XAF 字段级权限扩展-根据对象选择属性
2011-05-21 10:46
555 查看
需要参考:/article/5190230.html
// Developer Express Code Central Example:
// How to implement the MemberLevel security manually (for example, to deny the 'Read' access for declared properties of some business class, and allow access for the inherited properties)
//
// Hello,
//
// This sample demonstrates how to implement the Member Level security
// manually.
//
// This is a workaround solution until we implement this feature in an
// out-of-the-box manner (see "Security.MemberLevel: Add an ability to protect some
// object's properties rather than an entire object (Field-level security)" at
// http://www.devexpress.com/issue=S19569). This approach doesn't protect
// information within Reports and Analysis modules, and anywhere else, where
// special controls are used.
//
// Currently, XAF Security is implemented at the UI
// level. For more details see:
// - "Allow injection of a new and independent
// functionality into the load business class process and into the 'get/set'
// methods of a certain property" at http://www.devexpress.com/issue=S30538 //
// For
// more details about this example, see:
// - "How to implement the MemberLevel
// security manually" at http://www.devexpress.com/kbid=K18110 //
// See also:
// -
// "Security: Roles that do not have a Read access level to an object should not
// see "protected content" items in Detail and List Views" at
// http://www.devexpress.com/issue=S30144 // - "Allow injection of a new and
// independent functionality into the load business class process and into the
// 'get/set' methods of a certain property" at
// http://www.devexpress.com/issue=S30538 // - "Security.MemberLevel: How to show a
// list of available properties (DropDown edit) for the "Member" editor (which is a
// TextEdit)?" at http://www.devexpress.com/issue=Q134009 //
// Thanks,
// Dan.
//
// You can find sample updates and versions for different programming languages here:
// http://www.devexpress.com/example=E485
using System;
using System.Collections.Generic;
using DevExpress.ExpressApp.Security;
using System.ComponentModel;
using DevExpress.Xpo;
using System.Security;
using DevExpress.Persistent.Base;
using DevExpress.Persistent.BaseImpl;
using DevExpress.Xpo.Metadata;
using System.Collections;
using DevExpress.Xpo.Metadata.Helpers;
using DevExpress.ExpressApp;
namespace MemberLevelSecurityDemo.Module {
public enum MemberOperation { NotAssigned, Read, Write }
public class MemberAccessPermissionItem {
private string memberName;
private Type objectType;
private MemberOperation operation;
private ObjectAccessModifier modifier;
public MemberAccessPermissionItem() { }
public MemberAccessPermissionItem(MemberAccessPermissionItem source) {
this.memberName = source.memberName;
this.objectType = source.objectType;
this.operation = source.operation;
this.modifier = source.modifier;
}
public Type ObjectType {
get { return objectType; }
set { objectType = value; }
}
public string MemberName {
get { return memberName; }
set { memberName = value; }
}
public MemberOperation Operation {
get { return operation; }
set { operation = value; }
}
public ObjectAccessModifier Modifier {
get { return modifier; }
set { modifier = value; }
}
}
[NonPersistent, DefaultProperty("DisplayName")]
public class MemberAccessPermission : PermissionBase
{
public string DisplayName { get { return this.ToString(); } }
private List<MemberAccessPermissionItem> items = new List<MemberAccessPermissionItem>();
private MemberAccessPermissionItem GetDesignModeItem() {
if(items.Count > 1) {
throw new InvalidOperationException();
}
if(items.Count == 0) {
items.Add(new MemberAccessPermissionItem());
}
return items[0];
}
private List<MemberAccessPermissionItem> CloneItems() {
List<MemberAccessPermissionItem> clonedItems = new List<MemberAccessPermissionItem>();
foreach(MemberAccessPermissionItem item in items) {
clonedItems.Add(new MemberAccessPermissionItem(item));
}
return clonedItems;
}
public MemberAccessPermission() { }
public MemberAccessPermission(Type objectType, string memberName, MemberOperation operation)
: this(objectType, memberName, operation, ObjectAccessModifier.Allow) {
}
public MemberAccessPermission(Type objectType, string memberName, MemberOperation operation, ObjectAccessModifier modifier) {
this.ObjectType = objectType;
this.MemberName = memberName;
this.Operation = operation;
this.Modifier = modifier;
}
