public void Test_PermissionManager()
{
var authorizationConfiguration = new AuthorizationConfiguration();
authorizationConfiguration.Providers.Add <MyAuthorizationProvider1>();
authorizationConfiguration.Providers.Add <MyAuthorizationProvider2>();
LocalIocManager.IocContainer.Register(
Component.For <IFeatureDependencyContext, FeatureDependencyContext>().UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>()))
);
var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration);
permissionManager.Initialize();
permissionManager.GetAllPermissions().Count.ShouldBe(5);
var userManagement = permissionManager.GetPermissionOrNull("Adorable.Zero.Administration.UserManagement");
userManagement.ShouldNotBe(null);
userManagement.Children.Count.ShouldBe(1);
var changePermissions = permissionManager.GetPermissionOrNull("Adorable.Zero.Administration.UserManagement.ChangePermissions");
changePermissions.ShouldNotBe(null);
changePermissions.Parent.ShouldBeSameAs(userManagement);
permissionManager.GetPermissionOrNull("NonExistingPermissionName").ShouldBe(null);
}
public void AuthorizationConfigurationValidationIntrospectionDiscoveryPolicyAuthorityManyFailTest(
bool validateIssuerName,
bool validateEndpoints,
bool requireHttps,
bool requireKeySet,
bool allowHttpOnLoopback
)
{
var config = new AuthorizationConfiguration
{
PolicyName = "policyName",
ApiName = "apiName",
ApiSecret = "apiSecret",
IssuerUrl = "issuerUrl",
Origins = new[] { "http://localhost" },
IntrospectionDiscoveryPolicy = new DiscoveryPolicy
{
RequireHttps = requireHttps,
RequireKeySet = requireKeySet,
AllowHttpOnLoopback = allowHttpOnLoopback,
ValidateIssuerName = validateIssuerName,
ValidateEndpoints = validateEndpoints,
AdditionalEndpointBaseAddresses = { "https://identityserver:443", "https://identityserver" },
Authority = "https://identityserver:443/"
}
};
var rule = new AuthorizationConfigurationValidation();
rule.Validate(null, config).Failed.Should().BeTrue();
}
public void AuthorizationConfigurationValidationSucceededTest()
{
var config = new AuthorizationConfiguration
{
PolicyName = "PolicyName",
ApiName = "ApiName",
ApiSecret = "ApiSecret",
IssuerUrl = "IssuerUrl",
Origins = new[] { "http://localhost" },
IntrospectionDiscoveryPolicy = new DiscoveryPolicy
{
RequireHttps = true,
RequireKeySet = true,
AllowHttpOnLoopback = true,
ValidateIssuerName = true,
ValidateEndpoints = true,
Authority = "https://identityserver:443",
AdditionalEndpointBaseAddresses = { "https://identityserver:443", "https://identityserver" }
}
};
var rule = new AuthorizationConfigurationValidation();
rule.Validate(null, config).Succeeded.Should().BeTrue();
}
private static IServiceCollection AddAuthorization(this IServiceCollection services,
IConfiguration configuration)
{
// Create config
var authorizationConfigSection = configuration.GetSection(AuthorizationSettingsSectionName);
if (string.IsNullOrWhiteSpace(authorizationConfigSection["AllCompanyGroup"]) ||
string.IsNullOrWhiteSpace(authorizationConfigSection["CampusLeadsGroup"]) ||
string.IsNullOrWhiteSpace(authorizationConfigSection["GermanLeadsGroup"]) ||
string.IsNullOrWhiteSpace(authorizationConfigSection["HubLeadsGroup"]) ||
string.IsNullOrWhiteSpace(authorizationConfigSection["InternalDevelopmentGroup"]))
{
var sectionContents = authorizationConfigSection.AsEnumerable();
var message =
$"The authorization configuration section seems to be empty or not configured. Please check settings for section with name {AuthorizationSettingsSectionName}. The following keys and values are present: ";
message = sectionContents.Aggregate(message, (current, kv) => current + $" - ({kv.Key}): '{kv.Value}'");
throw new MccBadConfigurationException(message);
}
var authConfig = new AuthorizationConfiguration(
authorizationConfigSection["AllCompanyGroup"],
authorizationConfigSection["CampusLeadsGroup"],
authorizationConfigSection["GermanLeadsGroup"],
authorizationConfigSection["HubLeadsGroup"],
authorizationConfigSection["InternalDevelopmentGroup"]
);
var developmentPolicyGroups = new GroupMembershipRequirement(new[] { authConfig.InternalDevelopmentGroupId });
var germanLeadsPolicyGroups = new GroupMembershipRequirement(new[] { authConfig.GermanLeadsGroupId });
var hubLeadsGroup = new GroupMembershipRequirement(new[]
{ authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId });
var campusLeadsGroup = new GroupMembershipRequirement(new[]
{
authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId,
authConfig.CampusLeadsGroupId
});
var generalGroup = new GroupMembershipRequirement(new[]
{
