public static bool?HasPermission(this Utilizer utilizer, Rbac rbac)
        {
            bool isPermittedFilter(string permission)
            {
                if (Ubac.TryParse(permission, out var userUbac))
                {
                    bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase);
                    bool isActionPermitted   = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase);
                    bool isObjectPermitted   = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object);

                    bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted;

                    if (isPermitted)
                    {
                        return(true);
                    }
                }

                return(false);
            }

            var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {};
            var matchedForbiddens  = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {};

            var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray();
            var forbiddens  = matchedForbiddens as string[] ?? matchedForbiddens.ToArray();

            if (!permissions.Any() && !forbiddens.Any())
            {
                return(null);
            }

            return(!forbiddens.Any() && permissions.Any());
        }
Beispiel #2
0
        protected override bool ValidateModel(Application model, out IEnumerable <string> errors)
        {
            var errorList = new List <string>();

            if (string.IsNullOrEmpty(model.Name))
            {
                errorList.Add("name is a required field");
            }

            if (string.IsNullOrEmpty(model.MembershipId))
            {
                errorList.Add("membership_id is a required field");
            }

            if (string.IsNullOrEmpty(model.Role))
            {
                errorList.Add("role is a required field");
            }
            else
            {
                var role = this.roleService.GetByName(model.Role, model.MembershipId);
                if (role == null)
                {
                    errorList.Add($"Role is invalid. There is no role named '{model.Role}'");
                }
            }

            try
            {
                var permissionList = new List <Ubac>();
                if (model.Permissions != null)
                {
                    foreach (var permission in model.Permissions)
                    {
                        var ubac = Ubac.Parse(permission);
                        permissionList.Add(ubac);
                    }
                }

                var forbiddenList = new List <Ubac>();
                if (model.Forbidden != null)
                {
                    foreach (var forbidden in model.Forbidden)
                    {
                        var ubac = Ubac.Parse(forbidden);
                        forbiddenList.Add(ubac);
                    }
                }

                // Is there any conflict?
                foreach (var permissionUbac in permissionList)
                {
                    foreach (var forbiddenUbac in forbiddenList)
                    {
                        if (permissionUbac == forbiddenUbac)
                        {
                            errorList.Add($"Permitted and forbidden sets are conflicted. The same permission is there in the both set. ('{permissionUbac}')");
                        }
                    }
                }
            }
            catch (Exception ex)
            {
                errorList.Add(ex.Message);
            }

            errors = errorList;
            return(!errors.Any());
        }