public void Test_PermissionManager() { var authorizationConfiguration = new AuthorizationConfiguration(); authorizationConfiguration.Providers.Add <MyAuthorizationProvider1>(); authorizationConfiguration.Providers.Add <MyAuthorizationProvider2>(); LocalIocManager.IocContainer.Register( Component.For <IFeatureDependencyContext, FeatureDependencyContext>().UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>())) ); var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration); permissionManager.Initialize(); permissionManager.GetAllPermissions().Count.ShouldBe(5); var userManagement = permissionManager.GetPermissionOrNull("Adorable.Zero.Administration.UserManagement"); userManagement.ShouldNotBe(null); userManagement.Children.Count.ShouldBe(1); var changePermissions = permissionManager.GetPermissionOrNull("Adorable.Zero.Administration.UserManagement.ChangePermissions"); changePermissions.ShouldNotBe(null); changePermissions.Parent.ShouldBeSameAs(userManagement); permissionManager.GetPermissionOrNull("NonExistingPermissionName").ShouldBe(null); }
public void AuthorizationConfigurationValidationIntrospectionDiscoveryPolicyAuthorityManyFailTest( bool validateIssuerName, bool validateEndpoints, bool requireHttps, bool requireKeySet, bool allowHttpOnLoopback ) { var config = new AuthorizationConfiguration { PolicyName = "policyName", ApiName = "apiName", ApiSecret = "apiSecret", IssuerUrl = "issuerUrl", Origins = new[] { "http://localhost" }, IntrospectionDiscoveryPolicy = new DiscoveryPolicy { RequireHttps = requireHttps, RequireKeySet = requireKeySet, AllowHttpOnLoopback = allowHttpOnLoopback, ValidateIssuerName = validateIssuerName, ValidateEndpoints = validateEndpoints, AdditionalEndpointBaseAddresses = { "https://identityserver:443", "https://identityserver" }, Authority = "https://identityserver:443/" } }; var rule = new AuthorizationConfigurationValidation(); rule.Validate(null, config).Failed.Should().BeTrue(); }
public void AuthorizationConfigurationValidationSucceededTest() { var config = new AuthorizationConfiguration { PolicyName = "PolicyName", ApiName = "ApiName", ApiSecret = "ApiSecret", IssuerUrl = "IssuerUrl", Origins = new[] { "http://localhost" }, IntrospectionDiscoveryPolicy = new DiscoveryPolicy { RequireHttps = true, RequireKeySet = true, AllowHttpOnLoopback = true, ValidateIssuerName = true, ValidateEndpoints = true, Authority = "https://identityserver:443", AdditionalEndpointBaseAddresses = { "https://identityserver:443", "https://identityserver" } } }; var rule = new AuthorizationConfigurationValidation(); rule.Validate(null, config).Succeeded.Should().BeTrue(); }
private static IServiceCollection AddAuthorization(this IServiceCollection services, IConfiguration configuration) { // Create config var authorizationConfigSection = configuration.GetSection(AuthorizationSettingsSectionName); if (string.IsNullOrWhiteSpace(authorizationConfigSection["AllCompanyGroup"]) || string.IsNullOrWhiteSpace(authorizationConfigSection["CampusLeadsGroup"]) || string.IsNullOrWhiteSpace(authorizationConfigSection["GermanLeadsGroup"]) || string.IsNullOrWhiteSpace(authorizationConfigSection["HubLeadsGroup"]) || string.IsNullOrWhiteSpace(authorizationConfigSection["InternalDevelopmentGroup"])) { var sectionContents = authorizationConfigSection.AsEnumerable(); var message = $"The authorization configuration section seems to be empty or not configured. Please check settings for section with name {AuthorizationSettingsSectionName}. The following keys and values are present: "; message = sectionContents.Aggregate(message, (current, kv) => current + $" - ({kv.Key}): '{kv.Value}'"); throw new MccBadConfigurationException(message); } var authConfig = new AuthorizationConfiguration( authorizationConfigSection["AllCompanyGroup"], authorizationConfigSection["CampusLeadsGroup"], authorizationConfigSection["GermanLeadsGroup"], authorizationConfigSection["HubLeadsGroup"], authorizationConfigSection["InternalDevelopmentGroup"] ); var developmentPolicyGroups = new GroupMembershipRequirement(new[] { authConfig.InternalDevelopmentGroupId }); var