Versions Compared

Version Old Version 3 New Version 4
Changes made by

Marc Probst

Marc Probst

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

On this page all the generic security filters are listed, In general, they can be applied to all possible DB entities of the CoreOne Suite.

Table of Contents

GenericFullAccessFilter

This filter will give you unrestricted access to the entity for the chosen DB operation.

...

For example, because I have read rights to the core identity, I’m allowed to read its attribute values.

GenericSubFiltersFilter

This filter will give access to the DB entity only when the filter for the referenced object matches the chosen security mode as well.

This filter can be used for up to four reference types, then all four security filters have to match in an and combination.

Code Block
/// <typeparam name="TDtoType">The interface type of the db entity this security filter should be applied to</typeparam>
/// <typeparam name="TReferenceDtoType">The interface type of the db entity

...

where the security should be taken from</typeparam>
/// <param name="referenceSecurityMode">What security mode should be check for TReferenceDtoType</param>
/// <param name="referenceProperty">How the system can resolve TReferenceDtoType from TDtoType</param>
GenericSubFiltersFilter<TDtoType, TReferenceDtoType>(SecurityMode referenceSecurityMode, Expression<Func<TDtoType, TReferenceDtoType>> referenceProperty)
GenericSubFiltersFilter<TDtoType, TReferenceDtoType1, TReferenceDtoType2>(SecurityMode referenceSecurityMode, Expression<Func<TDtoType, TReferenceDtoType1>> referenceProperty, SecurityMode referenceSecurityMode2, Expression<Func<TDtoType, TReferenceDtoType2>> referenceProperty2)
...
GenericSubFiltersFilter<TDtoType, TReferenceDtoType1, TReferenceDtoType2, TReferenceDtoType3, TReferenceDtoType4>(SecurityMode referenceSecurityMode1, Expression<Func<TDtoType, TReferenceDtoType1>> referenceProperty1, SecurityMode referenceSecurityMode2,Expression<Func<TDtoType, TReferenceDtoType2>> referenceProperty2, SecurityMode referenceSecurityMode3, Expression<Func<TDtoType, TReferenceDtoType3>> referenceProperty3, SecurityMode referenceSecurityMode4,Expression<Func<TDtoType, TReferenceDtoType3>> referenceProperty4)

Example

Code Block
new GenericSubFiltersFilter<IOrganizationUnitAttributeValue, IOrganizationUnit>(SecurityMode.Update, a => a.OrganizationUnit)

...

GenericCollectionSubFiltersFilter

This filter gives you permission for the entity type only when your core identity id is present in a related collection

Code Block
new GenericMyCoreIdentityCollectionFilter<ICoreIdentityTypeAttributeMapping, ICoreIdentity>(ct => ct.CoreIdentityType.CoreIdentities, c => c.Id)

The first generic is the type you want to give access to.

The second generic is the type of item in the related collection.

The first parameter is the property chain to the collection

The second parameter is the property chain to the property that has to match your core identity id

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyCoreIdentityCollectionFilter`2[[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.ICoreIdentityTypeAttributeMapping, iTsense.Moving.Backend.Services.DmcoreService],[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.ICoreIdentity, iTsense.Moving.Backend.Services.DmcoreService]], iTsense.Moving.Backend.DataHandling",
  "NotContains": false,
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "CoreIdentityType",
      "CoreIdentities"
    ]
  },
  "SubPropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "Id"
    ]
  }
}

GenericMyCoreIdentityFilter / GenericMyCoreIdentityStringValueFilter

This filter gives you permission for the entity type only when your core identity id matches the value of the property chain

Code Block
new GenericMyCoreIdentityFilter<IRoleAssignmentApproval>(i => i.CoreIdentity.Id))

The first generic is the type you want to give access to.

The first parameter is the property chain to the property that has to match your core identity id

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyCoreIdentityFilter`1[[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Servicedmcore.IResourceAssignmentApproval, iTsense.Moving.Backend.Services.DmcoreService]], iTsense.Moving.Backend.DataHandling",
  "NotContains": false,
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "CoreIdentity",
      "Id"
    ]
  }
}

GenericMyUserCollectionFilter

This filter gives you permission for the entity type only when your user id is present in a related collection

Code Block
new GenericMyUserCollectionFilter<IRoleClaim, IUser>(r => r.Users, u => u.Id)

The first generic is the type you want to give access to.

