public static bool IsSystem(Privilege privilege)
{
return(privilege.Equals(Admin) ||
privilege.Equals(Connect));
}
public bool Permits(Privilege privilege)
{
return((value & privilege.value) != 0);
}
public string[] ToString(Privilege privilege)
{
if (privilege.Equals(TableAll))
{
return new [] { "ALL" }
}
;
var result = new List <string>();
if (privilege.Permits(Admin))
{
result.Add("ADMIN");
}
if (privilege.Permits(Connect))
{
result.Add("CONNECT");
}
if (privilege.Permits(Select))
{
result.Add("SELECT");
}
if (privilege.Permits(Insert))
{
result.Add("INSERT");
}
if (privilege.Permits(Update))
{
result.Add("UPDATE");
}
if (privilege.Permits(Delete))
{
result.Add("DELETE");
}
if (privilege.Permits(Drop))
{
result.Add("DROP");
}
if (privilege.Permits(References))
{
result.Add("REFERENCES");
}
if (privilege.Permits(Alter))
{
result.Add("ALTER");
}
if (privilege.Permits(List))
{
result.Add("LIST");
}
if (privilege.Permits(Execute))
{
result.Add("EXECUTE");
}
if (privilege.Permits(Usage))
{
result.Add("USAGE");
}
if (privilege.Permits(Create))
{
result.Add("CREATE");
}
return(result.ToArray());
}
}
public Privilege Add(Privilege privilege)
{
return(new Privilege(value | privilege.value));
}
public Privilege Remove(Privilege privilege)
{
int andPriv = (value & privilege.value);
return(new Privilege(value ^ andPriv));
}
public static void RequirePrivileges(this IRequirementCollection requirements,
DbObjectType objectType, ObjectName objName, Privilege privilege)
{
requirements.AddRequirement(context => context.UserHasPrivileges(objectType, objName, privilege));
}
public Grant(string granter, string grantee, ObjectName objectName, Privilege privileges)
: this(granter, grantee, objectName, privileges, false)
{
}
public bool TryGetPrivileges(DbObjectType objectType, ObjectName objectName, string grantee, out Privilege privileges)
{
if (cache == null)
{
privileges = Privilege.None;
return(false);
}
var key = new Key(objectType, objectName, grantee);
return(cache.TryGetValue(key, out privileges));
}
public void SetPrivileges(DbObjectType objectType, ObjectName objectName, string grantee, Privilege privileges)
{
var key = new Key(objectType, objectName, grantee);
if (cache == null)
{
cache = new Dictionary <Key, Privilege>();
}
cache[key] = privileges;
}
async Task <bool> ISecurityResolver.HasPrivilegesAsync(string grantee, DbObjectType objectType, ObjectName objectName, Privilege privileges)
{
Privilege userPrivileges;
if (!TryGetPrivileges(objectType, objectName, grantee, out userPrivileges))
{
return(false);
}
return(privileges.Permits(userPrivileges));
}
public ObjectPrivilegesGrantedEvent(IEventSource source, string granter, string grantee, ObjectName objectName, Privilege privileges, bool withGrantOption) : base(source)
{
Granter = granter ?? throw new ArgumentNullException(nameof(granter));
Grantee = grantee ?? throw new ArgumentNullException(nameof(grantee));
ObjectName = objectName;
Privileges = privileges;
WithGrantOption = withGrantOption;
}
Task <bool> IAccessController.HasObjectPrivilegesAsync(string grantee, ObjectName objectName, Privilege privileges)
{
if (!TryGetObjectPrivileges(objectName, grantee, out var userPrivileges))
{
return(Task.FromResult(false));
}
return(Task.FromResult(userPrivileges.Permits(privileges)));
}
public ObjectPrivilegesRevokedEvent(IEventSource source, string revoker, string grantee, ObjectName objectName, Privilege privileges) : base(source)
{
Revoker = revoker;
Grantee = grantee;
ObjectName = objectName;
Privileges = privileges;
}
public static async Task <bool> UserHasPrivileges(this IContext context, DbObjectType objectType, ObjectName objectName, Privilege privilege)
{
var user = context.User();
if (user == null)
{
return(false);
}
// if no security resolver was registered this means no security
// checks are required
var resolver = context.Scope.Resolve <ISecurityResolver>();
if (resolver == null)
{
return(true);
}
if (!await resolver.HasPrivilegesAsync(user.Name, objectType, objectName, privilege))
{
var securityManager = context.Scope.Resolve <ISecurityManager>();
if (securityManager == null)
{
return(false);
}
var roles = await securityManager.GetUserRolesAsync(user.Name);
foreach (var role in roles)
{
if (await resolver.HasPrivilegesAsync(role.Name, objectType, objectName, privilege))
{
return(true);
}
}
return(false);
}
return(true);
}