germanLeadsPolicyGroups = new GroupMembershipRequirement(new[] { authConfig.GermanLeadsGroupId }); var hubLeadsGroup = new GroupMembershipRequirement(new[] { authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId }); var campusLeadsGroup = new GroupMembershipRequirement(new[] { authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId, authConfig.CampusLeadsGroupId }); var generalGroup = new GroupMembershipRequirement(new[] { authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId, authConfig.CampusLeadsGroupId, authConfig.CommunityGroupId }); services.AddAuthorization(options => { options.AddPolicy(PolicyNames.DevelopmentInternal, policy => { policy.Requirements.Add(developmentPolicyGroups); }); options.AddPolicy(PolicyNames.GermanLeads, policy => { policy.Requirements.Add(germanLeadsPolicyGroups); }); options.AddPolicy(PolicyNames.HubLeads, policy => { policy.Requirements.Add(hubLeadsGroup); }); options.AddPolicy(PolicyNames.CampusLeads, policy => { policy.Requirements.Add(campusLeadsGroup); }); options.AddPolicy(PolicyNames.Community, policy => { policy.Requirements.Add(generalGroup); }); }); services.AddScoped <IAuthorizationHandler, GroupMembershipPolicyHandler>(); services.AddSingleton <AuthorizationConfiguration>(authConfig); return(services); }
public CampusControllerService(IGraphUserService graphUserService, IDbService <Infrastructure.Entities.Db.Campus> campusDbService, IDbService <Hub> hubDbService, AuthorizationConfiguration authorizationConfiguration, IGraphGroupService graphGroupService) { _graphUserService = graphUserService; _campusDbService = campusDbService; _hubDbService = hubDbService; _authorizationConfiguration = authorizationConfiguration; _graphGroupService = graphGroupService; }
public GraphUserService(IGraphBaseService graphService, IGraphGroupService graphGroupService, IAppInsightsService appInsightsService, AuthorizationConfiguration authorizationConfiguration) { _graphService = graphService; _appInsightsService = appInsightsService; _graphGroupService = graphGroupService; _authorizationConfiguration = authorizationConfiguration; }
public RoleBasedDicomAuthorizationService(AuthorizationConfiguration authorizationConfiguration, IDicomRequestContextAccessor dicomRequestContextAccessor) { EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration)); _dicomRequestContextAccessor = EnsureArg.IsNotNull(dicomRequestContextAccessor, nameof(dicomRequestContextAccessor)); _rolesClaimName = authorizationConfiguration.RolesClaim; _roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.OrdinalIgnoreCase); }
public RoleBasedAuthorizationService(AuthorizationConfiguration <TDataActions> authorizationConfiguration, RequestContextAccessor <TRequestContext> requestContextAccessor) { EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration)); _requestContextAccessor = EnsureArg.IsNotNull(requestContextAccessor, nameof(requestContextAccessor)); _rolesClaimName = authorizationConfiguration.RolesClaim; _roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.OrdinalIgnoreCase); }
protected override void RegisterTypes(IServiceCollection services) { base.RegisterTypes(services); var config = new AuthorizationConfiguration <TDefault>(); services.AddSingleton <IAuthorizationConfiguration>(config); services.AddSingleton <IFacetDecorator, AuthorizationManager>(); }
public RoleBasedAuthorizationPolicy(AuthorizationConfiguration authorizationConfiguration) { EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration)); _authorizationConfiguration = authorizationConfiguration; _roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.InvariantCultureIgnoreCase); _roleNameToResourceActions = _roles.Select(kvp => KeyValuePair.Create(kvp.Key, kvp.Value.ResourcePermissions.Select(rp => rp.Actions).SelectMany(x => x))).ToDictionary(kvp => kvp.Key, kvp => kvp.Value); }
protected RoleLoader(AuthorizationConfiguration <TDataActions> authorizationConfiguration, IHostEnvironment hostEnvironment) { EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration)); EnsureArg.IsNotNull(hostEnvironment, nameof(hostEnvironment)); EnsureArg.IsNotNull(hostEnvironment.ContentRootFileProvider, nameof(hostEnvironment.ContentRootFileProvider)); _authorizationConfiguration = authorizationConfiguration; _fileProvider = hostEnvironment.ContentRootFileProvider; }