authConfig.InternalDevelopmentGroupId, authConfig.GermanLeadsGroupId, authConfig.HubLeadsGroupId,
authConfig.CampusLeadsGroupId, authConfig.CommunityGroupId
});
services.AddAuthorization(options =>
{
options.AddPolicy(PolicyNames.DevelopmentInternal,
policy => { policy.Requirements.Add(developmentPolicyGroups); });
options.AddPolicy(PolicyNames.GermanLeads,
policy => { policy.Requirements.Add(germanLeadsPolicyGroups); });
options.AddPolicy(PolicyNames.HubLeads, policy => { policy.Requirements.Add(hubLeadsGroup); });
options.AddPolicy(PolicyNames.CampusLeads, policy => { policy.Requirements.Add(campusLeadsGroup); });
options.AddPolicy(PolicyNames.Community, policy => { policy.Requirements.Add(generalGroup); });
});
services.AddScoped <IAuthorizationHandler, GroupMembershipPolicyHandler>();
services.AddSingleton <AuthorizationConfiguration>(authConfig);
return(services);
}
public CampusControllerService(IGraphUserService graphUserService, IDbService <Infrastructure.Entities.Db.Campus> campusDbService, IDbService <Hub> hubDbService, AuthorizationConfiguration authorizationConfiguration, IGraphGroupService graphGroupService)
{
_graphUserService = graphUserService;
_campusDbService = campusDbService;
_hubDbService = hubDbService;
_authorizationConfiguration = authorizationConfiguration;
_graphGroupService = graphGroupService;
}
public GraphUserService(IGraphBaseService graphService, IGraphGroupService graphGroupService,
IAppInsightsService appInsightsService, AuthorizationConfiguration authorizationConfiguration)
{
_graphService = graphService;
_appInsightsService = appInsightsService;
_graphGroupService = graphGroupService;
_authorizationConfiguration = authorizationConfiguration;
}
public RoleBasedDicomAuthorizationService(AuthorizationConfiguration authorizationConfiguration, IDicomRequestContextAccessor dicomRequestContextAccessor)
{
EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration));
_dicomRequestContextAccessor = EnsureArg.IsNotNull(dicomRequestContextAccessor, nameof(dicomRequestContextAccessor));
_rolesClaimName = authorizationConfiguration.RolesClaim;
_roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.OrdinalIgnoreCase);
}
public RoleBasedAuthorizationService(AuthorizationConfiguration <TDataActions> authorizationConfiguration, RequestContextAccessor <TRequestContext> requestContextAccessor)
{
EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration));
_requestContextAccessor = EnsureArg.IsNotNull(requestContextAccessor, nameof(requestContextAccessor));
_rolesClaimName = authorizationConfiguration.RolesClaim;
_roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.OrdinalIgnoreCase);
}
protected override void RegisterTypes(IServiceCollection services)
{
base.RegisterTypes(services);
var config = new AuthorizationConfiguration <TDefault>();
services.AddSingleton <IAuthorizationConfiguration>(config);
services.AddSingleton <IFacetDecorator, AuthorizationManager>();
}
public RoleBasedAuthorizationPolicy(AuthorizationConfiguration authorizationConfiguration)
{
EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration));
_authorizationConfiguration = authorizationConfiguration;
_roles = authorizationConfiguration.Roles.ToDictionary(r => r.Name, StringComparer.InvariantCultureIgnoreCase);
_roleNameToResourceActions = _roles.Select(kvp => KeyValuePair.Create(kvp.Key, kvp.Value.ResourcePermissions.Select(rp => rp.Actions).SelectMany(x => x))).ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
}
protected RoleLoader(AuthorizationConfiguration <TDataActions> authorizationConfiguration, IHostEnvironment hostEnvironment)
{
EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration));
EnsureArg.IsNotNull(hostEnvironment, nameof(hostEnvironment));
EnsureArg.IsNotNull(hostEnvironment.ContentRootFileProvider, nameof(hostEnvironment.ContentRootFileProvider));
_authorizationConfiguration = authorizationConfiguration;
_fileProvider = hostEnvironment.ContentRootFileProvider;
}
public Startup(IConfiguration configuration, ILoggerFactory loggerFactory)
{
_configuration = configuration;
_authenticationConfig = _configuration.GetSection("Authentication").Get <AuthenticationConfiguration>();
_legacyAuthorizationConfig = _configuration.GetSection("LegacyAuthorization").Get <AuthorizationConfiguration>();
_authorizationConfig = _configuration.GetSection("Authorization").Get <AuthorizationConfiguration>();
_externalLinks = _configuration.GetSection("ExternalLinks").Get <ExternalLinksConfiguration>();
_loggerFactory = loggerFactory;
}
public void TestCreateOk()
