Ayende @ Rahien

It's a girl

Interception as an extensibility mechanism

I got a request to allow system-mode for Rhino Security, something like this:

using(Security.ActAsSystem())
{
	// in here the security behaves as if you have permission 
	// to do everything
	// queries are not enhanced, etc.
}

It is not something that I really want to allow, so I started to think how we can implement this, I came up with the following solution:

public class AuthorizationServiceWithActAsSystemSupport : IAuhorizationService
{
	IAuhorizationService inner;

	public AuthorizationServiceWithActAsSystemSupport(IAuhorizationService inner)
	{
		this.inner = innner;
	}

	private bool IsActAsSystem
	{
		get { return true.Equals(Local.Data["act.as.system"]); }
	}

	public bool IsAllowed(IUser user, string operationName)
	{
		if(IsActAsSystem)
			return true;
		return inner.IsAllowed(user, operationName);
	}

	public void AddPermissionsToQuery(IUser user, string operationName, ICriteria query)
	{
		if(IsActAsSystem)
			return;
		inner.AddPermissionsToQuery(user, operationName, query);
	}

	// .. the rest
}

Now, all we need to do is register it first:

component IAuthorizationService, AuthorizationServiceWithActAsSystemSupport

faciliy RhinoSecurityFacility

And that is it. This both answer the requirement and doesn't add the functionality that I don't like to the system.

Again, neat.

Comments

Bunter
01/24/2008 12:55 PM by
Bunter

Where do you switch Local.Data["act.as.system"] on/off?

Ayende Rahien
01/24/2008 01:31 PM by
Ayende Rahien

using ( Security.ActAsSystem() )

{

// just something that set this

}

Bunter
01/24/2008 03:07 PM by
Bunter

Then i don't get the thing you were trying to avoid. Checks all over the place "if is system do this" ?

Ayende Rahien
01/24/2008 03:57 PM by
Ayende Rahien

This means that I can ignore security in a global fashion without changing the code.

Comments have been closed on this topic.