public Startup(IConfiguration configuration, ILoggerFactory loggerFactory) { _configuration = configuration; _authenticationConfig = _configuration.GetSection("Authentication").Get <AuthenticationConfiguration>(); _legacyAuthorizationConfig = _configuration.GetSection("LegacyAuthorization").Get <AuthorizationConfiguration>(); _authorizationConfig = _configuration.GetSection("Authorization").Get <AuthorizationConfiguration>(); _externalLinks = _configuration.GetSection("ExternalLinks").Get <ExternalLinksConfiguration>(); _loggerFactory = loggerFactory; }
public void TestCreateOk() { var config = new AuthorizationConfiguration <ITypeAuthorizer <object> >(); config.AddNamespaceAuthorizer <INamespaceAuthorizer>("1"); config.AddTypeAuthorizer <object, ITypeAuthorizer <object> >(); // ReSharper disable once UnusedVariable var sink = new AuthorizationManager(config); }
public RoleLoader(AuthorizationConfiguration authorizationConfiguration, IHostEnvironment hostEnvironment) { EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration)); EnsureArg.IsNotNull(hostEnvironment, nameof(hostEnvironment)); EnsureArg.IsNotNull(hostEnvironment.ContentRootFileProvider, nameof(hostEnvironment.ContentRootFileProvider)); _authorizationConfiguration = authorizationConfiguration; _hostEnvironment = hostEnvironment; _fileProvider = hostEnvironment.ContentRootFileProvider; }
public void Should_Manage_Permission_With_Custom_Properties() { var authorizationConfiguration = new AuthorizationConfiguration(); authorizationConfiguration.Providers.Add <MyAuthorizationProviderWithCustomProperties>(); LocalIocManager.IocContainer.Register( Component.For <IFeatureDependencyContext, FeatureDependencyContext>() .UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>())), Component.For <MyAuthorizationProviderWithCustomProperties>().LifestyleTransient(), Component.For <IUnitOfWorkManager, UnitOfWorkManager>().LifestyleTransient(), Component.For <ICurrentUnitOfWorkProvider, AsyncLocalCurrentUnitOfWorkProvider>().LifestyleTransient(), Component.For <IUnitOfWorkDefaultOptions, UnitOfWorkDefaultOptions>().LifestyleTransient(), Component.For <IMultiTenancyConfig, MultiTenancyConfig>().LifestyleTransient() ); var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration, LocalIocManager.Resolve <IUnitOfWorkManager>(), LocalIocManager.Resolve <IMultiTenancyConfig>()); permissionManager.Initialize(); permissionManager.GetAllPermissions().Count.ShouldBe(4); var customPermission = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission"); customPermission.ShouldNotBe(null); customPermission.Children.Count.ShouldBe(2); customPermission.Properties.Count.ShouldBe(2); customPermission["MyProp1"].ShouldBe("Test"); ((MyAuthorizationProviderWithCustomProperties.MyTestPropertyClass)customPermission["MyProp2"]).Prop1.ShouldBe("Test"); //its not exist customPermission["MyProp3"].ShouldBeNull(); customPermission.Children[0]["MyProp1"].ShouldBeNull(); customPermission.Children[1]["MyProp1"].ShouldBe("TestChild"); var customPermission2 = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission2"); customPermission2.ShouldNotBe(null); customPermission2.Children.Count.ShouldBe(0); customPermission2.Properties.Count.ShouldBe(0); customPermission2["MyProp1"].ShouldBeNull(); customPermission2["MyProp1"] = "Test"; var customPermission21 = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission2"); customPermission2.ShouldBeSameAs(customPermission21); customPermission21["MyProp1"].ShouldBe("Test"); }
private AuthorizationConfiguration GetOrCreateNamespaceConfiguration(string nmspc) { if (_namespaceConfigurations.ContainsKey(nmspc)) { return (AuthorizationConfiguration) _namespaceConfigurations[nmspc]; } AuthorizationConfiguration namespaceConfiguration = new AuthorizationConfiguration(); _namespaceConfigurations[nmspc] = namespaceConfiguration; return namespaceConfiguration; }