public override System.Security.IPermission Union(System.Security.IPermission target) {
MemberAccessPermission result = (MemberAccessPermission)Copy();
result.items.AddRange(((MemberAccessPermission)target).CloneItems());
return result;
}
public override bool IsSubsetOf(System.Security.IPermission target) {
if(base.IsSubsetOf(target)) {
foreach(MemberAccessPermissionItem targetItem in ((MemberAccessPermission)target).items) {
if(targetItem.ObjectType == ObjectType
&& targetItem.MemberName == MemberName
&& targetItem.Operation == Operation) {
return targetItem.Modifier == Modifier;
}
}
return true;
}
return false;
}
[TypeConverter(typeof(PermissionTargetBusinessClassListConverter))]
public Type ObjectType {
get { return GetDesignModeItem().ObjectType; }
set { GetDesignModeItem().ObjectType = value; }
}
[DataSourceProperty("Types")]
[Custom("PropertyEditorType", "MemberLevelSecurityDemo.Module.WinStringArrayComboPropertyEditor")]
public string MemberName {
get { return GetDesignModeItem().MemberName; }
set { GetDesignModeItem().MemberName = value; }
}
public MemberOperation Operation {
get { return GetDesignModeItem().Operation; }
set { GetDesignModeItem().Operation = value; }
}
public ObjectAccessModifier Modifier {
get { return GetDesignModeItem().Modifier; }
set { GetDesignModeItem().Modifier = value; }
}
public override System.Security.SecurityElement ToXml() {
SecurityElement result = base.ToXml();
SecurityElement itemElement = new SecurityElement("MemberAccessPermissionItem");
itemElement.AddAttribute("Operation", Operation.ToString());
itemElement.AddAttribute("ObjectType", (ObjectType != null) ? ObjectType.ToString() : "");
itemElement.AddAttribute("Modifier", Modifier.ToString());
itemElement.AddAttribute("MemberName", MemberName.ToString());
result.AddChild(itemElement);
return result;
}
public override void FromXml(System.Security.SecurityElement element) {
items.Clear();
if(element.Children != null) {
if(element.Children.Count != 1) {
throw new InvalidOperationException();
}
SecurityElement childElement = (SecurityElement)element.Children[0];
ObjectType = ReflectionHelper.FindType(childElement.Attributes["ObjectType"].ToString());
Operation = (MemberOperation)Enum.Parse(typeof(MemberOperation), childElement.Attributes["Operation"].ToString());
Modifier = (ObjectAccessModifier)Enum.Parse(typeof(ObjectAccessModifier), childElement.Attributes["Modifier"].ToString());
MemberName = childElement.Attributes["MemberName"].ToString();
}
}
public override string ToString() {
return ((ObjectType != null) ? ObjectType.Name : "N/A") + "." + MemberName + " - " + Modifier + " " + Operation;
//return base.ToString();
}
public override System.Security.IPermission Copy() {
MemberAccessPermission result = new MemberAccessPermission();
result.items.AddRange(CloneItems());
return result;
}
[Browsable(false)]
public object Types
{
get { return GetTypes(); }
}
public string[] GetTypes()
{
return GetObjectProperties(ObjectType);
}
public string[] GetObjectProperties(Type objectType)
{
if (objectType == null) return null;
XPClassInfo classInfo = CurrentUser.Session.Dictionary.GetClassInfo(objectType);
if (classInfo != null)
return GetObjectProperties(classInfo, new ArrayList());
return new string[] { };
}
public string[] GetObjectProperties(XPClassInfo xpoInfo, ArrayList processed)
{
if (processed.Contains(xpoInfo)) return new string[] { };
processed.Add(xpoInfo);
ArrayList result = new ArrayList();
foreach (XPMemberInfo m in xpoInfo.PersistentProperties)
if (!(m is ServiceField) && m.IsPersistent)
{
result.Add(m.Name);
if (m.ReferenceType != null)
{
string[] childProps = GetObjectProperties(m.ReferenceType, processed);
foreach (string child in childProps)
result.Add(string.Format("{0}.{1}", m.Name, child));
}
}
foreach (XPMemberInfo m in xpoInfo.CollectionProperties)
{
string[] childProps = GetObjectProperties(m.CollectionElementType, processed);
foreach (string child in childProps)
result.Add(string.Format("{0}.{1}", m.Name, child));
}
return result.ToArray(typeof(string)) as string[];
}
private readonly User CurrentUser = SecuritySystem.CurrentUser as User;
}
}
// Developer Express Code Central Example:
// How to implement the MemberLevel security manually (for example, to deny the 'Read' access for declared properties of some business class, and allow access for the inherited properties)
//
// Hello,
//
// This sample demonstrates how to implement the Member Level security
// manually.
