Merge pull request #379 from Strongminds/master

Merge 2.7.0
os2kitos · Sep 10, 2019 · 058f792 · 058f792
2 parents 62d23a9 + 5f0eac2
commit 058f792
Show file tree

Hide file tree

Showing 498 changed files with 11,526 additions and 5,888 deletions.
diff --git a/Core.ApplicationServices/AdviceService.cs b/Core.ApplicationServices/AdviceService.cs
@@ -46,7 +46,7 @@ public class AdviceService: IAdviceService
         public IGenericRepository<ItSystemUsage> _itSystemUsageRepository { get; set; }
         public AdviceService() {}
 
-        public bool sendAdvice(int id){
+        public bool SendAdvice(int id){
 
             var advice = _adviceRepository.AsQueryable().FirstOrDefault(a => a.Id == id);
 
@@ -172,7 +172,6 @@ public bool sendAdvice(int id){
                     }
                     catch (Exception e)
                     {
-                        //todo log exception
                         this.Logger?.Error(e, "Error in Advis service");
                         return false;
                     }
@@ -304,7 +303,6 @@ public bool sendAdvice(int id){
                         }
                         catch (Exception e)
                         {
-                            //todo log exception
                             this.Logger?.Error(e, "Error in Advis service");
                             return false;
                         }

diff --git a/Core.ApplicationServices/ApplicationServiceModule.cs b/Core.ApplicationServices/ApplicationServiceModule.cs
@@ -1,9 +1,4 @@
 using Ninject.Modules;
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Text;
-using System.Threading.Tasks;
 
 namespace Core.ApplicationServices
 {

diff --git a/Core.ApplicationServices/Authentication/AuthenticationContext.cs b/Core.ApplicationServices/Authentication/AuthenticationContext.cs
@@ -0,0 +1,22 @@
+namespace Core.ApplicationServices.Authentication
+{
+    public class AuthenticationContext : IAuthenticationContext
+    {
+        public AuthenticationMethod Method { get; }
+        public int? UserId { get; }
+        public int? ActiveOrganizationId { get; }
+        public bool HasApiAccess { get; }
+
+        public AuthenticationContext(
+            AuthenticationMethod method,
+            bool hasApiAccess,
+            int? userId = null, 
+            int? activeOrganizationId = null)
+        {
+            Method = method;
+            UserId = userId;
+            ActiveOrganizationId = activeOrganizationId;
+            HasApiAccess = hasApiAccess;
+        }
+    }
+}
diff --git a/Core.ApplicationServices/Authentication/AuthenticationMethod.cs b/Core.ApplicationServices/Authentication/AuthenticationMethod.cs
@@ -0,0 +1,9 @@
+namespace Core.ApplicationServices.Authentication
+{
+    public enum AuthenticationMethod
+    {
+        Anonymous,
+        KitosToken,
+        Forms
+    }
+}
diff --git a/Core.ApplicationServices/Authentication/IAuthenticationContext.cs b/Core.ApplicationServices/Authentication/IAuthenticationContext.cs
@@ -0,0 +1,11 @@
+namespace Core.ApplicationServices.Authentication
+{
+    public interface IAuthenticationContext
+    {
+        AuthenticationMethod Method { get; }
+        int? UserId { get; }
+        int? ActiveOrganizationId { get; }
+
+        bool HasApiAccess { get; }
+    }
+}
diff --git a/Core.ApplicationServices/Authentication/IAuthenticationContextFactory.cs b/Core.ApplicationServices/Authentication/IAuthenticationContextFactory.cs
@@ -0,0 +1,7 @@
+namespace Core.ApplicationServices.Authentication
+{
+    public interface IAuthenticationContextFactory
+    {
+        IAuthenticationContext Create();
+    }
+}
diff --git a/Core.ApplicationServices/AuthenticationService.cs b/Core.ApplicationServices/AuthenticationService.cs
@@ -14,7 +14,7 @@ public class AuthenticationService : IAuthenticationService
     {
         private readonly IGenericRepository<User> _userRepository;
 
-        public readonly IFeatureChecker _featureChecker;
+        private readonly IFeatureChecker _featureChecker;
 
         public AuthenticationService(IGenericRepository<User> userRepository, IFeatureChecker featureChecker)
         {
@@ -28,23 +28,6 @@ public bool IsGlobalAdmin(int userId)
             return user.IsGlobalAdmin;
         }
 