public DicomRoleLoader(AuthorizationConfiguration <DataActions> authorizationConfiguration, IHostEnvironment hostEnvironment) : base(authorizationConfiguration, hostEnvironment) { // Loop through all the enums and pre-load them into a dictionary for mapping between string representation and enum var enumType = typeof(DataActions); foreach (var name in Enum.GetNames(enumType)) { var enumMemberAttribute = ((EnumMemberAttribute[])enumType.GetField(name).GetCustomAttributes(typeof(EnumMemberAttribute), true)).Single(); _dataActionsMap.TryAdd(enumMemberAttribute.Value, Enum.Parse <DataActions>(name)); } }
protected override void RegisterTypes(IServiceCollection services) { base.RegisterTypes(services); var config = new AuthorizationConfiguration <MyDefaultAuthorizer>(); config.AddNamespaceAuthorizer <MyAppAuthorizer>("MyApp"); config.AddNamespaceAuthorizer <MyCluster1Authorizer>("MyApp.MyCluster1"); config.AddNamespaceAuthorizer <MyBar1Authorizer>("MyApp.MyCluster1.Bar1"); services.AddSingleton <IAuthorizationConfiguration>(config); services.AddSingleton <IFacetDecorator, AuthorizationManager>(); }
// This method gets called by the runtime. Use this method to add services to the container. public IServiceProvider ConfigureServices(IServiceCollection services) { // Add framework services. services.AddMvc().AddControllersAsServices(); var nlogConfiguration = Configuration.GetSection("NLog").Get <NLogConfiguration>(); NLogServiceConfiguration.ConfigureNLog(nlogConfiguration); ConfigurationDtoConfiguration.ConfigureConfigurationDto(services, Configuration); var connectionString = Configuration.GetConnectionString("eSuiteConnection"); DbContextOptionsConfiguration.ConfigureDbContextOptions(services, connectionString); var corsConfiguration = Configuration.GetSection("Cors").Get <CorsConfiguration>(); CorsServiceConfiguration.ConfigureCorsService(services, corsConfiguration); var jwtConfiguration = Configuration.GetSection("Jwt").Get <JwtConfiguration>(); JwtServiceConfiguration.ConfigureJwtService(services, jwtConfiguration); var swaggerConfiguration = Configuration.GetSection("Swagger").Get <SwaggerConfiguration>(); SwaggerServiceConfiguration.ConfigureSwaggerService(services, swaggerConfiguration); var rawRabbitConfiguration = Configuration.GetSection("RawRabbit").Get <RawRabbitConfiguration>(); RawRabbitServiceConfiguration.ConfigureRawRabbit(services, rawRabbitConfiguration); AuthorizationConfiguration.ConfigureAuthorization(services); AutoMapperConfiguration.ConfigureAutoMapper(); // Create the container builder. var builder = new ContainerBuilder(); builder.Populate(services); /* Register here all modules, type*/ builder.RegisterModule <EFModule <eSuiteDbContext> >(); var autofacConfiguration = Configuration.GetSection("Autofac").Get <AutofacConfiguration>(); builder.RegisterModule(new StandardModule { AssemblyNames = autofacConfiguration.CandidateAssemblies }); ApplicationContainer = builder.Build(); // Create the IServiceProvider based on the container. return(new AutofacServiceProvider(ApplicationContainer)); }
/// <summary> /// Initializes a new instance of the <see cref="BasicAuthenticationHandler"/> class. /// </summary> /// <param name="options">Authentication scheme options</param> /// <param name="loggerFactory">Logger factory</param> /// <param name="encoder">URL encoder</param> /// <param name="clock">System clock</param> /// <param name="configuration">App configuration</param> public BasicAuthenticationHandler( IOptionsMonitor <AuthenticationSchemeOptions> options, ILoggerFactory loggerFactory, UrlEncoder encoder, ISystemClock clock, IConfiguration configuration) : base(options, loggerFactory, encoder, clock) { // Validate input arugments configuration = Ensure.IsNotNull(() => configuration); // Build configuration this.authorizationConfiguration = new AuthorizationConfiguration(configuration); }
private void AddPermission(AuthorizationConfiguration configuration, string principal, Permission permission) { if (permission == Permission.Administer) { configuration.Administrators.Add(principal); } else if (permission == Permission.Edit) { configuration.Editors.Add(principal); } else if (permission == Permission.Read) { configuration.Readers.Add(principal); } }