//
// This is a workaround solution until we implement this feature in an
// out-of-the-box manner (see "Security.MemberLevel: Add an ability to protect some
// object's properties rather than an entire object (Field-level security)" at
// http://www.devexpress.com/issue=S19569). This approach doesn't protect
// information within Reports and Analysis modules, and anywhere else, where
// special controls are used.
//
// Currently, XAF Security is implemented at the UI
// level. For more details see:
// - "Allow injection of a new and independent
// functionality into the load business class process and into the 'get/set'
// methods of a certain property" at http://www.devexpress.com/issue=S30538 //
// For
// more details about this example, see:
// - "How to implement the MemberLevel
// security manually" at http://www.devexpress.com/kbid=K18110 //
// See also:
// -
// "Security: Roles that do not have a Read access level to an object should not
// see "protected content" items in Detail and List Views" at
// http://www.devexpress.com/issue=S30144 // - "Allow injection of a new and
// independent functionality into the load business class process and into the
// 'get/set' methods of a certain property" at
// http://www.devexpress.com/issue=S30538 // - "Security.MemberLevel: How to show a
// list of available properties (DropDown edit) for the "Member" editor (which is a
// TextEdit)?" at http://www.devexpress.com/issue=Q134009 //
// Thanks,
// Dan.
//
// You can find sample updates and versions for different programming languages here:
// http://www.devexpress.com/example=E485
using System;
using System.Collections.Generic;
using System.Text;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.Base;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.DC;
namespace MemberLevelSecurityDemo.Module
{
public class MemberLevelObjectAccessComparer : ObjectAccessComparer
{
public override bool IsMemberReadGranted(Type requestedType, string propertyName, SecurityContextList securityContexts)
{
ITypeInfo typeInfo = XafTypesInfo.Instance.FindTypeInfo(requestedType);
IMemberInfo memberInfo = typeInfo.FindMember(propertyName);
foreach (IMemberInfo currentMemberInfo in memberInfo.GetPath())
{
if (!SecuritySystem.IsGranted(new MemberAccessPermission(currentMemberInfo.Owner.Type, currentMemberInfo.Name, MemberOperation.Read)))
{
return false;
}
}
return base.IsMemberReadGranted(requestedType, propertyName, securityContexts);
}
public override bool IsMemberModificationDenied(object targetObject, IMemberInfo memberInfo)
{
foreach (IMemberInfo currentMemberInfo in memberInfo.GetPath())
{
if (!SecuritySystem.IsGranted(new MemberAccessPermission(currentMemberInfo.Owner.Type, currentMemberInfo.Name, MemberOperation.Write)))
{
return true;
}
}
return base.IsMemberModificationDenied(targetObject, memberInfo);
}
}
}
// Developer Express Code Central Example:
// How to implement the MemberLevel security manually (for example, to deny the 'Read' access for declared properties of some business class, and allow access for the inherited properties)
//
// Hello,
//
// This sample demonstrates how to implement the Member Level security
// manually.
//
// This is a workaround solution until we implement this feature in an
// out-of-the-box manner (see "Security.MemberLevel: Add an ability to protect some
// object's properties rather than an entire object (Field-level security)" at
// http://www.devexpress.com/issue=S19569). This approach doesn't protect
// information within Reports and Analysis modules, and anywhere else, where
// special controls are used.
