Class Sentry

Inheritance
Object
Sentry
Sentry<TMainTable>
Implements
Inherited Members
Namespace: SuperOffice.CRM.Security
Assembly: SoDataBase.dll
Syntax
public abstract class Sentry : ICloneable

Constructors

Sentry(SentryQueryInfo)

Declaration
protected Sentry(SentryQueryInfo coveredTables)
Parameters
Type Name Description
SentryQueryInfo coveredTables

Fields

_fieldRights

Holds the result of the field rights computations. The dictionary key is the field id, the dictionary value is the resulting FieldRight rights object. The rights objects are shared among many instances -- they are copy-on-write. Key = field number (from conceptual dictionary) Value = FieldRight. Usually gotten from the SuperOffice.CRM.Security.RightsFactory.

Declaration
protected FieldRights _fieldRights
Field Value
Type Description
FieldRights

_lookups

Contains the list of row data providers that the sentry can consult.

Declaration
protected LookupCollection _lookups
Field Value
Type Description
LookupCollection

_tableRights

Holds the result of the table rights computations. Tells us if we can add/read/update/delete the row. This is a bit-flag, so more than one right may be set. Key = table number (from conceptual dictionary) Value = Tableright. Usually gotten from the SuperOffice.CRM.Security.RightsFactory.

Declaration
protected TableRights _tableRights
Field Value
Type Description
TableRights

kFieldRights

Declaration
protected const string kFieldRights = "Rights"
Field Value
Type Description
String

kTableRights

Declaration
protected const string kTableRights = "Rights"
Field Value
Type Description
String

Properties

AssociateId

Returns the associate id based on the row provided to the sentry. This method must be overridden by the sub-class.

Declaration
public abstract int AssociateId { get; }
Property Value
Type Description
Int32

GroupId

Returns the group id of the associate based on the row provided to the sentry. This method must be overridden by the sub-class. If the row does not contain the group id of the associate, then the function must look up the appropriate group id in the associate table.

TODO CM: add multi-db aware caching mechanism for associate->usergroup mapping

Declaration
public virtual int GroupId { get; }
Property Value
Type Description
Int32

IsGhostRow

Returns whether the primary key field is a ghost

Declaration
public abstract bool IsGhostRow { get; }
Property Value
Type Description
Boolean

IsNew

Has the row been saved to teh database yet.

Declaration
public abstract bool IsNew { get; }
Property Value
Type Description
Boolean

Lookups

Contains the list of row data providers that the sentry can consult.

Declaration
public LookupCollection Lookups { get; }
Property Value
Type Description
LookupCollection

MainTable

Get main table for the sentry.

Declaration
public TableInfo MainTable { get; }
Property Value
Type Description
TableInfo

Parent

Get the sentry collection that teh sentry belongs to.

Declaration
public SentryCollection Parent { get; }
Property Value
Type Description
SentryCollection

Registered

When was the item first created. Returns the current time if the field is not set (i.e. if the record has not been saved yet).

Declaration
public virtual DateTime Registered { get; }
Property Value
Type Description
DateTime

RegisteredAssociateId

Who created the item.

Declaration
public virtual int RegisteredAssociateId { get; }
Property Value
Type Description
Int32

RegisteredAssociateIdField

The field that holds the associate id of teh user first creating the item.

Declaration
public abstract FieldInfo RegisteredAssociateIdField { get; }
Property Value
Type Description
FieldInfo

RegisteredField

The field that holds information about when the item was first created.

Declaration
public abstract FieldInfo RegisteredField { get; }
Property Value
Type Description
FieldInfo

RowId

Returns the primary key id based on the row provided to the sentry. This method must be overridden by the sub-class.

Declaration
public abstract int RowId { get; }
Property Value
Type Description
Int32

SentryQueryInfo

Returns an array of the table-ids of the tables this sentry covers

Declaration
public SentryQueryInfo SentryQueryInfo { get; }
Property Value
Type Description
SentryQueryInfo

Methods

AnalyzeQuery(PrivateSelect)

Declaration
public abstract void AnalyzeQuery(PrivateSelect sql)
Parameters
Type Name Description
PrivateSelect sql

CanCoverTable(TableInfo)

Declaration
public abstract bool CanCoverTable(TableInfo table)
Parameters
Type Name Description
TableInfo table
Returns
Type Description
Boolean

CanFieldDo(FieldInfo, EFieldRight, Boolean)

Determine if the current user has the required access rights to a field belonging to the row this sentry is protecting.

