Class Sentry
Implements
Inherited Members
Namespace: SuperOffice.CRM.Security
Assembly: SoDataBase.dll
Syntax
public abstract class Sentry : ICloneableConstructors
Sentry(SentryQueryInfo)
Declaration
protected Sentry(SentryQueryInfo coveredTables)Parameters
| Type | Name | Description |
|---|---|---|
| SentryQueryInfo | coveredTables |
Fields
_fieldRights
Holds the result of the field rights computations. The dictionary key is the field id, the dictionary value is the resulting FieldRight rights object. The rights objects are shared among many instances -- they are copy-on-write. Key = field number (from conceptual dictionary) Value = FieldRight. Usually gotten from the SuperOffice.CRM.Security.RightsFactory.
Declaration
protected FieldRights _fieldRightsField Value
| Type | Description |
|---|---|
| FieldRights |
_lookups
Contains the list of row data providers that the sentry can consult.
Declaration
protected LookupCollection _lookupsField Value
| Type | Description |
|---|---|
| LookupCollection |
_tableRights
Holds the result of the table rights computations. Tells us if we can add/read/update/delete the row. This is a bit-flag, so more than one right may be set. Key = table number (from conceptual dictionary) Value = Tableright. Usually gotten from the SuperOffice.CRM.Security.RightsFactory.
Declaration
protected TableRights _tableRightsField Value
| Type | Description |
|---|---|
| TableRights |
kFieldRights
Declaration
protected const string kFieldRights = "Rights"Field Value
| Type | Description |
|---|---|
| System.String |
kTableRights
Declaration
protected const string kTableRights = "Rights"Field Value
| Type | Description |
|---|---|
| System.String |
Properties
AssociateId
Returns the associate id based on the row provided to the sentry. This method must be overridden by the sub-class.
Declaration
public abstract int AssociateId { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
GroupId
Returns the group id of the associate based on the row provided to the sentry. This method must be overridden by the sub-class. If the row does not contain the group id of the associate, then the function must look up the appropriate group id in the associate table.
TODO CM: add multi-db aware caching mechanism for associate->usergroup mapping
Declaration
public virtual int GroupId { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
IsGhostRow
Returns whether the primary key field is a ghost
Declaration
public abstract bool IsGhostRow { get; }Property Value
| Type | Description |
|---|---|
| Boolean |
IsNew
Has the row been saved to teh database yet.
Declaration
public abstract bool IsNew { get; }Property Value
| Type | Description |
|---|---|
| Boolean |
Lookups
Contains the list of row data providers that the sentry can consult.
Declaration
public LookupCollection Lookups { get; }Property Value
| Type | Description |
|---|---|
| LookupCollection |
MainTable
Get main table for the sentry.
Declaration
public TableInfo MainTable { get; }Property Value
| Type | Description |
|---|---|
| TableInfo |
Parent
Get the sentry collection that teh sentry belongs to.
Declaration
public SentryCollection Parent { get; }Property Value
| Type | Description |
|---|---|
| SentryCollection |
Registered
When was the item first created. Returns the current time if the field is not set (i.e. if the record has not been saved yet).
Declaration
public virtual DateTime Registered { get; }Property Value
| Type | Description |
|---|---|
| System.DateTime |
RegisteredAssociateId
Who created the item.
Declaration
public virtual int RegisteredAssociateId { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
RegisteredAssociateIdField
The field that holds the associate id of teh user first creating the item.
Declaration
public abstract FieldInfo RegisteredAssociateIdField { get; }Property Value
| Type | Description |
|---|---|
| FieldInfo |
RegisteredField
The field that holds information about when the item was first created.
Declaration
public abstract FieldInfo RegisteredField { get; }Property Value
| Type | Description |
|---|---|
| FieldInfo |
RowId
Returns the primary key id based on the row provided to the sentry. This method must be overridden by the sub-class.
Declaration
public abstract int RowId { get; }Property Value
| Type | Description |
|---|---|
| System.Int32 |
SentryQueryInfo
Returns an array of the table-ids of the tables this sentry covers
Declaration
public SentryQueryInfo SentryQueryInfo { get; }Property Value
| Type | Description |
|---|---|
| SentryQueryInfo |
Methods
AnalyzeQuery(PrivateSelect)
Declaration
public abstract void AnalyzeQuery(PrivateSelect sql)Parameters
| Type | Name | Description |
|---|---|---|
| PrivateSelect | sql |
CanCoverTable(TableInfo)
Declaration
public abstract bool CanCoverTable(TableInfo table)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | table |
Returns
| Type | Description |
|---|---|
| Boolean |
CanFieldDo(FieldInfo, EFieldRight, Boolean)
Determine if the current user has the required access rights to a field belonging to the row this sentry is protecting.