//
// Currently, XAF Security is implemented at the UI
// level. For more details see:
// - "Allow injection of a new and independent
// functionality into the load business class process and into the 'get/set'
// methods of a certain property" at http://www.devexpress.com/issue=S30538 //
// For
// more details about this example, see:
// - "How to implement the MemberLevel
// security manually" at http://www.devexpress.com/kbid=K18110 //
// See also:
// -
// "Security: Roles that do not have a Read access level to an object should not
// see "protected content" items in Detail and List Views" at
// http://www.devexpress.com/issue=S30144 // - "Allow injection of a new and
// independent functionality into the load business class process and into the
// 'get/set' methods of a certain property" at
// http://www.devexpress.com/issue=S30538 // - "Security.MemberLevel: How to show a
// list of available properties (DropDown edit) for the "Member" editor (which is a
// TextEdit)?" at http://www.devexpress.com/issue=Q134009 //
// Thanks,
// Dan.
//
// You can find sample updates and versions for different programming languages here:
// http://www.devexpress.com/example=E485
using System;
using System.Collections.Generic;
using DevExpress.ExpressApp.Security;
using System.ComponentModel;
using DevExpress.Xpo;
using System.Security;
using DevExpress.Persistent.Base;
using DevExpress.Persistent.BaseImpl;
using DevExpress.Xpo.Metadata;
using System.Collections;
using DevExpress.Xpo.Metadata.Helpers;
using DevExpress.ExpressApp;
namespace MemberLevelSecurityDemo.Module {
public enum MemberOperation { NotAssigned, Read, Write }
public class MemberAccessPermissionItem {
private string memberName;
private Type objectType;
private MemberOperation operation;
private ObjectAccessModifier modifier;
public MemberAccessPermissionItem() { }
public MemberAccessPermissionItem(MemberAccessPermissionItem source) {
this.memberName = source.memberName;
this.objectType = source.objectType;
this.operation = source.operation;
this.modifier = source.modifier;
}
public Type ObjectType {
get { return objectType; }
set { objectType = value; }
}
public string MemberName {
get { return memberName; }
set { memberName = value; }
}
public MemberOperation Operation {
get { return operation; }
set { operation = value; }
}
public ObjectAccessModifier Modifier {
get { return modifier; }
set { modifier = value; }
}
}
[NonPersistent, DefaultProperty("DisplayName")]
public class MemberAccessPermission : PermissionBase
{
public string DisplayName { get { return this.ToString(); } }
private List<MemberAccessPermissionItem> items = new List<MemberAccessPermissionItem>();
private MemberAccessPermissionItem GetDesignModeItem() {
if(items.Count > 1) {
throw new InvalidOperationException();
}
if(items.Count == 0) {
items.Add(new MemberAccessPermissionItem());
}
return items[0];
}
private List<MemberAccessPermissionItem> CloneItems() {
List<MemberAccessPermissionItem> clonedItems = new List<MemberAccessPermissionItem>();
foreach(MemberAccessPermissionItem item in items) {
clonedItems.Add(new MemberAccessPermissionItem(item));
}
return clonedItems;
}
public MemberAccessPermission() { }
public MemberAccessPermission(Type objectType, string memberName, MemberOperation operation)
: this(objectType, memberName, operation, ObjectAccessModifier.Allow) {
}
public MemberAccessPermission(Type objectType, string memberName, MemberOperation operation, ObjectAccessModifier modifier) {
this.ObjectType = objectType;
this.MemberName = memberName;
this.Operation = operation;
this.Modifier = modifier;
}
public override System.Security.IPermission Union(System.Security.IPermission target) {
MemberAccessPermission result = (MemberAccessPermission)Copy();
result.items.AddRange(((MemberAccessPermission)target).CloneItems());
return result;
}
public override bool IsSubsetOf(System.Security.IPermission target) {
if(base.IsSubsetOf(target)) {
foreach(MemberAccessPermissionItem targetItem in ((MemberAccessPermission)target).items) {
if(targetItem.ObjectType == ObjectType
&& targetItem.MemberName == MemberName
&& targetItem.Operation == Operation) {
return targetItem.Modifier == Modifier;
}
}
return true;
}
return false;
}
