protected virtual void AddPermissionClaims(IResourceAuthorizationContext context)
{
if (!context.Principal.Identity.IsAuthenticated)
{
return;
}
var userClaims = new List <Claim>();
var claimsApplications = BedrockConfiguration.Security.Application.ClaimCollection.Applications;
var usernameClaimType = !string.IsNullOrWhiteSpace(UsernameClaimType) ? UsernameClaimType : ClaimType.DisplayName;
var username = context.Principal.Claims.GetClaimByTypeFirstOrDefault(usernameClaimType)?.Value;
var subjectClaimType = !string.IsNullOrWhiteSpace(SubjectClaimType) ? SubjectClaimType : ClaimType.Subject;
var subject = context.Principal.Claims.GetClaimByTypeFirstOrDefault(subjectClaimType)?.Value;
claimsApplications.Each(ua =>
{
var collector = ClaimCollectorFactory.CreateInstanceCollector(ua);
var pass = ClaimCollectorFactory.CreateInstancePass(ua, collector, username, subject);
pass
.Collector
.Collect(pass)
.Each(c => userClaims.Add(c));
});
userClaims.Each(c => context.Principal.Identities.First().AddClaim(c));
}
public override Task <bool> CheckAccessAsync(IResourceAuthorizationContext context)
{
if (!BedrockConfiguration.Security.IsEnabled)
{
return(Task.FromResult(true));
}
AddPermissionClaims(context);
return(Eval(context.Principal.Claims.HasAccess(context)));
}
public static bool HasAccess(this IEnumerable <Claim> userClaims, IResourceAuthorizationContext context)
{
return(context.Claims.All(c => userClaims.Contains(c, new ClaimComparer())));
}
public virtual Task <bool> CheckAccessAsync(IResourceAuthorizationContext context)
{
throw new NotImplementedException();
}