Note that the field does not have to be on the table
Declaration
public virtual bool CanFieldDo(FieldInfo field, EFieldRight rights, bool allOfRights)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field | SODBIF id of field we want to know about |
| EFieldRight | rights | Rights we want to have to field |
| Boolean | allOfRights | True if all the rights must be present |
Returns
| Type | Description |
|---|---|
| Boolean | True if we have some (allOfRights=False) or all (allOfRights=True) of the rights to the field. |
CanTableDo(TableInfo, ETableRight, Boolean)
Determine if the current user has the required access rights to the row this sentry is protecting.
Declaration
public virtual bool CanTableDo(TableInfo table, ETableRight rights, bool allOfRights)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | table | |
| ETableRight | rights | one or more of the ETableRight values combined as bitflags |
| Boolean | allOfRights | if true, then all of the rights must be available for the result to be true. Otherwise any of the rights must be available for the result to be true |
Returns
| Type | Description |
|---|---|
| Boolean | True if the user has the required access rights to the table. |
Examples
ContactRow c = new ContactRow.IdxContactId( 1234 ); bool canModify = c.Sentry.CanTableDo( c.TableInfo, ETableRight.Insert and ETableRight.Update, false );
ClearRights()
Clears out old results from data. Called every time a row is read.
Declaration
public void ClearRights()CreateSentries(Select)
Declaration
public static SentryCollection CreateSentries(Select sql)Parameters
| Type | Name | Description |
|---|---|---|
| Select | sql |
Returns
| Type | Description |
|---|---|
| SentryCollection |
CreateSentry(TableInfo)
Sentry Factory function. Given a table-info, finds the appropriate sentry type (if possible) and creates a new instance.
The sentry must afterwards be populated with lookup interfaces to read the row.
Declaration
public static Sentry CreateSentry(TableInfo tableInfo)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | tableInfo | The table we want covered: Contact, Person, Appointment, Sale, Project, Selection, Relation are suitable TableInfo types. |
Returns
| Type | Description |
|---|---|
| Sentry | A sentry of the proper sub-class. Returns a ContactSentry if given a Contact.ContactId and a Contact.AssociateId field. |
DemandPlugins()
Demand that all required sentry plugins are present. See UserPreferenceStrings.SentryAddonNames and SentryPluginAttribute for further details. Called by NetServer during user authentication.
Declaration
public static void DemandPlugins()Remarks
These user-preferences all mean the same thing:
[section] key = val
[SentryAddonNames] prog.id = prog.id
[SentryAddonNames] 1 = prog.id
[SentryAddonNames] foo bar = prog.idThey all mean that the config file must load a sentry plug-in that declares itself as the "prog.id" plug-in. If the plug-in with this prog.id attribute is not loaded according to the current plug-in configuration, an exception will be thrown.
To disable a sentry preference, change its value to 0 or to blank.
Exceptions
| Type | Condition |
|---|---|
| SoSentryException | Thrown if there are any sentry plugins missing and Sentry is enabled. |
GetDateTimeField(FieldInfo)
Get the value of a field, as a DateTime. The first lookup that returns a valid value is used.
Declaration
public DateTime GetDateTimeField(FieldInfo field)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field | Field specification |
Returns
| Type | Description |
|---|---|
| System.DateTime | DateTime value, or DateTime.MinValue if not found |
GetFieldRight(FieldInfo)
Returns the fieldright for the given table.
Declaration
public FieldRight GetFieldRight(FieldInfo field)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field |
Returns
| Type | Description |
|---|---|
| FieldRight | Returns a new fieldright with full rights if the field is not covered by this sentry. |
GetGroupFromAssociate(Int32)
Get the group that an associate belongs to.
Declaration
protected int GetGroupFromAssociate(int assocId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | assocId | The associate id to check group for. |
Returns
| Type | Description |
|---|---|
| System.Int32 | Group id of the group that the associate belongs to. |
Remarks
This value can be cached.
Most calculations actually only requires to find out wetter the associate belongs to a group or not. Future implementations can take advantage of this and make this method obsolete.
GetIntField(FieldInfo[])
Get the value of a field, as an int. The first lookup that returns a valid value is used.