The second generic is the type of item in the related collection.

The first parameter is the property chain to the collection

The second parameter is the property chain to the property that has to match your user id

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyUserCollectionFilter`2[[iTsense.Moving.Backend.Services.CoreLogin.DataInterfaces.Servicecorelogin.IRoleClaim, iTsense.Moving.Backend.Services.CoreLogin],[iTsense.Moving.Backend.Services.CoreLogin.DataInterfaces.Servicecorelogin.IUser, iTsense.Moving.Backend.Services.CoreLogin]], iTsense.Moving.Backend.DataHandling",
  "NotContains": false,
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "Users"
    ]
  },
  "SubPropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "Id"
    ]
  }
}

GenericMyUserValueFilter/ GenericMyUserStringValueFilter

This filter gives you permission for the entity type only when your user id matches the value of the property chain

Code Block
new GenericMyUserValueFilter<IUser>(u => u.Id)

The first generic is the type you want to give access to.

The first parameter is the property chain to the property that has to match your user id

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericMyUserValueFilter`1[[iTsense.Moving.Backend.Services.CoreLogin.DataInterfaces.Servicecorelogin.IUser, iTsense.Moving.Backend.Services.CoreLogin]], iTsense.Moving.Backend.DataHandling",
  "NotContains": false,
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "Id"
    ]
  }
}

GenericPropertyChainFilter

This filter will give you access to the entity type only when the value of the property chain matches the type and the value of one of the filter values

...

will give access to the DB entity only when the filter for the referenced object matches a least one item in the collection of referenced objects.

Code Block
/// <typeparam name="TDtoType">The interface type of the db entity this security filter should be applied to</typeparam>
/// <typeparam name="TReferenceCollectionDtoType1">The interface type of the db entity where the security should be taken from</typeparam>
/// <param name="referenceDtoTypeSecurityMode">What security mode should be check for TReferenceCollectionDtoType1</param>
/// <param name="referenceProperty">How the system can resolve TReferenceCollectionDtoType1 from TDtoType</param>
GenericCollectionSubFiltersFilter<TDtoType, TReferenceCollectionDtoType1>(SecurityMode referenceDtoTypeSecurityMode, Expression<Func<TDtoType, IEnumerable<TReferenceCollectionDtoType1>>> referenceProperty)

Example

Code Block
new GenericCollectionSubFiltersFilter<IEventHandlerType, IEventHandler>(SecurityMode.Read, n => n.EventHandlers)

Property Chain Filter

The property chain filters give access to the DB entity when the resolved value of the property of the chain matches the one of the filter values.

GenericPropertyChainFilter

Code Block
/// <typeparam name="TDtoObject">The interface type of the db entity this security filter should be applied to</typeparam>
/// <typeparam name="TFilterPropertyType">The type of the filters</typeparam>
/// <param name="propertyChain">The path from the entity to the property that should be compared with the filter values</param>
/// <param name="filterValues">The filter values that have to match with the property value</param>
GenericPropertyChainFilter<TDtoObject, TFilterPropertyType>(Expression<Func<TDtoObject, TFilterPropertyType>> propertyChain, params TFilterPropertyType[] filterValues)

Example

Code Block
new GenericPropertyChainFilter<IActivityButton, bool>(m => m.AllowExecutionAsOwner, true)

GenericPropertyChainStringFilter

This filter allows us to check the security with a text filter with some search behaviors like contains or start with.