[TypeConverter(typeof(PermissionTargetBusinessClassListConverter))]
public Type ObjectType {
get { return GetDesignModeItem().ObjectType; }
set { GetDesignModeItem().ObjectType = value; }
}
[DataSourceProperty("Types")]
[Custom("PropertyEditorType", "MemberLevelSecurityDemo.Module.WinStringArrayComboPropertyEditor")]
public string MemberName {
get { return GetDesignModeItem().MemberName; }
set { GetDesignModeItem().MemberName = value; }
}
public MemberOperation Operation {
get { return GetDesignModeItem().Operation; }
set { GetDesignModeItem().Operation = value; }
}
public ObjectAccessModifier Modifier {
get { return GetDesignModeItem().Modifier; }
set { GetDesignModeItem().Modifier = value; }
}
public override System.Security.SecurityElement ToXml() {
SecurityElement result = base.ToXml();
SecurityElement itemElement = new SecurityElement("MemberAccessPermissionItem");
itemElement.AddAttribute("Operation", Operation.ToString());
itemElement.AddAttribute("ObjectType", (ObjectType != null) ? ObjectType.ToString() : "");
itemElement.AddAttribute("Modifier", Modifier.ToString());
itemElement.AddAttribute("MemberName", MemberName.ToString());
result.AddChild(itemElement);
return result;
}
public override void FromXml(System.Security.SecurityElement element) {
items.Clear();
if(element.Children != null) {
if(element.Children.Count != 1) {
throw new InvalidOperationException();
}
SecurityElement childElement = (SecurityElement)element.Children[0];
ObjectType = ReflectionHelper.FindType(childElement.Attributes["ObjectType"].ToString());
Operation = (MemberOperation)Enum.Parse(typeof(MemberOperation), childElement.Attributes["Operation"].ToString());
Modifier = (ObjectAccessModifier)Enum.Parse(typeof(ObjectAccessModifier), childElement.Attributes["Modifier"].ToString());
MemberName = childElement.Attributes["MemberName"].ToString();
}
}
public override string ToString() {
return ((ObjectType != null) ? ObjectType.Name : "N/A") + "." + MemberName + " - " + Modifier + " " + Operation;
//return base.ToString();
}
public override System.Security.IPermission Copy() {
MemberAccessPermission result = new MemberAccessPermission();
result.items.AddRange(CloneItems());
return result;
}
[Browsable(false)]
public object Types
{
get { return GetTypes(); }
}
public string[] GetTypes()
{
return GetObjectProperties(ObjectType);
}
public string[] GetObjectProperties(Type objectType)
{
if (objectType == null) return null;
XPClassInfo classInfo = CurrentUser.Session.Dictionary.GetClassInfo(objectType);
if (classInfo != null)
return GetObjectProperties(classInfo, new ArrayList());
return new string[] { };
}
public string[] GetObjectProperties(XPClassInfo xpoInfo, ArrayList processed)
{
if (processed.Contains(xpoInfo)) return new string[] { };
processed.Add(xpoInfo);
ArrayList result = new ArrayList();
foreach (XPMemberInfo m in xpoInfo.PersistentProperties)
if (!(m is ServiceField) && m.IsPersistent)
{
result.Add(m.Name);
if (m.ReferenceType != null)
{
string[] childProps = GetObjectProperties(m.ReferenceType, processed);
foreach (string child in childProps)
result.Add(string.Format("{0}.{1}", m.Name, child));
}
}
foreach (XPMemberInfo m in xpoInfo.CollectionProperties)
{
string[] childProps = GetObjectProperties(m.CollectionElementType, processed);
foreach (string child in childProps)
result.Add(string.Format("{0}.{1}", m.Name, child));
}
return result.ToArray(typeof(string)) as string[];
}
private readonly User CurrentUser = SecuritySystem.CurrentUser as User;
}
}
// Developer Express Code Central Example:
// How to implement the MemberLevel security manually (for example, to deny the 'Read' access for declared properties of some business class, and allow access for the inherited properties)
//
// Hello,
//
// This sample demonstrates how to implement the Member Level security
// manually.
//
// This is a workaround solution until we implement this feature in an
// out-of-the-box manner (see "Security.MemberLevel: Add an ability to protect some
// object's properties rather than an entire object (Field-level security)" at
// http://www.devexpress.com/issue=S19569). This approach doesn't protect
// information within Reports and Analysis modules, and anywhere else, where
// special controls are used.