{
var config = new AuthorizationConfiguration <ITypeAuthorizer <object> >();
config.AddNamespaceAuthorizer <INamespaceAuthorizer>("1");
config.AddTypeAuthorizer <object, ITypeAuthorizer <object> >();
// ReSharper disable once UnusedVariable
var sink = new AuthorizationManager(config);
}
public RoleLoader(AuthorizationConfiguration authorizationConfiguration, IHostEnvironment hostEnvironment)
{
EnsureArg.IsNotNull(authorizationConfiguration, nameof(authorizationConfiguration));
EnsureArg.IsNotNull(hostEnvironment, nameof(hostEnvironment));
EnsureArg.IsNotNull(hostEnvironment.ContentRootFileProvider, nameof(hostEnvironment.ContentRootFileProvider));
_authorizationConfiguration = authorizationConfiguration;
_hostEnvironment = hostEnvironment;
_fileProvider = hostEnvironment.ContentRootFileProvider;
}
public void Should_Manage_Permission_With_Custom_Properties()
{
var authorizationConfiguration = new AuthorizationConfiguration();
authorizationConfiguration.Providers.Add <MyAuthorizationProviderWithCustomProperties>();
LocalIocManager.IocContainer.Register(
Component.For <IFeatureDependencyContext, FeatureDependencyContext>()
.UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>())),
Component.For <MyAuthorizationProviderWithCustomProperties>().LifestyleTransient(),
Component.For <IUnitOfWorkManager, UnitOfWorkManager>().LifestyleTransient(),
Component.For <ICurrentUnitOfWorkProvider, AsyncLocalCurrentUnitOfWorkProvider>().LifestyleTransient(),
Component.For <IUnitOfWorkDefaultOptions, UnitOfWorkDefaultOptions>().LifestyleTransient(),
Component.For <IMultiTenancyConfig, MultiTenancyConfig>().LifestyleTransient()
);
var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration, LocalIocManager.Resolve <IUnitOfWorkManager>(), LocalIocManager.Resolve <IMultiTenancyConfig>());
permissionManager.Initialize();
permissionManager.GetAllPermissions().Count.ShouldBe(4);
var customPermission = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission");
customPermission.ShouldNotBe(null);
customPermission.Children.Count.ShouldBe(2);
customPermission.Properties.Count.ShouldBe(2);
customPermission["MyProp1"].ShouldBe("Test");
((MyAuthorizationProviderWithCustomProperties.MyTestPropertyClass)customPermission["MyProp2"]).Prop1.ShouldBe("Test");
//its not exist
customPermission["MyProp3"].ShouldBeNull();
customPermission.Children[0]["MyProp1"].ShouldBeNull();
customPermission.Children[1]["MyProp1"].ShouldBe("TestChild");
var customPermission2 = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission2");
customPermission2.ShouldNotBe(null);
customPermission2.Children.Count.ShouldBe(0);
customPermission2.Properties.Count.ShouldBe(0);
customPermission2["MyProp1"].ShouldBeNull();
customPermission2["MyProp1"] = "Test";
var customPermission21 = permissionManager.GetPermissionOrNull("Abp.Zero.MyCustomPermission2");
customPermission2.ShouldBeSameAs(customPermission21);
customPermission21["MyProp1"].ShouldBe("Test");
}
private AuthorizationConfiguration GetOrCreateNamespaceConfiguration(string nmspc)
{
if (_namespaceConfigurations.ContainsKey(nmspc))
{
return (AuthorizationConfiguration) _namespaceConfigurations[nmspc];
}
AuthorizationConfiguration namespaceConfiguration = new AuthorizationConfiguration();
_namespaceConfigurations[nmspc] = namespaceConfiguration;
return namespaceConfiguration;
}
public DicomRoleLoader(AuthorizationConfiguration <DataActions> authorizationConfiguration, IHostEnvironment hostEnvironment)
: base(authorizationConfiguration, hostEnvironment)
{
// Loop through all the enums and pre-load them into a dictionary for mapping between string representation and enum
var enumType = typeof(DataActions);
foreach (var name in Enum.GetNames(enumType))
{
var enumMemberAttribute = ((EnumMemberAttribute[])enumType.GetField(name).GetCustomAttributes(typeof(EnumMemberAttribute), true)).Single();
_dataActionsMap.TryAdd(enumMemberAttribute.Value, Enum.Parse <DataActions>(name));
}
}
protected override void RegisterTypes(IServiceCollection services)
{
base.RegisterTypes(services);
var config = new AuthorizationConfiguration <MyDefaultAuthorizer>();
config.AddNamespaceAuthorizer <MyAppAuthorizer>("MyApp");
config.AddNamespaceAuthorizer <MyCluster1Authorizer>("MyApp.MyCluster1");
config.AddNamespaceAuthorizer <MyBar1Authorizer>("MyApp.MyCluster1.Bar1");
services.AddSingleton <IAuthorizationConfiguration>(config);
services.AddSingleton <IFacetDecorator, AuthorizationManager>();
}
// This method gets called by the runtime. Use this method to add services to the container.
