },
                { typeof(SecuritySystemMemberPermissionsObject ),typeof(PermissionPolicyMemberPermissionsObject ) }
            };
    //...
    As a result, new permissions will be created in the database. After the database is updated, manually check if all permissions are converted correctly. Please pay attention to the following:
    - A key value will not be copied to new objects.
    - Existing references to SecuritySystemUser and SecuritySystemRole in your business objects will not be redirected to corresponding PermissionPolicyUser and PermissionPolicyRole objects.
    - In some cases, it is better to rework permissions so that they will match the new Security System. For example: Allow all objects except some using a complex criterion -> Deny some objects using a simple criterion. 
    
    
    Please do not hesitate to contact us if you encounter any issue.
    
    Leave a Comment
    Add to Favorites
    ID:
    T418166
    Created On:
    2016/8/23 下午7:46:13
    Modified On:
    2016/9/1 上午7:36:21
    Related Questions
    Security - Introduce the 'Allow' and 'Deny' modifiers for permissions
    How do I implement 'Permission Policy' (new feature of 16.1) to older version 15.2
    How to automatically grant security permissions to change associated reference or collection members
    Disclaimer: The information provided on DevExpress.com and its affiliated web properties is provided "as is" without warranty of any kind. Developer Express Inc disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. Please refer to the DevExpress.com Website Terms of Use for more information.
    DEVEXPRESS
    About Us
    News
    Our Awards
    Upcoming Events
    User Comments
    Case Studies
    Reviews and Publications
    Licensing
    Purchasing
    MVP Program
    Contact Us
    Logos
    .NET CONTROLS
    WinForms
    ASP.NET
    MVC
    WPF
    Windows 10 Apps
    CROSS PLATFORM
    Reporting
    Document Automation
    MOBILE
    DevExtreme Mobile
    ENTERPRISE TOOLS
    Report Server
    Analytics Dashboard
    FRAMEWORKS
    eXpressApp Framework
    CODE-DEBUG-REFACTOR
    CodeRush for Visual Studio
    HTML5 JS WIDGETS
    DevExtreme Web
    iOS
    DataExplorer
    FUNCTIONAL WEB TESTING
    TestCafe
    DELPHI C++BUILDER
    VCL
    SUPPORT
    Search the Knowledge Base
    My Questions
    Code Examples
    Getting Started
    Demos
    Documentation
    Blogs
    Training
    Webinars
    Current Version/Build
    Version History
    If you need additional product information, write to us at info@devexpress.com or call us at +1 (818) 844-3383
    FOLLOW US
    DevExpress engineers feature-complete Presentation Controls, IDE Productivity Tools, Business Application Frameworks, and Reporting Systems for Visual Studio, along with high-performance HTML JS Mobile Frameworks for developers targeting iOS, Android and Windows Phone. Whether using WPF, ASP.NET, WinForms, HTML5 or Windows 10, DevExpress tools help you build and deliver your best in the shortest time possible.
    Your Privacy - Legal Statements Copyright © 1998-2015 Developer Express Inc.
    All trademarks or registered trademarks are property of their respective owners
  • 相关阅读:
    Linux 让终端走代理的几种方法
    golang 项目框架开发
    tensorflow + python + keras 版本对应关系
    Mac OS X下的ldd工具——otool
    jumpserver的安装
    golang 设置代理
    mac install Docker version 19.03.8
    SpringBoot + Spring Cloud Eureka 服务注册与发现
    SpringBoot + Spring Cloud Consul 服务注册和发现
    前端实现大文件上传
  • 原文地址:https://www.cnblogs.com/Tonyyang/p/5836720.html
Copyright © 2020-2023  润新知