Class PermissionProviderBase
Base implementation of permission provider with common business logic.
Database-specific providers inherit from this class and provide ISqlDialect.
IMPORTANT: Uses DB-specific SQL function for effective permissions!
PostgreSQL: get_user_permissions_for_object()
MSSQL: Must provide equivalent CTE/JOIN query
public abstract class PermissionProviderBase : IPermissionProviderInheritance
Implements
Derived
Methods
CanUserDeleteObject(IRedbObject, IRedbUser)
Check if user can delete object.
public virtual Task<bool> CanUserDeleteObject(IRedbObject obj, IRedbUser user)CanUserDeleteObject(IRedbObject)
Check if current user can delete object.
public virtual Task<bool> CanUserDeleteObject(IRedbObject obj)CanUserDeleteObject(long, long)
public virtual Task<bool> CanUserDeleteObject(long objectId, long userId)CanUserDeleteObject(RedbObject, IRedbUser)
Check if user can delete object.
public virtual Task<bool> CanUserDeleteObject(RedbObject obj, IRedbUser user)CanUserDeleteObject(RedbObject)
Check if current user can delete object.
public virtual Task<bool> CanUserDeleteObject(RedbObject obj)CanUserEditObject(IRedbObject, IRedbUser)
Check if user can edit object.
public virtual Task<bool> CanUserEditObject(IRedbObject obj, IRedbUser user)CanUserEditObject(IRedbObject)
Check if current user can edit object.
public virtual Task<bool> CanUserEditObject(IRedbObject obj)CanUserEditObject(long, long)
public virtual Task<bool> CanUserEditObject(long objectId, long userId)CanUserEditObject(RedbObject, IRedbUser)
Check if user can edit object.
public virtual Task<bool> CanUserEditObject(RedbObject obj, IRedbUser user)CanUserEditObject(RedbObject)
Check if current user can edit object.
public virtual Task<bool> CanUserEditObject(RedbObject obj)CanUserInsertScheme(IRedbScheme, IRedbUser)
Check if user can create objects in scheme.
public virtual Task<bool> CanUserInsertScheme(IRedbScheme scheme, IRedbUser user)CanUserInsertScheme(IRedbScheme)
Check if current user can create objects in scheme.
public virtual Task<bool> CanUserInsertScheme(IRedbScheme scheme)CanUserInsertScheme(long, long)
public virtual Task<bool> CanUserInsertScheme(long schemeId, long userId)CanUserInsertScheme(RedbObject, IRedbUser)
Check if user can create objects in object's scheme.
public virtual Task<bool> CanUserInsertScheme(RedbObject obj, IRedbUser user)CanUserSelectObject(IRedbObject, IRedbUser)
Check if user can read object.
public virtual Task<bool> CanUserSelectObject(IRedbObject obj, IRedbUser user)CanUserSelectObject(IRedbObject)
Check if current user can read object.
public virtual Task<bool> CanUserSelectObject(IRedbObject obj)CanUserSelectObject(long, long)
public virtual Task<bool> CanUserSelectObject(long objectId, long userId)CanUserSelectObject(RedbObject, IRedbUser)
Check if user can read object.
public virtual Task<bool> CanUserSelectObject(RedbObject obj, IRedbUser user)CanUserSelectObject(RedbObject)
Check if current user can read object.
public virtual Task<bool> CanUserSelectObject(RedbObject obj)CreatePermissionAsync(PermissionRequest, IRedbUser?)
Create new permission.
public virtual Task<IRedbPermission> CreatePermissionAsync(PermissionRequest request, IRedbUser? currentUser = null)DeletePermissionAsync(IRedbPermission, IRedbUser?)
Delete permission.
public virtual Task<bool> DeletePermissionAsync(IRedbPermission permission, IRedbUser? currentUser = null)GetAllEffectivePermissionsAsync(IRedbUser)
Get all effective user permissions.
public virtual Task<List<EffectivePermissionResult>> GetAllEffectivePermissionsAsync(IRedbUser user)GetAllEffectivePermissionsAsync(long)
Get all effective permissions for user.
protected virtual Task<List<EffectivePermissionResult>> GetAllEffectivePermissionsAsync(long userId)GetEffectivePermissionsAsync(IRedbUser, IRedbObject)
Get effective user permissions for object (including inheritance and roles).
public virtual Task<EffectivePermissionResult> GetEffectivePermissionsAsync(IRedbUser user, IRedbObject obj)GetEffectivePermissionsAsync(long, long)
Get effective permissions for user and object.
protected virtual Task<EffectivePermissionResult> GetEffectivePermissionsAsync(long userId, long objectId)GetEffectivePermissionsBatchAsync(IRedbUser, IRedbObject[])
Get effective user permissions for multiple objects (batch).
public virtual Task<Dictionary<IRedbObject, EffectivePermissionResult>> GetEffectivePermissionsBatchAsync(IRedbUser user, IRedbObject[] objects)GetEffectivePermissionsBatchAsync(long, long[])
Batch get effective permissions.
protected virtual Task<Dictionary<long, EffectivePermissionResult>> GetEffectivePermissionsBatchAsync(long userId, long[] objectIds)GetEffectivePermissionViaSqlAsync(long, long)
Get effective permission via SQL (uses DB function or query).