Code Block
/// <typeparam name="TDtoObject">The interface type of the db entity this security filter should be applied to</typeparam>
/// <param name="propertyChain">The path from the entity to the property that should be compared with the filter values</param>
/// <param name="stringFilterBehaviour">The behaviour how the filter will be applied to the property</param>
/// <param name="filterValue">The filter string value</param>
GenericPropertyChainStringFilter<TDtoObject> (Expression<Func<TDtoObject, string>> propertyChain, StringFilterBehaviour stringFilterBehaviour, string filterValue)

Possible values for stringFilterBehaviour

Code Block
Equals,
StartsWith,
EndsWith,
Contains

Example

Code Block
new GenericPropertyChainStringFilter<ICoreIdentity, bool>(m => m.AllowExecutionAsOwnerReadOnlyDisplayName, true)

The first generic is the type you want to give access to.

The second generic is the type of the filter values

The first parameter is the property chain to the property that has to match with your filter values

The second parameter is the filter values

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Role.SecurityRight, iTsense.Moving.Backend.DataHandling",
  "Filter": {
    "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericPropertyChainFilter`2[[iTsense.Moving.Backend.Services.DmcoreService.DataInterfaces.Serviceskynet.IActivityButton, iTsense.Moving.Backend.Services.DmcoreService],[System.Boolean, mscorlib]], iTsense.Moving.Backend.DataHandling",
    "FilterValues": {
      "$type": "System.Boolean[], mscorlib",
      "$values": [
        true
      ]
    },
    "NotContains": false,
    "PropertyChain": {
      "$type": "System.String[], mscorlib",
      "$values": [
        "AllowExecutionAsOwner"
      ]
    }
  }

CoreIdentityAttributeValueFilter

This filter will give you access to a core identity only when the core identity has an attribute value that matches the filter

Code Block
new CoreIdentityAttributeValueFilter<uint>(c => c.Attribute.Id, 1, StringFilterBehaviour.EndsWith, "li", "string")

The first generic is the type of the attribute id

The first parameter the chain to the attribute id

The second parameter the requested attribute id

The third parameter the requested search behavior

  • Equals - value 0

  • StartsWith - 1

  • EndsWith - 2

  • Contains - 3

The fourth parameter the search value

The fifth parameter is the type of the serialized attribute value

Code Block
{
  "$type": "iTsense.Moving.Backend.Services.DmcoreService.CoreIdentity.Security.Filter.CoreIdentityAttributeValueFilter`1[[System.UInt32, mscorlib]], iTsense.Moving.Backend.Services.DmcoreService",
  "AttributeValueType": "string",
  "AttributeValueFilterValue": "li",
  "AttributeValueFilterBehaviour": 2,
  "FilterValue": 1,
  "NotContains": false,
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "CoreIdentityAttributeValues"
    ]
  },
  "SubPropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "Attribute",
      "Id"
    ]
  }
}StringFilterBehaviour.Contains,"Test")

GenericCollectionPropertyChainFilter

This filter allows checking a reference collection if one of these objects matches the filter value.

Code Block
/// <typeparam name="TDtoObject">The interface type of the db entity this security filter should be applied to</typeparam>
/// <typeparam name="TDtoCollectionObject">The interface type of the db entity of the related collection</typeparam>
/// <typeparam name="TFilterPropertyType">The type of the filters</typeparam>
/// <param name="propertyChain">The path from the entity to the property that should be compared with the filter values</param>
/// <param name="subPropertyChain">The path to the collection of type TDtoCollectionObject</param>
/// <param name="filterValues">The filter values that have to match with the property value</param>
GenericCollectionPropertyChainFilter<TDtoObject, TDtoCollectionObject, TFilterPropertyType> (Expression<Func<TDtoObject, IEnumerable<TDtoCollectionObject>>> propertyChain, Expression<Func<TDtoCollectionObject, TFilterPropertyType>> subPropertyChain, params TFilterPropertyType[] filterValues)

My core identity filters

GenericMyCoreIdentityFilter / GenericMyCoreIdentityStringValueFilter

This filter gives you permission for the entity type only when your core identity id matches the value of the property chain

Code Block
new GenericMyCoreIdentityFilter<IRoleAssignmentApproval>(i => i.CoreIdentity.Id))

GenericMyCoreIdentityCollectionFilter

This filter gives you permission for the entity type only when your core identity id is present in a related collection

