{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Introduction","type":"text"}]},{"type":"paragraph","content":[{"text":"On this page all the generic security filters are listed, In general, they can be applied to all possible DB entities of the CoreOne Suite.","type":"text"}]},{"type":"paragraph"},{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{},"macroMetadata":{"macroId":{"value":"576f5603-2c19-478d-b9cb-f5193153645b"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"592a8de9-19f4-4939-bb30-920ebf2eb64d"}},{"type":"heading","attrs":{"level":1},"content":[{"text":"Filter","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"General","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericFullAccessFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter will give you unrestricted access to the entity for the chosen DB operation.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity the full access should be applied to\nGenericNoAccessFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericNoAccessFilter()","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericNoAccessFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter will give you no access to the entity for the chosen DB operation","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity the no access should be applied to\nnew GenericNoAccessFilter();","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericNoAccessFilter()","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"SecurityFilterCollection","type":"text"}]},{"type":"paragraph","content":[{"text":"When you want to combine one or more filters together you can use the security filter collection.","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, you want to build a security filter that allows you to read core identities of type Standard but only when the name starts with ‘Ma’, then you have to combine GenericPropertyChainFilter with a GenericPropertyChainStringFilter in a and relation. This you can do with a security filter collection.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// If the filter should be combined with or or and \n/// The security filter you want to combine\nstatic SecurityFilterCollection Create(Type dtoType, FilterCollectionMode collectionMode, ISecurityFilter[] filters)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Sub Filters","type":"text"}]},{"type":"paragraph","content":[{"text":"The sub-filters will give you access to an entity based on the configured security of a related entity.","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, because I have read rights to the core identity, I’m allowed to read its attribute values.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericSubFiltersFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter will give access to the DB entity only when the filter for the referenced object matches the chosen security mode as well.","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter can be used for up to four reference types, then all four security filters have to match in an and combination.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity where the security should be taken from\n/// What security mode should be check for TReferenceDtoType\n/// How the system can resolve TReferenceDtoType from TDtoType\nGenericSubFiltersFilter(SecurityMode referenceSecurityMode, Expression> referenceProperty)\nGenericSubFiltersFilter(SecurityMode referenceSecurityMode, Expression> referenceProperty, SecurityMode referenceSecurityMode2, Expression> referenceProperty2)\n...\nGenericSubFiltersFilter(SecurityMode referenceSecurityMode1, Expression> referenceProperty1, SecurityMode referenceSecurityMode2,Expression> referenceProperty2, SecurityMode referenceSecurityMode3, Expression> referenceProperty3, SecurityMode referenceSecurityMode4,Expression> referenceProperty4)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericSubFiltersFilter(SecurityMode.Update, a => a.OrganizationUnit)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericCollectionSubFiltersFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter will give access to the DB entity only when the filter for the referenced object matches a least one item in the collection of referenced objects.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity where the security should be taken from\n/// What security mode should be check for TReferenceCollectionDtoType1\n/// How the system can resolve TReferenceCollectionDtoType1 from TDtoType\nGenericCollectionSubFiltersFilter(SecurityMode referenceDtoTypeSecurityMode, Expression>> referenceProperty)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericCollectionSubFiltersFilter(SecurityMode.Read, n => n.EventHandlers)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Property Chain Filter","type":"text"}]},{"type":"paragraph","content":[{"text":"The property chain filters give access to the DB entity when the resolved value of the property of the chain matches the one of the filter values.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericPropertyChainFilter","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The type of the filters\n/// The path from the entity to the property that should be compared with the filter values\n/// The filter values that have to match with the property value\nGenericPropertyChainFilter(Expression> propertyChain, params TFilterPropertyType[] filterValues) ","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericPropertyChainFilter(m => m.AllowExecutionAsOwner, true)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericPropertyChainStringFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter allows us to check the security with a text filter with some search behaviors like contains or start with.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The path from the entity to the property that should be compared with the filter values\n/// The behaviour how the filter will be applied to the property\n/// The filter string value\nGenericPropertyChainStringFilter (Expression> propertyChain, StringFilterBehaviour stringFilterBehaviour, string filterValue)","type":"text"}]},{"type":"paragraph","content":[{"text":"Possible values for stringFilterBehaviour","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"Equals,\nStartsWith,\nEndsWith,\nContains","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericPropertyChainStringFilter(m => m.ReadOnlyDisplayName, StringFilterBehaviour.Contains,\"Test\")","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericCollectionPropertyChainFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter allows checking a reference collection if one of these objects matches the filter value.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity of the related collection\n/// The type of the filters\n/// The path from the entity to the property that should be compared with the filter values\n/// The path to the collection of type TDtoCollectionObject\n/// The filter values that have to match with the property value\nGenericCollectionPropertyChainFilter (Expression>> propertyChain, Expression> subPropertyChain, params TFilterPropertyType[] filterValues)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"My core identity filters","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericMyCoreIdentityFilter / GenericMyCoreIdentityStringValueFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter gives you permission for the entity type only when your core identity id matches the value of the property chain.