-        /// <summary>
-        /// Checks if the user is local admin in a respective organization.
-        /// </summary>
-        /// <param name="userId"></param>
-        /// <param name="organizationId"></param>
-        /// <returns></returns>
-        public bool IsLocalAdmin(int userId, int organizationId)
-        {
-            var user = _userRepository.AsQueryable()
-                .SingleOrDefault(x => x.Id == userId &&
-                    x.OrganizationRights.Any(
-                        right => right.Role == OrganizationRole.LocalAdmin &&
-                        right.OrganizationId == organizationId));
-
-            return user != null;
-        }
-
         /// <summary>
         /// Checks if the user is local admin in the current organization.
         /// </summary>
@@ -81,8 +64,14 @@ public bool HasReadAccessOutsideContext(int userId)
         /// <returns>Returns true if the user have read access to the given instance, else false.</returns>
         public bool HasReadAccess(int userId, IEntity entity)
         {
-            var user = _userRepository.AsQueryable().Single(x => x.Id == userId);
-            var loggedIntoOrganizationId = user.DefaultOrganizationId.Value;
+            var user = _userRepository.GetByKey(userId);
+
+            var loggedIntoOrganizationId = user.DefaultOrganizationId.GetValueOrDefault(-1);
+            if (loggedIntoOrganizationId == -1)
+            {
+                return false;
+            }
+
             // check if global admin
             if (user.IsGlobalAdmin)
             {
@@ -136,24 +125,31 @@ public bool HasWriteAccess(int userId, IEntity entity)
         {
             var user = _userRepository.AsQueryable().Single(x => x.Id == userId);
             AssertUserIsNotNull(user);
-            var loggedIntoOrganizationId = user.DefaultOrganizationId.Value;
+            var loggedIntoOrganizationId = user.DefaultOrganizationId.GetValueOrDefault(-1);
+
+            if (loggedIntoOrganizationId == -1)
+            {
+                return false;
+            }
 
             // check if global admin
             if (user.IsGlobalAdmin)
             {
                 // global admin always have access
                 return true;
             }
-            //check if user is readonly
-            if (user.IsReadOnly) {
-                return false;
+
+            // check "Forretningsroller" for the entity
+            if (entity.HasUserWriteAccess(user))
+            {
+                return true;
             }
 
-            //User has access if user created entity
-            //if (user.IsLocalAdmin && entity.ObjectOwnerId == user.Id)
-            //{
-            //    return true;
-            //}
+            // check ReadOnly
+            if (user.IsReadOnly)
+            {
+                return false;
+            }
 
             //Check if user is allowed to set accessmodifier to public
             var accessModifier = (entity as IHasAccessModifier)?.AccessModifier;
@@ -175,6 +171,7 @@ public bool HasWriteAccess(int userId, IEntity entity)
                         return false;
                     }
                 }
+
                 else if (!_featureChecker.CanExecute(user, Feature.CanSetAccessModifierToPublic))
                 {
                     return false;
@@ -212,18 +209,13 @@ public bool HasWriteAccess(int userId, IEntity entity)
             if (_featureChecker.CanExecute(user, Feature.CanModifyReports) && entity is IReportModule)
                 return true;
 
-            // check if user has a write role on the target entity
-            if (entity.HasUserWriteAccess(user))
-                return true;
-
             // check if user is object owner
-            if (entity.ObjectOwnerId == user.Id)
+            if (entity.ObjectOwner != null && entity.ObjectOwner.Id == user.Id && (entity is IProjectModule || entity is ISystemModule || entity is ItContract || entity is IReportModule))
             {
                 // object owners have write access to their objects if they're within the context,
                 // else they'll have to switch to the correct context and try again
                 return true;
-
-            }
+            }            
 
             // User is a special case
             if (entity is User && (entity.Id == user.Id || _featureChecker.CanExecute(user, Feature.CanModifyUsers)))