Declaration
public int GetIntField(params FieldInfo[] fields)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo[] | fields | Field specification |
Returns
| Type | Description |
|---|---|
| System.Int32 | Value, or 0 if none was found |
GetIsGhostField(FieldInfo)
Determine whether the given field is a ghost field. It is sufficient that one lookup has a non-ghost, to return false
Declaration
public bool GetIsGhostField(FieldInfo field)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field | Field specification |
Returns
| Type | Description |
|---|---|
| Boolean | true if a) no lookup had the field, or b) all lookups that had the field, returned true (ghost) |
GetMainRight()
Declaration
public abstract ETableRight GetMainRight()Returns
| Type | Description |
|---|---|
| ETableRight |
GetPersistedIntField(FieldInfo[])
Get the persisted value of a field, as an int. The first lookup that returns a valid value is used.
Declaration
public int GetPersistedIntField(params FieldInfo[] fields)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo[] | fields | Field specification |
Returns
| Type | Description |
|---|---|
| System.Int32 | Value, or 0 if none was found |
GetRecordOwnershipIndex()
Return the sort of relationship between the current user and the Sentry's user and group.
Declaration
public virtual EOwnershipIndex GetRecordOwnershipIndex()Returns
| Type | Description |
|---|---|
| EOwnershipIndex | Relationship to the item. |
GetRecordOwnershipIndex(Int32, Int32)
Return the sort of relationship between the current user and the given user and group. Use a cached value if possible
Declaration
public static EOwnershipIndex GetRecordOwnershipIndex(int assocId, int groupId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | assocId | The associate id of the owner of the record being guarded. |
| System.Int32 | groupId | The user-group that the associate id is part of. |
Returns
| Type | Description |
|---|---|
| EOwnershipIndex | Relationship to the item. |
GetRowSentry()
Create a copy of the Sentry holding the right instances of table and field infos.
Declaration
public abstract Sentry GetRowSentry()Returns
| Type | Description |
|---|---|
| Sentry | New instance of the Sentry. |
GetStringField(FieldInfo)
Get the value of a field, as a string. The first lookup that returns a valid value is used.
Declaration
public string GetStringField(FieldInfo field)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field | Field specification |
Returns
| Type | Description |
|---|---|
| System.String | string value, or empty string if not found |
GetTableRight(TableInfo)
Returns the tableright for the given table. The table right contains the rights mask and a reason why some rights are restricted.
Declaration
public TableRight GetTableRight(TableInfo table)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | table |
Returns
| Type | Description |
|---|---|
| TableRight | Will return a new tableright with full rights if the table is not covered by this sentry. |
IgnoreSentry()
Are we currently in an 'IgnoreSentry' state? This is the place to get the answer; do not try to directly compute it - just call this method
Declaration
public static bool IgnoreSentry()Returns
| Type | Description |
|---|---|
| Boolean | true if sentry should currently be ignored |
Remarks
IgnoreSentry can be set in at least three different ways: On the SoPrincipal, on the ThreadManager, and through config.Ignore. Any one of them can trigger the state.
IsAssociatesOwnerContact(Int32, Int32)
Check if a contact is the owner of an associate
Declaration
protected bool IsAssociatesOwnerContact(int assocId, int contactId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | assocId | Id of the associate |
| System.Int32 | contactId | Id of the contact we want to verify |
Returns
| Type | Description |
|---|---|
| Boolean | True if the contact id is the owner of the associate |
IsContactCurrentDatabaseOwner(Int32)
Is the contact the owner of the current database.
Declaration
protected bool IsContactCurrentDatabaseOwner(int contactId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | contactId | Primary key of the contect to check. |
Returns
| Type | Description |
|---|---|
| Boolean | True if the contact is the owner of the current database |
IsContactDatabaseOwner(Int32)
Is the contact one of the contacts owning the database?
Declaration
protected bool IsContactDatabaseOwner(int contact_id)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | contact_id | Id of contact to check if is one of teh owner contacts. |
Returns
| Type | Description |
|---|---|
| Boolean | True of the contact is one of the owner contacts. |
Remarks
This value can be cached.
IsContactEmployeeUserOwner(Int32)
Is the contact owner of an associate (employee users)
Declaration
protected bool IsContactEmployeeUserOwner(int contactId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | contactId | Id of contact to check if is one of the. |
Returns
| Type | Description |
|---|---|
| Boolean | True of the contact is one of the owner contacts. |
Remarks
This value can be cached.
IsContactLicenseOwner(Int32)
Is the contact owner of central database and the license?
Declaration
protected bool IsContactLicenseOwner(int contactId)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | contactId | Primary key of the contect to check. |
Returns
| Type | Description |
|---|---|
| Boolean | True if the contact is hte owner of central database and the license. |
IsContactSatelliteOwner(Int32)
Is the contact an owner of a satelite?
Declaration
protected bool IsContactSatelliteOwner(int contact_id)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | contact_id | Id of contact to check if it owns a satelite. |
Returns
| Type | Description |
|---|---|
| Boolean | True if the contact owns a satelite. |
Remarks
This value can be cached.