public IServiceProvider ConfigureServices(IServiceCollection services)
{
// Add framework services.
services.AddMvc().AddControllersAsServices();
var nlogConfiguration = Configuration.GetSection("NLog").Get <NLogConfiguration>();
NLogServiceConfiguration.ConfigureNLog(nlogConfiguration);
ConfigurationDtoConfiguration.ConfigureConfigurationDto(services, Configuration);
var connectionString = Configuration.GetConnectionString("eSuiteConnection");
DbContextOptionsConfiguration.ConfigureDbContextOptions(services, connectionString);
var corsConfiguration = Configuration.GetSection("Cors").Get <CorsConfiguration>();
CorsServiceConfiguration.ConfigureCorsService(services, corsConfiguration);
var jwtConfiguration = Configuration.GetSection("Jwt").Get <JwtConfiguration>();
JwtServiceConfiguration.ConfigureJwtService(services, jwtConfiguration);
var swaggerConfiguration = Configuration.GetSection("Swagger").Get <SwaggerConfiguration>();
SwaggerServiceConfiguration.ConfigureSwaggerService(services, swaggerConfiguration);
var rawRabbitConfiguration = Configuration.GetSection("RawRabbit").Get <RawRabbitConfiguration>();
RawRabbitServiceConfiguration.ConfigureRawRabbit(services, rawRabbitConfiguration);
AuthorizationConfiguration.ConfigureAuthorization(services);
AutoMapperConfiguration.ConfigureAutoMapper();
// Create the container builder.
var builder = new ContainerBuilder();
builder.Populate(services);
/* Register here all modules, type*/
builder.RegisterModule <EFModule <eSuiteDbContext> >();
var autofacConfiguration = Configuration.GetSection("Autofac").Get <AutofacConfiguration>();
builder.RegisterModule(new StandardModule {
AssemblyNames = autofacConfiguration.CandidateAssemblies
});
ApplicationContainer = builder.Build();
// Create the IServiceProvider based on the container.
return(new AutofacServiceProvider(ApplicationContainer));
}
/// <summary>
/// Initializes a new instance of the <see cref="BasicAuthenticationHandler"/> class.
