public Role_PermissionOperatorDTO(PermissionOperator PermissionOperator)
{
this.Id = PermissionOperator.Id;
this.Code = PermissionOperator.Code;
this.Name = PermissionOperator.Name;
this.FieldTypeId = PermissionOperator.FieldTypeId;
}
public PermissionRequirement(PermissionOperator permissionOperator, string[] permissions)
{
if (permissions.Length == 0)
{
throw new ArgumentException("At least one permission is required.", nameof(permissions));
}
PermissionOperator = permissionOperator;
Permissions = permissions;
}
public bool CheckPermissions(PermissionOperator permissionOperator, string[] permissions, string email)
{
var userPermissions = _userRepository.GetRange(user => user.Email == email, false).Join(_userRoleRepository.GetRange(enableTracking: false), u => u.Id, ur => ur.UserId, (u, ur) => new { ur.RoleId })
.Join(_permissionRoleRepository.GetRange(enableTracking: false), r => r.RoleId, per => per.RoleId, (r, per) => new { per.Permission })
.Distinct()
.ToList();
var inter = userPermissions.Where(p => permissions.Any(x => x == p.Permission.Name)).ToList();
bool result = permissionOperator == PermissionOperator.Or ? inter.Count > 0 : inter.Count() == permissions.Length;
return(result);
}
public async Task <PermissionOperator> Get(long Id)
{
PermissionOperator PermissionOperator = await DataContext.PermissionOperator.AsNoTracking()
.Where(x => x.Id == Id).Select(x => new PermissionOperator()
{
Id = x.Id,
Code = x.Code,
Name = x.Name,
FieldTypeId = x.FieldTypeId,
}).FirstOrDefaultAsync();
return(PermissionOperator);
}
/// <inheritdoc />
public override async Task <AuthorizationPolicy?> GetPolicyAsync(string policyName)
{
if (!policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))
{
// it's not one of our dynamic policies, so we fallback to the base behavior
// this will load policies added in Startup.cs (AddPolicy..)
return(await base.GetPolicyAsync(policyName));
}
PermissionOperator @operator = GetOperatorFromPolicy(policyName);
string[] permissions = GetPermissionsFromPolicy(policyName);
// extract the info from the policy name and create our requirement
var requirement = new PermissionRequirement(@operator, permissions);
// create and return the policy for our requirement
return(new AuthorizationPolicyBuilder().AddRequirements(requirement).Build());
}
public async Task <bool> ValidatePermissionContent(Permission Permission)
{
if (Permission.PermissionContents != null)
{
List <Field> Fields = await UOW.FieldRepository.List(new FieldFilter
{
Selects = FieldSelect.ALL,
Skip = 0,
Take = int.MaxValue
});
List <PermissionOperator> PermissionOperators = await UOW.PermissionOperatorRepository.List(new PermissionOperatorFilter
{
Skip = 0,
Take = int.MaxValue,
});
foreach (PermissionContent PermissionContent in Permission.PermissionContents)
{
Field Field = Fields.Where(f => f.Id == PermissionContent.FieldId).FirstOrDefault();
if (Field == null)
{
PermissionContent.AddError(nameof(PermissionValidator), nameof(PermissionContent.Field), ErrorCode.FieldNotExisted);
}
else
{
PermissionOperator PermissionOperator = PermissionOperators
.Where(po => po.FieldTypeId == Field.FieldTypeId && po.Id == PermissionContent.PermissionOperatorId).FirstOrDefault();
if (PermissionOperator == null)
{
PermissionContent.AddError(nameof(PermissionValidator), nameof(PermissionContent.PermissionOperator), ErrorCode.PermissionOperatorNotExisted);
}
}
}
}
return(Permission.IsValidated);
}
/// <summary>
/// Initializes the attribute with multiple permissions
/// </summary>
/// <param name="permissionOperator">The operator to use when verifying the permissions provided</param>
/// <param name="permissions">The list of permissions</param>
public PermissionAuthorizeAttribute(PermissionOperator permissionOperator, params string[] permissions)
{
// E.g: PERMISSION_1_Create_Update..
Policy = $"{PolicyPrefix}{(int)permissionOperator}{Separator}{string.Join(Separator, permissions)}";
}
public HasPermissionAttribute(PermissionOperator permissionOperator, params string[] permissions)
{
this._permissions = permissions;
this._permissionOperator = permissionOperator;
}