//
// Currently, XAF Security is implemented at the UI
// level. For more details see:
// - "Allow injection of a new and independent
// functionality into the load business class process and into the 'get/set'
// methods of a certain property" at http://www.devexpress.com/issue=S30538 //
// For
// more details about this example, see:
// - "How to implement the MemberLevel
// security manually" at http://www.devexpress.com/kbid=K18110 //
// See also:
// -
// "Security: Roles that do not have a Read access level to an object should not
// see "protected content" items in Detail and List Views" at
// http://www.devexpress.com/issue=S30144 // - "Allow injection of a new and
// independent functionality into the load business class process and into the
// 'get/set' methods of a certain property" at
// http://www.devexpress.com/issue=S30538 // - "Security.MemberLevel: How to show a
// list of available properties (DropDown edit) for the "Member" editor (which is a
// TextEdit)?" at http://www.devexpress.com/issue=Q134009 //
// Thanks,
// Dan.
//
// You can find sample updates and versions for different programming languages here:
// http://www.devexpress.com/example=E485
using System;
using System.Collections.Generic;
using System.Text;
using DevExpress.ExpressApp.Security;
using DevExpress.Persistent.Base;
using DevExpress.ExpressApp;
using DevExpress.ExpressApp.DC;
namespace MemberLevelSecurityDemo.Module
{
public class MemberLevelObjectAccessComparer : ObjectAccessComparer
{
public override bool IsMemberReadGranted(Type requestedType, string propertyName, SecurityContextList securityContexts)
{
ITypeInfo typeInfo = XafTypesInfo.Instance.FindTypeInfo(requestedType);
IMemberInfo memberInfo = typeInfo.FindMember(propertyName);
foreach (IMemberInfo currentMemberInfo in memberInfo.GetPath())
{
if (!SecuritySystem.IsGranted(new MemberAccessPermission(currentMemberInfo.Owner.Type, currentMemberInfo.Name, MemberOperation.Read)))
{
return false;
}
}
return base.IsMemberReadGranted(requestedType, propertyName, securityContexts);
}
public override bool IsMemberModificationDenied(object targetObject, IMemberInfo memberInfo)
{
foreach (IMemberInfo currentMemberInfo in memberInfo.GetPath())
{
if (!SecuritySystem.IsGranted(new MemberAccessPermission(currentMemberInfo.Owner.Type, currentMemberInfo.Name, MemberOperation.Write)))
{
return true;
}
}
return base.IsMemberModificationDenied(targetObject, memberInfo);
}
}
}
相关文章推荐
- 有选择的复制对象,即根据客户端传值来复制对象属性值
- sharepoint 2010 扩展调查字段属性(3)-根据权限设置是否允许多次回复
- sharepoint 2010 扩展调查字段属性(6)-增加图片支持-多选-根据权限控制是否允许用户多次评选
- 浅谈JavaScript对象数组根据某属性sort升降序排序
- Kotlin编程之扩展属性和扩展伴生对象
- JS中禁止对象属性扩展、密封对象、冻结对象
- 根据Spring上下文对象xxxContext获得*.properties属性文件中的配置属性值
- 根据对象实例查找属性(反射小例子)
- java使用Comparator根据list对象的属性进行排序
- 对象数组根据某属性列的灵活排序 (续)
- sap 根据权限对象查询所用用户、参数文件、角色等的事务代码
- Linux中文件系统的权限管理(普通权限,特殊权限,文件的扩展属性,FACL)
- List 根据对象的属性自定义排序
- List集合中的对象根据属性排序
- ES6-对象的扩展-属性的可枚举性和遍历
- JS中禁止对象属性扩展、密封对象、冻结对象
- 根据对象中某一属性进行升序降序排序的javascript实现
- ObservableCollection动态数据集合根据对象属性排序
- 自己试验在spring的环绕通知里获取目标对象的类名和目标方法的参数类名,用于根据自定义注解判断访问权限,有没有更好的办法,高手指点一下
- 对象数组根据某属性列的灵活排序