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The path to the property that will be compared it to the current core identity id\nGenericMyCoreIdentityFilter (Expression> propertyChain)\nGenericMyCoreIdentityStringValueFilter (Expression> propertyChain) ","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericMyCoreIdentityFilter(i => i.CoreIdentity.Id))","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericMyCoreIdentityCollectionFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter gives you permission for the entity type only when your core identity id is present in a related collection.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity of the related collection\n/// The path from the TDtoObject to the collection of TDtoCollectionObject\n/// The path to the property that will be compared to the current core identity id\nGenericMyCoreIdentityCollectionFilter (Expression>> propertyChain, Expression> subPropertyChain","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericMyCoreIdentityCollectionFilter(ct => ct.CoreIdentityType.CoreIdentities, c => c.Id)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"My user filters","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericMyUserValueFilter/ GenericMyUserStringValueFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter gives you permission for the entity type only when your user id matches the value of the property chain.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The path to the property that will be compared it to the current user id\nGenericMyUserValueFilter (Expression> propertyChain)\nGenericMyCoreIdentityStringValueFilter (Expression> propertyChain)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericMyUserValueFilter(u => u.Id)","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericMyUserCollectionFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter gives you permission for the entity type only when your user id is present in a related collection.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity of the related collection\n/// The path from the TDtoObject to the collection of TDtoCollectionObject\n/// The path to the property that will be compared it to the current user id\nGenericMyUserCollectionFilter (Expression>> propertyChain, Expression> subPropertyChain)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericMyUserCollectionFilter(r => r.Users, u => u.Id)","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Context filter","type":"text"}]},{"type":"paragraph","content":[{"text":"The context filter allows structuring the security based on the context this filter was assigned with.","type":"text"}]},{"type":"paragraph","content":[{"text":"For example, based on the organization unit tree I get a security role assigned in the context of the current organization and this should allow me to read this one organization unit.","type":"text"}]},{"type":"paragraph","content":[{"text":"For the definition of what context should be compared to what property value the class ","type":"text"},{"text":"ContextPropertyFilterDefintion","type":"text","marks":[{"type":"code"}]},{"text":" is used.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The type of the entity you want to filter\n/// The path to the property you want to compare with the context\n/// The context type you want to use as filter\nContextPropertyFilterDefintion (Expression> propertyChain, CoreLoginAssignmentContextTypes contextType)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new ContextPropertyFilterDefintion(e => e.EventHandlerType.Id, CoreLoginAssignmentContextTypes.OrganizationUnit),","type":"text"}]},{"type":"paragraph","content":[{"text":"This example compares the value of the ","type":"text"},{"text":"EventHandlerType.Id","type":"text","marks":[{"type":"code"}]},{"text":" from ","type":"text"},{"text":"IEventHandler","type":"text","marks":[{"type":"code"}]},{"text":" to the context identifier of the type organization unit.","type":"text"}]},{"type":"paragraph","content":[{"text":"Possible context types:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"OrganizationUnit,\nUser","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericContextPropertyChainFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This security filter gives you access to an entity when all property filters match the context this security filter was assigned with.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The definition off what you want to filter\nGenericContextPropertyChainFilter (ContextPropertyFilter filter)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericContextPropertyChainFilter(new ContextPropertyFilter(new[]\n{\n new ContextPropertyFilterDefintion(e => e.EventHandlerType.Id, CoreLoginAssignmentContextTypes.OrganizationUnit),\n new ContextPropertyFilterDefintion(e => e.Id, CoreLoginAssignmentContextTypes.User)\n}));","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericContextCollectionPropertyChainFilter","type":"text"}]},{"type":"paragraph","content":[{"text":"This security filter works similarly to the ","type":"text"},{"text":"GenericContextPropertyChainFilter","type":"text","marks":[{"type":"code"}]},{"text":", with the difference that not the entity itself has to match the property filter, but the filter will be applied with an any to a related collection of entities.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The interface type of the db entity of the related collection\n/// The path from the TDtoObject to the collection of TDtoCollectionObject\n/// The definition off what you want to filter\nGenericContextCollectionPropertyChainFilter (Expression>> propertyChain, ContextPropertyFilter filter)","type":"text"}]},{"type":"paragraph","content":[{"text":"Example","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericContextCollectionPropertyChainFilter(e => e.EventSubscriptions, new ContextPropertyFilter(new[]\n{\n new ContextPropertyFilterDefintion(e => e.EventHandler.Id, CoreLoginAssignmentContextTypes.OrganizationUnit),\n new ContextPropertyFilterDefintion(e => e.Id, CoreLoginAssignmentContextTypes.User)\n}));","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Assignment","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"GenericMyValidAssignmentFilter (Version >= 8)","type":"text"}]},{"type":"paragraph","content":[{"text":"This filter will give you access to the entity only if you have a valid assignment.","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"/// The interface type of the db entity this security filter should be applied to\n/// The type of assignment you want to use\n/// The path from TDtoType to the collection of TDtoCollectionObject\n/// The path to the property you want to check against the current core identity id\nGenericMyValidAssignmentFilter (Expression>> propertyChain, Expression> subPropertyChain) ","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","attrs":{"language":"csharp"},"content":[{"text":"new GenericMyValidAssignmentFilter(n => n.Role.RoleAssignments, n => n.CoreIdentity.Id)","type":"text"}]}],"version":1}

Browser not supported