public static bool?HasPermission(this Utilizer utilizer, Rbac rbac) { bool isPermittedFilter(string permission) { if (Ubac.TryParse(permission, out var userUbac)) { bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase); bool isActionPermitted = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase); bool isObjectPermitted = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object); bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted; if (isPermitted) { return(true); } } return(false); } var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {}; var matchedForbiddens = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {}; var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray(); var forbiddens = matchedForbiddens as string[] ?? matchedForbiddens.ToArray(); if (!permissions.Any() && !forbiddens.Any()) { return(null); } return(!forbiddens.Any() && permissions.Any()); }
protected override bool ValidateModel(Application model, out IEnumerable <string> errors) { var errorList = new List <string>(); if (string.IsNullOrEmpty(model.Name)) { errorList.Add("name is a required field"); } if (string.IsNullOrEmpty(model.MembershipId)) { errorList.Add("membership_id is a required field"); } if (string.IsNullOrEmpty(model.Role)) { errorList.Add("role is a required field"); } else { var role = this.roleService.GetByName(model.Role, model.MembershipId); if (role == null) { errorList.Add($"Role is invalid. There is no role named '{model.Role}'"); } } try { var permissionList = new List <Ubac>(); if (model.Permissions != null) { foreach (var permission in model.Permissions) { var ubac = Ubac.Parse(permission); permissionList.Add(ubac); } } var forbiddenList = new List <Ubac>(); if (model.Forbidden != null) { foreach (var forbidden in model.Forbidden) { var ubac = Ubac.Parse(forbidden); forbiddenList.Add(ubac); } } // Is there any conflict? foreach (var permissionUbac in permissionList) { foreach (var forbiddenUbac in forbiddenList) { if (permissionUbac == forbiddenUbac) { errorList.Add($"Permitted and forbidden sets are conflicted. The same permission is there in the both set. ('{permissionUbac}')"); } } } } catch (Exception ex) { errorList.Add(ex.Message); } errors = errorList; return(!errors.Any()); }