Note that the field does not have to be on the table

Declaration
public virtual bool CanFieldDo(FieldInfo field, EFieldRight rights, bool allOfRights)
Parameters
Type Name Description
FieldInfo field

SODBIF id of field we want to know about
EFieldRight rights

Rights we want to have to field
Boolean allOfRights

True if all the rights must be present
Returns
Type Description
Boolean

True if we have some (allOfRights=False) or all (allOfRights=True) of the rights to the field.

CanTableDo(TableInfo, ETableRight, Boolean)

Determine if the current user has the required access rights to the row this sentry is protecting.

Declaration
public virtual bool CanTableDo(TableInfo table, ETableRight rights, bool allOfRights)
Parameters
Type Name Description
TableInfo table
ETableRight rights

one or more of the ETableRight values combined as bitflags
Boolean allOfRights

if true, then all of the rights must be available for the result to be true. Otherwise any of the rights must be available for the result to be true
Returns
Type Description
Boolean

True if the user has the required access rights to the table.
Examples

ContactRow c = new ContactRow.IdxContactId( 1234 ); bool canModify = c.Sentry.CanTableDo( c.TableInfo, ETableRight.Insert and ETableRight.Update, false );

ClearRights()

Clears out old results from data. Called every time a row is read.

Declaration
public void ClearRights()

CreateSentries(Select)

Declaration
public static SentryCollection CreateSentries(Select sql)
Parameters
Type Name Description
Select sql
Returns
Type Description
SentryCollection

CreateSentry(TableInfo)

Sentry Factory function. Given a table-info, finds the appropriate sentry type (if possible) and creates a new instance.

The sentry must afterwards be populated with lookup interfaces to read the row.

Declaration
public static Sentry CreateSentry(TableInfo tableInfo)
Parameters
Type Name Description
TableInfo tableInfo

The table we want covered: Contact, Person, Appointment, Sale, Project, Selection, Relation are suitable TableInfo types.
Returns
Type Description
Sentry

A sentry of the proper sub-class. Returns a ContactSentry if given a Contact.ContactId and a Contact.AssociateId field.

DemandPlugins()

Demand that all required sentry plugins are present. See UserPreferenceStrings.SentryAddonNames and SentryPluginAttribute for further details. Called by NetServer during user authentication.

Declaration
public static void DemandPlugins()
Remarks

These user-preferences all mean the same thing:

[section] key = val

[SentryAddonNames] prog.id = prog.id
[SentryAddonNames] 1 = prog.id
[SentryAddonNames] foo bar = prog.id

They all mean that the config file must load a sentry plug-in that declares itself as the "prog.id" plug-in. If the plug-in with this prog.id attribute is not loaded according to the current plug-in configuration, an exception will be thrown.

To disable a sentry preference, change its value to 0 or to blank.

Exceptions
Type Condition
SoSentryException

Thrown if there are any sentry plugins missing and Sentry is enabled.

GetDateTimeField(FieldInfo)

Get the value of a field, as a DateTime. The first lookup that returns a valid value is used.

Declaration
public DateTime GetDateTimeField(FieldInfo field)
Parameters
Type Name Description
FieldInfo field

Field specification
Returns
Type Description
DateTime

DateTime value, or DateTime.MinValue if not found

GetFieldRight(FieldInfo)

Returns the fieldright for the given table.

Declaration
public FieldRight GetFieldRight(FieldInfo field)
Parameters
Type Name Description
FieldInfo field
Returns
Type Description
FieldRight

Returns a new fieldright with full rights if the field is not covered by this sentry.

GetGroupFromAssociate(Int32)

Get the group that an associate belongs to.

Declaration
protected int GetGroupFromAssociate(int assocId)
Parameters
Type Name Description
Int32 assocId

The associate id to check group for.
Returns
Type Description
Int32

Group id of the group that the associate belongs to.
Remarks

This value can be cached.

Most calculations actually only requires to find out wetter the associate belongs to a group or not. Future implementations can take advantage of this and make this method obsolete.

GetIntField(FieldInfo[])

Get the value of a field, as an int. The first lookup that returns a valid value is used.

