Class WMAccessManager

Manages access privileges throughout the WM API

Inheritance
object
WMAccessManager
Inherited Members
Namespace: Quantellia.WMServer.Auth.Model.UserAccess
Assembly: WMServer.dll
Syntax
public static class WMAccessManager

Properties

WMServerApplicationID

The ApplicationID for all base WMServer resources and operations.

Declaration
public static string WMServerApplicationID { get; }
Property Value
Type Description
string

Methods

EnsurePermissionAsync(WMPrincipal, WMResource, WMOperation, string, AuthDbContext)

Ensures that the specified user has permission to perform the given operation on the given asset. Throws an exception if not.

Declaration
public static Task EnsurePermissionAsync(WMPrincipal principal, WMBaseResouceOperation.WMResource resource, WMBaseResouceOperation.WMOperation operation, string organizationID, AuthDbContext context = null)
Parameters
Type Name Description
WMPrincipal principal

The user in question
WMBaseResouceOperation.WMResource resource

The asset in question.
WMBaseResouceOperation.WMOperation operation

The operation in question.
string organizationID

The organization that owns the permission.
AuthDbContext context
Returns
Type Description
Task

EnsurePermissionAsync<A>(WMPrincipal, A?, WMOperation, AuthDbContext)

Ensures that the specified user has permission to perform the given operation on the given asset. Throws an exception if not.

Declaration
public static Task EnsurePermissionAsync<A>(WMPrincipal principal, A? resource, WMBaseResouceOperation.WMOperation operation, AuthDbContext context = null) where A : IWMOwnableResource, new()
Parameters
Type Name Description
WMPrincipal principal

The user in question
A resource

The asset in question.
WMBaseResouceOperation.WMOperation operation

The operation in question.
AuthDbContext context
Returns
Type Description
Task
Type Parameters
Name Description
A

An asset type parameter that denotes the resource.

GetAccessControlOrganizations(WMPrincipal, WMResource, WMOperation, AuthDbContext)

This IQueryable queries all organizations who provide access for a given WMServer resource-operation pair to the user.

Declaration
public static Task<List<string>> GetAccessControlOrganizations(WMPrincipal principal, WMBaseResouceOperation.WMResource resource, WMBaseResouceOperation.WMOperation operation, AuthDbContext context = null)
Parameters
Type Name Description
WMPrincipal principal

The user in question
WMBaseResouceOperation.WMResource resource

The resource in question
WMBaseResouceOperation.WMOperation operation

The operation in question
AuthDbContext context
Returns
Type Description
Task<List<string>>

All organizations that give access to this resource-operation to the user.

GetAccessControlOrganizations(WMPrincipal, string, string, string, AuthDbContext)

This IQueryable queries all organizations who provide access for a given resource-operation pair to the user.

Declaration
public static Task<List<string>> GetAccessControlOrganizations(WMPrincipal principal, string applicationID, string resource, string operation, AuthDbContext context = null)
Parameters
Type Name Description
WMPrincipal principal

The user in question
string applicationID

The application this resource-operation pair belongs to. WMServer by default.
string resource

The resource in question
string operation

The operation in question
AuthDbContext context
Returns
Type Description
Task<List<string>>

All organizationIDs that give access to this resource-operation to the user.

GetAccessControlOrganizations<A>(WMPrincipal, WMOperation, AuthDbContext)

This IQueryable queries all organizations who provide access for a given WMServer resource-operation pair to the user, where the resource is a WMServer asset given by A

Declaration
public static Task<List<string>> GetAccessControlOrganizations<A>(WMPrincipal principal, WMBaseResouceOperation.WMOperation operation, AuthDbContext context = null) where A : IWMOwnableResource, new()
Parameters
Type Name Description
WMPrincipal principal

The user in question
WMBaseResouceOperation.WMOperation operation

The operation in question
AuthDbContext context
Returns
Type Description
Task<List<string>>

All organizations that give access to this resource-operation to the user.
Type Parameters
Name Description
A

An asset type parameter that denotes the resource.

GetAuthorizedResourceIQueryable<A>(WMPrincipal, IQueryable<A>, WMAppDbContext)

Builds an IQueryable that makes up all resources the user has authorization to view. This IQueryable should be built before all other querying actions to ensure that no user has access to resources outside of their authorization.

Declaration
public static Task<IQueryable<A>> GetAuthorizedResourceIQueryable<A>(WMPrincipal principal, IQueryable<A> dbSet, WMAppDbContext context) where A : IWMOwnableResource, new()
Parameters
Type Name Description
WMPrincipal principal

The user.
IQueryable<A> dbSet

An IQueryable representing the table of all resources of type A. Must be .AsNoTracking()
WMAppDbContext context
Returns
Type Description
Task<IQueryable<A>>
Type Parameters
Name Description
A

The type of resource to return.

GetPermissionAsync(WMPrincipal, string, string, string, string, AuthDbContext)

Queries whether the specified user has permission to perform the given operation on the given resource for a given organization.

Declaration
public static Task<bool> GetPermissionAsync(WMPrincipal principal, string applicationID, string resource, string operation, string organizationID, AuthDbContext context = null)
Parameters
Type Name Description
WMPrincipal principal

The user in question
string applicationID

The application this resource exists in.
string resource

The resource.
string operation

The operation.
string organizationID

The organization granting or denying permission.
AuthDbContext context
Returns
Type Description
Task<bool>

True if permission is granted, False if denied.

IsAllowed(WMPrincipal, WMResource, WMOperation)

Test if the requested resource/operation is allowed for the specified user/agent. Only handles WMServer base resources and operations.

Declaration
public static Task<bool> IsAllowed(WMPrincipal principal, WMBaseResouceOperation.WMResource resource, WMBaseResouceOperation.WMOperation operation)
Parameters
Type Name Description
WMPrincipal principal

Principal identity requesting permission
WMBaseResouceOperation.WMResource resource

Resource to which acceess is being requested.
WMBaseResouceOperation.WMOperation operation

Action on the requested resource to which access is being requested.
Returns
Type Description
Task<bool>

true if access is granted. Otherwise, an exception is thrown with a messaged describing the reason that acceess was denied.

IsAllowed(WMPrincipal, string, string)

Test if the requested resource/operation is allowed for the specified user/agent. Only handles WMServer base resources and operations.

Declaration
public static Task<bool> IsAllowed(WMPrincipal principal, string resource, string operation)
Parameters
Type Name Description
WMPrincipal principal

Principal identity requesting permission
string resource

Resource to which acceess is being requested.
string operation

Action on the requested resource to which access is being requested.
Returns
Type Description
Task<bool>

true if access is granted. Otherwise, an exception is thrown with a messaged describing the reason that acceess was denied.

IsAllowed(WMPrincipal, string, string, string)

Test if the requested resource/operation is allowed for the specified user/agent

Declaration
public static Task<bool> IsAllowed(WMPrincipal principal, string applicationID, string resource, string operation)
Parameters
Type Name Description
WMPrincipal principal

Principal identity requesting permission
string applicationID

The application this resource exists in.
string resource

Resource to which acceess is being requested.
string operation

Action on the requested resource to which access is being requested.
Returns
Type Description
Task<bool>

true if access is granted. Otherwise, an exception is thrown with a messaged describing the reason that acceess was denied.