public void AuthorizationConfigurationValidationFailTest() { var config = new AuthorizationConfiguration { PolicyName = "PolicyName", ApiName = "ApiName", ApiSecret = "ApiSecret", IssuerUrl = "IssuerUrl", Origins = new[] { "" } }; var rule = new AuthorizationConfigurationValidation(); rule.Validate(null, config).Failed.Should().BeTrue(); }
public void AuthorizationConfigurationValidationIntrospectionDiscoveryPolicyNullFailTest() { var config = new AuthorizationConfiguration { PolicyName = "policyName", ApiName = "apiName", ApiSecret = "apiSecret", IssuerUrl = "issuerUrl", Origins = new[] { "http://localhost" }, IntrospectionDiscoveryPolicy = null }; var rule = new AuthorizationConfigurationValidation(); rule.Validate(null, config).Failed.Should().BeTrue(); }
private static async Task <AuthorizationConfiguration <DataActions> > LoadAsync(object roles) { IFileProvider fileProvider = Substitute.For <IFileProvider>(); var hostEnvironment = Substitute.For <IHostEnvironment>(); hostEnvironment.ContentRootFileProvider .GetFileInfo("roles.json") .CreateReadStream() .Returns(new MemoryStream(Encoding.UTF8.GetBytes(JObject.FromObject(roles).ToString()))); var authConfig = new AuthorizationConfiguration <DataActions>(); var roleLoader = new SamplesRoleLoader(authConfig, hostEnvironment); await roleLoader.StartAsync(CancellationToken.None); return(authConfig); }
private static AuthorizationConfiguration Load(object roles) { IFileProvider fileProvider = Substitute.For <IFileProvider>(); var hostEnvironment = Substitute.For <IHostEnvironment>(); hostEnvironment.ContentRootFileProvider .GetFileInfo("roles.json") .CreateReadStream() .Returns(new MemoryStream(Encoding.UTF8.GetBytes(JObject.FromObject(roles).ToString()))); var authConfig = new AuthorizationConfiguration(); var roleLoader = new RoleLoader(authConfig, hostEnvironment); roleLoader.Start(); return(authConfig); }
protected void RegisterAuthorizerTypes <TDefault>(IUnityContainer container) where TDefault : ITypeAuthorizer <object> { base.RegisterTypes(container); var config = new AuthorizationConfiguration <TDefault>(); container.RegisterInstance <IAuthorizationConfiguration>(config, (new ContainerControlledLifetimeManager())); container.RegisterType <IFacetDecorator, AuthorizationManager>("AuthorizationManager", new ContainerControlledLifetimeManager()); var reflectorConfig = new ReflectorConfiguration( new[] { typeof(TDefault) }, new[] { typeof(SimpleRepository <Foo>) }, new[] { typeof(Foo).Namespace }); container.RegisterInstance <IReflectorConfiguration>(reflectorConfig, new ContainerControlledLifetimeManager()); }
private static AuthorizationConfiguration GetAuthorizationConfigurationForRoles(List <ResourceAction> resourceActions, params string[] roleNames) { var permissions = new List <ResourcePermission> { new ResourcePermission(resourceActions), }; var authConfiguration = new AuthorizationConfiguration(); foreach (var name in roleNames) { authConfiguration.Roles.Add(GetRole(name, permissions)); } return(authConfiguration); }
/// <summary> /// Demand method is called at runtime when a caller is trying to access /// resource that is marked with SAFSecurityAttribute. /// </summary> public void Demand() { //obtain the information about the denied and allowed roles //information from configuraiton file ConfigurationManager cm = (ConfigurationManager)ConfigurationSettings.GetConfig("Framework"); AuthorizationConfiguration ac = cm.AuthorizationConfig; string[] allowedRoles = ac.AllowedRoles(Name); string[] deniedRoles = ac.DeniedRoles(Name); //create the IAuthorizationProvider object which is responsible //for verify if the call is permitted or denied based on the //allowed role and denied role information. IAuthorizationProvider ap = (IAuthorizationProvider)ac.GetAuthorizationProvider(Name); ap.Authorize(allowedRoles, deniedRoles); }