Declaration
public int GetIntField(params FieldInfo[] fields)
Parameters
Type Name Description
FieldInfo[] fields

Field specification
Returns
Type Description
Int32

Value, or 0 if none was found

GetIsGhostField(FieldInfo)

Determine whether the given field is a ghost field. It is sufficient that one lookup has a non-ghost, to return false

Declaration
public bool GetIsGhostField(FieldInfo field)
Parameters
Type Name Description
FieldInfo field

Field specification
Returns
Type Description
Boolean

true if a) no lookup had the field, or b) all lookups that had the field, returned true (ghost)

GetMainRight()

Declaration
public abstract ETableRight GetMainRight()
Returns
Type Description
ETableRight

GetPersistedIntField(FieldInfo[])

Get the persisted value of a field, as an int. The first lookup that returns a valid value is used.

Declaration
public int GetPersistedIntField(params FieldInfo[] fields)
Parameters
Type Name Description
FieldInfo[] fields

Field specification
Returns
Type Description
Int32

Value, or 0 if none was found

GetRecordOwnershipIndex()

Return the sort of relationship between the current user and the Sentry's user and group.

Declaration
public virtual EOwnershipIndex GetRecordOwnershipIndex()
Returns
Type Description
EOwnershipIndex

Relationship to the item.

GetRecordOwnershipIndex(Int32, Int32)

Return the sort of relationship between the current user and the given user and group. Use a cached value if possible

Declaration
public static EOwnershipIndex GetRecordOwnershipIndex(int assocId, int groupId)
Parameters
Type Name Description
Int32 assocId

The associate id of the owner of the record being guarded.
Int32 groupId

The user-group that the associate id is part of.
Returns
Type Description
EOwnershipIndex

Relationship to the item.

GetRowSentry()

Create a copy of the Sentry holding the right instances of table and field infos.

Declaration
public abstract Sentry GetRowSentry()
Returns
Type Description
Sentry

New instance of the Sentry.

GetStringField(FieldInfo)

Get the value of a field, as a string. The first lookup that returns a valid value is used.

Declaration
public string GetStringField(FieldInfo field)
Parameters
Type Name Description
FieldInfo field

Field specification
Returns
Type Description
String

string value, or empty string if not found

GetTableRight(TableInfo)

Returns the tableright for the given table. The table right contains the rights mask and a reason why some rights are restricted.

Declaration
public TableRight GetTableRight(TableInfo table)
Parameters
Type Name Description
TableInfo table
Returns
Type Description
TableRight

Will return a new tableright with full rights if the table is not covered by this sentry.

IgnoreSentry()

Are we currently in an 'IgnoreSentry' state? This is the place to get the answer; do not try to directly compute it - just call this method

Declaration
public static bool IgnoreSentry()
Returns
Type Description
Boolean

true if sentry should currently be ignored
Remarks

IgnoreSentry can be set in at least three different ways: On the SoPrincipal, on the ThreadManager, and through config.Ignore. Any one of them can trigger the state.

IsAssociatesOwnerContact(Int32, Int32)

Check if a contact is the owner of an associate

Declaration
protected bool IsAssociatesOwnerContact(int assocId, int contactId)
Parameters
Type Name Description
Int32 assocId

Id of the associate
Int32 contactId

Id of the contact we want to verify
Returns
Type Description
Boolean

True if the contact id is the owner of the associate

IsContactCurrentDatabaseOwner(Int32)

Is the contact the owner of the current database.

Declaration
protected bool IsContactCurrentDatabaseOwner(int contactId)
Parameters
Type Name Description
Int32 contactId

Primary key of the contect to check.
Returns
Type Description
Boolean

True if the contact is the owner of the current database

IsContactDatabaseOwner(Int32)

Is the contact one of the contacts owning the database?

Declaration
protected bool IsContactDatabaseOwner(int contact_id)
Parameters
Type Name Description
Int32 contact_id

Id of contact to check if is one of teh owner contacts.
Returns
Type Description
Boolean

True of the contact is one of the owner contacts.
Remarks

This value can be cached.

IsContactEmployeeUserOwner(Int32)

Is the contact owner of an associate (employee users)

Declaration
protected bool IsContactEmployeeUserOwner(int contactId)
Parameters
Type Name Description
Int32 contactId

Id of contact to check if is one of the.
Returns
Type Description
Boolean

True of the contact is one of the owner contacts.
Remarks

This value can be cached.

IsContactLicenseOwner(Int32)

Is the contact owner of central database and the license?

Declaration
protected bool IsContactLicenseOwner(int contactId)
Parameters
Type Name Description
Int32 contactId

Primary key of the contect to check.
Returns
Type Description
Boolean

True if the contact is hte owner of central database and the license.