Code Block
new GenericMyCoreIdentityCollectionFilter<ICoreIdentityTypeAttributeMapping, ICoreIdentity>(ct => ct.CoreIdentityType.CoreIdentities, c => c.Id)

My user filters

GenericMyUserCollectionFilter

This filter gives you permission for the entity type only when your user id is present in a related collection

Code Block
new GenericMyUserCollectionFilter<IRoleClaim, IUser>(r => r.Users, u => u.Id)

GenericMyUserValueFilter/ GenericMyUserStringValueFilter

This filter gives you permission for the entity type only when your user id matches the value of the property chain

Code Block
new GenericMyUserValueFilter<IUser>(u => u.Id)

Context filter

GenericContextPropertyChainFilter

...

Code Block
new GenericContextPropertyChainFilter<IEventHandler>(new ContextPropertyFilter<IEventHandler>(new[]
{
    new ContextPropertyFilterDefintion<IEventHandler>(e => e.EventHandlerType.Id, CoreLoginAssignmentContextTypes.OrganizationUnit),
    new ContextPropertyFilterDefintion<IEventHandler>(e => e.Id, CoreLoginAssignmentContextTypes.User)
}));

The first generic is the type you want to give access.

The first parameter is an array of filters of type ContextPropertyFilterDefintion in this filter you define what property of the entity has to match to what context type.

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericContextPropertyChainFilter`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
  "Filter": {
    "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilter`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
    "Filters": {
      "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer]][], iTsense.Moving.Backend.DataHandling",
      "$values": [
        {
          "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
          "PropertyChain": {
            "$type": "System.String[], mscorlib",
            "$values": [
              "EventHandlerType",
              "Id"
            ]
          },
          "ContextType": 1
        },
        {
          "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
          "PropertyChain": {
            "$type": "System.String[], mscorlib",
            "$values": [
              "Id"
            ]
          },
          "ContextType": 2
        }
      ]
    }
  }
}

GenericContextCollectionPropertyChainFilter

...

Code Block
new GenericContextCollectionPropertyChainFilter<IEventHandler, IEventSubscription>(e => e.EventSubscriptions, new ContextPropertyFilter<IEventSubscription>(new[]
{
    new ContextPropertyFilterDefintion<IEventSubscription>(e => e.EventHandler.Id, CoreLoginAssignmentContextTypes.OrganizationUnit),
    new ContextPropertyFilterDefintion<IEventSubscription>(e => e.Id, CoreLoginAssignmentContextTypes.User)
}));

The first generic is the type you want to give access.

The second generic is the type of the item in the related collection.

The first parameter is an array of filters of type ContextPropertyFilterDefintion in this filter you define what property of the entity has to match to what context type.

Code Block
{
  "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.GenericContextCollectionPropertyChainFilter`2[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventHandler, iTsense.Moving.Backend.Common.Dbs.AppCustomer],[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventSubscription, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
  "PropertyChain": {
    "$type": "System.String[], mscorlib",
    "$values": [
      "EventSubscriptions"
    ]
  },
  "Filter": {
    "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilter`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventSubscription, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
    "Filters": {
      "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventSubscription, iTsense.Moving.Backend.Common.Dbs.AppCustomer]][], iTsense.Moving.Backend.DataHandling",
      "$values": [
        {
          "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventSubscription, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
          "PropertyChain": {
            "$type": "System.String[], mscorlib",
            "$values": [
              "EventHandler",
              "Id"
            ]
          },
          "ContextType": 1
        },
        {
          "$type": "iTsense.Moving.Backend.DataHandling.Security.Filter.FilterBases.ContextPropertyFilterDefintion`1[[iTsense.Moving.Backend.Common.Dbs.AppCustomer.DataInterfaces.Subscription.IEventSubscription, iTsense.Moving.Backend.Common.Dbs.AppCustomer]], iTsense.Moving.Backend.DataHandling",
          "PropertyChain": {
            "$type": "System.String[], mscorlib",
            "$values": [
              "Id"
            ]
          },
          "ContextType": 2
        }
      ]
    }
  }
}