public void AuthorizationConfigurationValidationManyFailTest( string policyName, string apiName, string apiSecret, string issuerUrl) { var config = new AuthorizationConfiguration { PolicyName = policyName, ApiName = apiName, ApiSecret = apiSecret, IssuerUrl = issuerUrl, Origins = new[] { "http://localhost" } }; var rule = new AuthorizationConfigurationValidation(); rule.Validate(null, config).Failed.Should().BeTrue(); }
protected override void RegisterTypes(IUnityContainer container) { base.RegisterTypes(container); var config = new AuthorizationConfiguration <MyDefaultAuthorizer>(); container.RegisterInstance <IAuthorizationConfiguration>(config, (new ContainerControlledLifetimeManager())); container.RegisterType <IFacetDecorator, AuthorizationManager>("AuthorizationManager", new ContainerControlledLifetimeManager()); var reflectorConfig = new ReflectorConfiguration( new[] { typeof(MyDefaultAuthorizer), }, new[] { typeof(SimpleRepository <Foo>), typeof(FooService), }, new[] { typeof(Foo).Namespace }); container.RegisterInstance <IReflectorConfiguration>(reflectorConfig, new ContainerControlledLifetimeManager()); }
public void Test_PermissionManager() { var authorizationConfiguration = new AuthorizationConfiguration(); authorizationConfiguration.Providers.Add <MyAuthorizationProvider1>(); authorizationConfiguration.Providers.Add <MyAuthorizationProvider2>(); LocalIocManager.IocContainer.Register( Component.For <IFeatureDependencyContext, FeatureDependencyContext>().UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>())), Component.For <MyAuthorizationProvider1>().LifestyleTransient(), Component.For <MyAuthorizationProvider2>().LifestyleTransient(), Component.For <IUnitOfWorkManager, UnitOfWorkManager>().LifestyleTransient(), Component.For <ICurrentUnitOfWorkProvider, AsyncLocalCurrentUnitOfWorkProvider>().LifestyleTransient(), Component.For <IUnitOfWorkDefaultOptions, UnitOfWorkDefaultOptions>().LifestyleTransient(), Component.For <IMultiTenancyConfig, MultiTenancyConfig>().LifestyleTransient() ); var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration, LocalIocManager.Resolve <IUnitOfWorkManager>(), LocalIocManager.Resolve <IMultiTenancyConfig>()); permissionManager.Initialize(); permissionManager.GetAllPermissions().Count.ShouldBe(5); var userManagement = permissionManager.GetPermissionOrNull("Abp.Zero.Administration.UserManagement"); userManagement.ShouldNotBe(null); userManagement.Children.Count.ShouldBe(1); var changePermissions = permissionManager.GetPermissionOrNull("Abp.Zero.Administration.UserManagement.ChangePermissions"); changePermissions.ShouldNotBe(null); changePermissions.Parent.ShouldBeSameAs(userManagement); permissionManager.GetPermissionOrNull("NonExistingPermissionName").ShouldBe(null); userManagement.RemoveChildPermission(userManagement.Children.FirstOrDefault()?.Name); userManagement.Children.Count.ShouldBe(0); permissionManager.RemovePermission("Abp.Zero.Administration"); permissionManager.GetPermissionOrNull("Abp.Zero.Administration").ShouldBe(null); }
private void SynchronizePermissions() { using (var transaction = _uniDbContext.Database.BeginTransaction(IsolationLevel.ReadCommitted)) { try { var permissions = AuthorizationConfiguration.GetPermissions(typeof(Permissions)); var currentPermissions = _uniDbContext.Permissions.ToHashSet(); var newPermissions = permissions .Where( x => !currentPermissions.Any( y => string.Equals(x, y.Name, StringComparison.OrdinalIgnoreCase) ) ).Select(x => new Permission { Name = x }).ToArray(); if (newPermissions.Length != 0) { _logger.LogInformation($"Found {newPermissions.Length} new permissions."); _uniDbContext.Permissions.AddRange(newPermissions); _uniDbContext.SaveChanges(); } else { _logger.LogInformation("No permissions were added. The database is already up to date."); } transaction.Commit(); } catch { transaction.Rollback(); throw; } } }
private static bool IsReader(IPrincipal principal, AuthorizationConfiguration configuration) { return IsUserOrInRole(principal, configuration.Readers); }
private static bool IsAdministrator(IPrincipal principal, AuthorizationConfiguration configuration) { return IsUserOrInRole(principal, configuration.Administrators); }