protected virtual Task<UserPermissionResult?> GetEffectivePermissionViaSqlAsync(long objectId, long userId)GetPermissionByIdAsync(long)
Get permission by ID.
public virtual Task<IRedbPermission?> GetPermissionByIdAsync(long permissionId)GetPermissionCountAsync()
Get total permission count.
public virtual Task<int> GetPermissionCountAsync()GetPermissionsByObjectAsync(IRedbObject)
Get permissions for object.
public virtual Task<List<IRedbPermission>> GetPermissionsByObjectAsync(IRedbObject obj)GetPermissionsByRoleAsync(IRedbRole)
Get role permissions.
public virtual Task<List<IRedbPermission>> GetPermissionsByRoleAsync(IRedbRole role)GetPermissionsByUserAsync(IRedbUser)
Get user permissions.
public virtual Task<List<IRedbPermission>> GetPermissionsByUserAsync(IRedbUser user)GetReadableObjectIds()
Get IDs of objects readable by current user.
public virtual IQueryable<long> GetReadableObjectIds()GetReadableObjectIds(IRedbUser)
Get IDs of objects readable by user.
public virtual IQueryable<long> GetReadableObjectIds(IRedbUser user)GetReadableObjectIds(long)
public virtual IQueryable<long> GetReadableObjectIds(long userId)GetReadableObjectIdsAsync(long)
Async version of GetReadableObjectIds.
protected virtual Task<List<long>> GetReadableObjectIdsAsync(long userId)GetRolePermissionCountAsync(IRedbRole)
Get role permission count.
public virtual Task<int> GetRolePermissionCountAsync(IRedbRole role)GetUserPermissionCountAsync(IRedbUser)
Get user permission count.
public virtual Task<int> GetUserPermissionCountAsync(IRedbUser user)GetUserPermissionCountAsync(long)
Get permission count for user.
protected virtual Task<int> GetUserPermissionCountAsync(long userId)GrantPermissionAsync(IRedbRole, IRedbObject, PermissionAction, IRedbUser?)
Grant permission to role.
public virtual Task<bool> GrantPermissionAsync(IRedbRole role, IRedbObject obj, PermissionAction actions, IRedbUser? currentUser = null)GrantPermissionAsync(IRedbUser, IRedbObject, PermissionAction, IRedbUser?)
Grant permission to user.
public virtual Task<bool> GrantPermissionAsync(IRedbUser user, IRedbObject obj, PermissionAction actions, IRedbUser? currentUser = null)GrantPermissionInternalAsync(long?, long?, long, PermissionAction, IRedbUser?)
Internal method to grant permission.
protected virtual Task<bool> GrantPermissionInternalAsync(long? userId, long? roleId, long objectId, PermissionAction actions, IRedbUser? currentUser = null)InvalidatePermissionCache(long?, long?)
Invalidate permission cache. Called after permission changes.
protected static void InvalidatePermissionCache(long? userId = null, long? objectId = null)OnPermissionCreatedAsync(IRedbPermission, IRedbUser?)
Called after permission is created. Override in Pro for audit.
protected virtual Task OnPermissionCreatedAsync(IRedbPermission permission, IRedbUser? currentUser)OnPermissionDeletedAsync(IRedbPermission, IRedbUser?)
Called after permission is deleted. Override in Pro for audit.
protected virtual Task OnPermissionDeletedAsync(IRedbPermission permission, IRedbUser? currentUser)OnPermissionUpdatedAsync(IRedbPermission, IRedbUser?)
Called after permission is updated. Override in Pro for audit.
protected virtual Task OnPermissionUpdatedAsync(IRedbPermission permission, IRedbUser? currentUser)RevokeAllRolePermissionsAsync(IRedbRole, IRedbUser?)
Revoke all role permissions.
public virtual Task<int> RevokeAllRolePermissionsAsync(IRedbRole role, IRedbUser? currentUser = null)RevokeAllUserPermissionsAsync(IRedbUser, IRedbUser?)
Revoke all user permissions.
public virtual Task<int> RevokeAllUserPermissionsAsync(IRedbUser user, IRedbUser? currentUser = null)RevokePermissionAsync(IRedbRole, IRedbObject, IRedbUser?)
Revoke permission from role.
public virtual Task<bool> RevokePermissionAsync(IRedbRole role, IRedbObject obj, IRedbUser? currentUser = null)RevokePermissionAsync(IRedbUser, IRedbObject, IRedbUser?)
Revoke permission from user.
public virtual Task<bool> RevokePermissionAsync(IRedbUser user, IRedbObject obj, IRedbUser? currentUser = null)RevokePermissionInternalAsync(long?, long?, long, IRedbUser?)
Internal method to revoke permission.
protected virtual Task<bool> RevokePermissionInternalAsync(long? userId, long? roleId, long objectId, IRedbUser? currentUser = null)UpdatePermissionAsync(IRedbPermission, PermissionRequest, IRedbUser?)
Update permission.
public virtual Task<IRedbPermission> UpdatePermissionAsync(IRedbPermission permission, PermissionRequest request, IRedbUser? currentUser = null)