IsFieldCovered(FieldInfo)
Returns true if the sentry has a definite opinion about the field. To find out what the opinion is, you need to use CanFieldDo(FieldInfo, EFieldRight, Boolean).
Declaration
public virtual bool IsFieldCovered(FieldInfo field)Parameters
| Type | Name | Description |
|---|---|---|
| FieldInfo | field | The field we are wondering about |
Returns
| Type | Description |
|---|---|
| Boolean |
IsPersonAssociate(Int32, Boolean)
Check if a person is an associate (e.g. user).
Declaration
protected bool IsPersonAssociate(int personId, bool includeExternalUsers)Parameters
| Type | Name | Description |
|---|---|---|
| System.Int32 | personId | Id of person to check if it is an associate (e.g. user). |
| Boolean | includeExternalUsers | If includeExternalUsers is false, external users will not be regarded as associates. |
Returns
| Type | Description |
|---|---|
| Boolean | True if the person is an associate (e.g. user). |
IsTableCovered(TableInfo)
Returns true if the sentry has an opinion about the table in question.
Declaration
public abstract bool IsTableCovered(TableInfo table)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | table |
Returns
| Type | Description |
|---|---|
| Boolean |
IterateLookups(LookupCollection)
Iterate over the lookup collection
Declaration
protected IEnumerable<object> IterateLookups(LookupCollection lookup)Parameters
| Type | Name | Description |
|---|---|---|
| LookupCollection | lookup |
Returns
| Type | Description |
|---|---|
| System.Collections.Generic.IEnumerable<System.Object> |
MakeFieldFromTableRight(TableRight)
Returns the field rights for all the fields in the given table, derived from the given tableRight.
Declaration
protected FieldRight MakeFieldFromTableRight(TableRight tableRight)Parameters
| Type | Name | Description |
|---|---|---|
| TableRight | tableRight | The tableRight determines the field right returned. A select table right implies a read fieldright. An Insert or Update tableright will imply a write fieldright, depending on the record id. |
Returns
| Type | Description |
|---|---|
| FieldRight |
MakeFieldFromTableRight(TableRight, ETableRight)
Returns the field rights for all the fields in the given table, derived from the current tableRight, minus the given tableRight.
Declaration
protected FieldRight MakeFieldFromTableRight(TableRight tableRight, ETableRight allowOnly)Parameters
| Type | Name | Description |
|---|---|---|
| TableRight | tableRight | The tableRight determines the field right returned. A select table right implies a read fieldright. An Insert or Update tableright will imply a write fieldright. |
| ETableRight | allowOnly | If set, this tableRight is the one that triggers write-access when determining the fieldright returned. Useful for getting rid of write permissions when you want to force a read-only situation. |
Returns
| Type | Description |
|---|---|
| FieldRight |
MakeFieldFromTableRight(ETableRight)
Declaration
protected EFieldRight MakeFieldFromTableRight(ETableRight tableRight)Parameters
| Type | Name | Description |
|---|---|---|
| ETableRight | tableRight |
Returns
| Type | Description |
|---|---|
| EFieldRight |
MapTableToFieldRights(TableInfo, TableRight, FieldInfo[])
Adds the field rights for all the fields in the given table, derived from the given tableRight. i.e. an Update tableright will give write permission on the fields.
Declaration
protected void MapTableToFieldRights(TableInfo tableInfo, TableRight tableRight, FieldInfo[] fieldInfos = null)Parameters
| Type | Name | Description |
|---|---|---|
| TableInfo | tableInfo | All the fields in this table are added to the fieldrights list |
| TableRight | tableRight | These tablerights are used when computing the fieldrights |
| FieldInfo[] | fieldInfos |
Remarks
This function is used for creating the base fieldrights in SuperComputeFieldRights. The ComputeFieldRights function will invariably tweak these rights slightly.
SetAllTableRights(ETableRight, String)
Copies the given right and reason into all the tablerights, except for the main table. The main table can have different rights than the dependent tables.
Declaration
protected abstract void SetAllTableRights(ETableRight right, string reason)Parameters
| Type | Name | Description |
|---|---|---|
| ETableRight | right | |
| System.String | reason |
SuperComputeDerivedTableRights()
Declaration
protected abstract void SuperComputeDerivedTableRights()SuperComputeFieldRights()
Declaration
protected abstract void SuperComputeFieldRights()SuperComputeTableRights()
Declaration
protected abstract void SuperComputeTableRights()Explicit Interface Implementations
ICloneable.Clone()
Declaration
object ICloneable.Clone()Returns
| Type | Description |
|---|---|
| System.Object |