IsContactSatelliteOwner(Int32)

Is the contact an owner of a satelite?

Declaration
protected bool IsContactSatelliteOwner(int contact_id)
Parameters
Type Name Description
Int32 contact_id

Id of contact to check if it owns a satelite.
Returns
Type Description
Boolean

True if the contact owns a satelite.
Remarks

This value can be cached.

IsFieldCovered(FieldInfo)

Returns true if the sentry has a definite opinion about the field. To find out what the opinion is, you need to use CanFieldDo(FieldInfo, EFieldRight, Boolean).

Declaration
public virtual bool IsFieldCovered(FieldInfo field)
Parameters
Type Name Description
FieldInfo field

The field we are wondering about
Returns
Type Description
Boolean

IsPersonAssociate(Int32, Boolean)

Check if a person is an associate (e.g. user).

Declaration
protected bool IsPersonAssociate(int personId, bool includeExternalUsers)
Parameters
Type Name Description
Int32 personId

Id of person to check if it is an associate (e.g. user).
Boolean includeExternalUsers

If includeExternalUsers is false, external users will not be regarded as associates.
Returns
Type Description
Boolean

True if the person is an associate (e.g. user).

IsTableCovered(TableInfo)

Returns true if the sentry has an opinion about the table in question.

Declaration
public abstract bool IsTableCovered(TableInfo table)
Parameters
Type Name Description
TableInfo table
Returns
Type Description
Boolean

IterateLookups(LookupCollection)

Iterate over the lookup collection

Declaration
protected IEnumerable<object> IterateLookups(LookupCollection lookup)
Parameters
Type Name Description
LookupCollection lookup
Returns
Type Description
IEnumerable<Object>

MakeFieldFromTableRight(TableRight)

Returns the field rights for all the fields in the given table, derived from the given tableRight.

Declaration
protected FieldRight MakeFieldFromTableRight(TableRight tableRight)
Parameters
Type Name Description
TableRight tableRight

The tableRight determines the field right returned. A select table right implies a read fieldright. An Insert or Update tableright will imply a write fieldright, depending on the record id.
Returns
Type Description
FieldRight

MakeFieldFromTableRight(TableRight, ETableRight)

Returns the field rights for all the fields in the given table, derived from the current tableRight, minus the given tableRight.

Declaration
protected FieldRight MakeFieldFromTableRight(TableRight tableRight, ETableRight allowOnly)
Parameters
Type Name Description
TableRight tableRight

The tableRight determines the field right returned. A select table right implies a read fieldright. An Insert or Update tableright will imply a write fieldright.
ETableRight allowOnly

If set, this tableRight is the one that triggers write-access when determining the fieldright returned. Useful for getting rid of write permissions when you want to force a read-only situation.
Returns
Type Description
FieldRight

MakeFieldFromTableRight(ETableRight)

Declaration
protected EFieldRight MakeFieldFromTableRight(ETableRight tableRight)
Parameters
Type Name Description
ETableRight tableRight
Returns
Type Description
EFieldRight

MapTableToFieldRights(TableInfo, TableRight, FieldInfo[])

Adds the field rights for all the fields in the given table, derived from the given tableRight. i.e. an Update tableright will give write permission on the fields.

Declaration
protected void MapTableToFieldRights(TableInfo tableInfo, TableRight tableRight, FieldInfo[] fieldInfos = null)
Parameters
Type Name Description
TableInfo tableInfo

All the fields in this table are added to the fieldrights list
TableRight tableRight

These tablerights are used when computing the fieldrights
FieldInfo[] fieldInfos
Remarks

This function is used for creating the base fieldrights in SuperComputeFieldRights. The ComputeFieldRights function will invariably tweak these rights slightly.

SetAllTableRights(ETableRight, String)

Copies the given right and reason into all the tablerights, except for the main table. The main table can have different rights than the dependent tables.

Declaration
protected abstract void SetAllTableRights(ETableRight right, string reason)
Parameters
Type Name Description
ETableRight right
String reason

SuperComputeDerivedTableRights()

Declaration
protected abstract void SuperComputeDerivedTableRights()

SuperComputeFieldRights()

Declaration
protected abstract void SuperComputeFieldRights()

SuperComputeTableRights()

Declaration
protected abstract void SuperComputeTableRights()

Explicit Interface Implementations

ICloneable.Clone()

Declaration
object ICloneable.Clone()
Returns
Type Description
Object

Implements

Extension Methods

EnumUtil.MapEnums<From, To>(From)