diff --git a/Core.ApplicationServices/Authorization/AuthorizationContextFactory.cs b/Core.ApplicationServices/Authorization/AuthorizationContextFactory.cs
@@ -0,0 +1,12 @@
+namespace Core.ApplicationServices.Authorization
+{
+    public class AuthorizationContextFactory : IAuthorizationContextFactory
+    {
+        public IAuthorizationContext Create(IOrganizationalUserContext userContext)
+        {
+            return userContext is UnauthenticatedUserContext
+                ? new UnauthenticatedAuthorizationContext()
+                : (IAuthorizationContext) new OrganizationAuthorizationContext(userContext);
+        }
+    }
+}
diff --git a/Core.ApplicationServices/Authorization/IAuthorizationContext.cs b/Core.ApplicationServices/Authorization/IAuthorizationContext.cs
@@ -0,0 +1,57 @@
+using Core.DomainModel;
+using Core.DomainServices.Authorization;
+
+namespace Core.ApplicationServices.Authorization
+{
+    public interface IAuthorizationContext
+    {
+        /// <summary>
+        /// Determine the granularity of cross organization read access supported by the current authorization context
+        /// </summary>
+        /// <returns></returns>
+        CrossOrganizationDataReadAccessLevel GetCrossOrganizationReadAccess();
+        /// <summary>
+        /// Determines, at a high level, the depth of read-access which is allowed on objects within the target organization wrt. the active organization.
+        /// NOTE: Does not provide entity-level access rights. Just answers the question if ANY access at all can be granted.
+        /// </summary>
+        /// <param name="organizationId"></param>
+        /// <returns></returns>
+        OrganizationDataReadAccessLevel GetOrganizationReadAccessLevel(int organizationId);
+        /// <summary>
+        /// Determines if read-access is allowed for the provided entity
+        /// </summary>
+        /// <param name="entity"></param>
+        /// <returns></returns>
+        bool AllowReads(IEntity entity);
+        /// <summary>
+        /// Determines if create-access is allowed for the provided entity type
+        /// </summary>
+        /// <returns></returns>
+        bool AllowCreate<T>();
+        /// <summary>
+        /// Determines if create-access is allowed for the provided entity type and with the representation passed in <paramref name="entity"/>
+        /// </summary>
+        /// <typeparam name="T"></typeparam>
+        /// <param name="entity"></param>
+        /// <returns></returns>
+        bool AllowCreate<T>(IEntity entity);
+        /// <summary>
+        /// Determines if update-access is allowed for the provided entity
+        /// </summary>
+        /// <param name="entity"></param>
+        /// <returns></returns>
+        bool AllowModify(IEntity entity);
+        /// <summary>
+        /// Determines if delete-access is allowed for the provided entity
+        /// </summary>
+        /// <param name="entity"></param>
+        /// <returns></returns>
+        bool AllowDelete(IEntity entity);
+        /// <summary>
+        /// Determines if write-access is allowed to entity's visibility control
+        /// </summary>
+        /// <param name="entity"></param>
+        /// <returns></returns>
+        bool AllowEntityVisibilityControl(IEntity entity);
+    }
+}
diff --git a/Core.ApplicationServices/Authorization/IAuthorizationContextFactory.cs b/Core.ApplicationServices/Authorization/IAuthorizationContextFactory.cs
@@ -0,0 +1,7 @@
+namespace Core.ApplicationServices.Authorization
+{
+    public interface IAuthorizationContextFactory
+    {
+        IAuthorizationContext Create(IOrganizationalUserContext userContext);
+    }
+}
diff --git a/Core.ApplicationServices/Authorization/IOrganizationalUserContext.cs b/Core.ApplicationServices/Authorization/IOrganizationalUserContext.cs
@@ -0,0 +1,19 @@
+using Core.DomainModel;
+using Core.DomainModel.Organization;
+
+namespace Core.ApplicationServices.Authorization
+{
+    public interface IOrganizationalUserContext
+    {
+        int ActiveOrganizationId { get; }
+        int UserId { get; }
+        bool IsActiveInOrganizationOfType(OrganizationCategory category);
+        bool HasRole(OrganizationRole role);
+        bool HasModuleLevelAccessTo(IEntity entity);
+        bool IsActiveInOrganization(int organizationId);
+        bool IsActiveInSameOrganizationAs(IEntity entity);
+        bool HasAssignedWriteAccess(IEntity entity);
+        bool HasOwnership(IEntity entity);
+        bool CanChangeVisibilityOf(IEntity entity);
+    }
+}
diff --git a/Core.ApplicationServices/Authorization/IUserContextFactory.cs b/Core.ApplicationServices/Authorization/IUserContextFactory.cs
@@ -0,0 +1,7 @@
+namespace Core.ApplicationServices.Authorization
+{
+    public interface IUserContextFactory
+    {
+        IOrganizationalUserContext Create(int userId, int organizationId);
+    }
+}