/// </summary>
/// <param name="options">Authentication scheme options</param>
/// <param name="loggerFactory">Logger factory</param>
/// <param name="encoder">URL encoder</param>
/// <param name="clock">System clock</param>
/// <param name="configuration">App configuration</param>
public BasicAuthenticationHandler(
IOptionsMonitor <AuthenticationSchemeOptions> options,
ILoggerFactory loggerFactory,
UrlEncoder encoder,
ISystemClock clock,
IConfiguration configuration)
: base(options, loggerFactory, encoder, clock)
{
// Validate input arugments
configuration = Ensure.IsNotNull(() => configuration);
// Build configuration
this.authorizationConfiguration = new AuthorizationConfiguration(configuration);
}
private void AddPermission(AuthorizationConfiguration configuration, string principal, Permission permission)
{
if (permission == Permission.Administer)
{
configuration.Administrators.Add(principal);
}
else if (permission == Permission.Edit)
{
configuration.Editors.Add(principal);
}
else if (permission == Permission.Read)
{
configuration.Readers.Add(principal);
}
}
public void AuthorizationConfigurationValidationFailTest()
{
var config = new AuthorizationConfiguration
{
PolicyName = "PolicyName",
ApiName = "ApiName",
ApiSecret = "ApiSecret",
IssuerUrl = "IssuerUrl",
Origins = new[] { "" }
};
var rule = new AuthorizationConfigurationValidation();
rule.Validate(null, config).Failed.Should().BeTrue();
}
public void AuthorizationConfigurationValidationIntrospectionDiscoveryPolicyNullFailTest()
{
var config = new AuthorizationConfiguration
{
PolicyName = "policyName",
ApiName = "apiName",
ApiSecret = "apiSecret",
IssuerUrl = "issuerUrl",
Origins = new[] { "http://localhost" },
IntrospectionDiscoveryPolicy = null
};
var rule = new AuthorizationConfigurationValidation();
rule.Validate(null, config).Failed.Should().BeTrue();
}
private static async Task <AuthorizationConfiguration <DataActions> > LoadAsync(object roles)
{
IFileProvider fileProvider = Substitute.For <IFileProvider>();
var hostEnvironment = Substitute.For <IHostEnvironment>();
hostEnvironment.ContentRootFileProvider
.GetFileInfo("roles.json")
.CreateReadStream()
.Returns(new MemoryStream(Encoding.UTF8.GetBytes(JObject.FromObject(roles).ToString())));
var authConfig = new AuthorizationConfiguration <DataActions>();
var roleLoader = new SamplesRoleLoader(authConfig, hostEnvironment);
await roleLoader.StartAsync(CancellationToken.None);
return(authConfig);
}
private static AuthorizationConfiguration Load(object roles)
{
IFileProvider fileProvider = Substitute.For <IFileProvider>();
var hostEnvironment = Substitute.For <IHostEnvironment>();
hostEnvironment.ContentRootFileProvider
.GetFileInfo("roles.json")
.CreateReadStream()
.Returns(new MemoryStream(Encoding.UTF8.GetBytes(JObject.FromObject(roles).ToString())));
var authConfig = new AuthorizationConfiguration();
var roleLoader = new RoleLoader(authConfig, hostEnvironment);
roleLoader.Start();
return(authConfig);
}
protected void RegisterAuthorizerTypes <TDefault>(IUnityContainer container)
where TDefault : ITypeAuthorizer <object>
{
base.RegisterTypes(container);
var config = new AuthorizationConfiguration <TDefault>();
container.RegisterInstance <IAuthorizationConfiguration>(config, (new ContainerControlledLifetimeManager()));
container.RegisterType <IFacetDecorator, AuthorizationManager>("AuthorizationManager", new ContainerControlledLifetimeManager());
var reflectorConfig = new ReflectorConfiguration(
new[] { typeof(TDefault) },
new[] { typeof(SimpleRepository <Foo>) },
new[] { typeof(Foo).Namespace });
container.RegisterInstance <IReflectorConfiguration>(reflectorConfig, new ContainerControlledLifetimeManager());
}
private static AuthorizationConfiguration GetAuthorizationConfigurationForRoles(List <ResourceAction> resourceActions, params string[] roleNames)
{
var permissions = new List <ResourcePermission>
{
new ResourcePermission(resourceActions),
};
var authConfiguration = new AuthorizationConfiguration();
foreach (var name in roleNames)
{
authConfiguration.Roles.Add(GetRole(name, permissions));
}
return(authConfiguration);
}
/// <summary>
/// Demand method is called at runtime when a caller is trying to access
/// resource that is marked with SAFSecurityAttribute.
/// </summary>
public void Demand()
{
//obtain the information about the denied and allowed roles
//information from configuraiton file
ConfigurationManager cm = (ConfigurationManager)ConfigurationSettings.GetConfig("Framework");
AuthorizationConfiguration ac = cm.AuthorizationConfig;
string[] allowedRoles = ac.AllowedRoles(Name);
string[] deniedRoles = ac.DeniedRoles(Name);
//create the IAuthorizationProvider object which is responsible
//for verify if the call is permitted or denied based on the
//allowed role and denied role information.
IAuthorizationProvider ap = (IAuthorizationProvider)ac.GetAuthorizationProvider(Name);
ap.Authorize(allowedRoles, deniedRoles);
}
public void AuthorizationConfigurationValidationManyFailTest(
string policyName,
string apiName,
string apiSecret,
string issuerUrl)
{
var config = new AuthorizationConfiguration
{
PolicyName = policyName,
ApiName = apiName,
ApiSecret = apiSecret,
IssuerUrl = issuerUrl,
Origins = new[] { "http://localhost" }
};
var rule = new AuthorizationConfigurationValidation();
rule.Validate(null, config).Failed.Should().BeTrue();
}
protected override void RegisterTypes(IUnityContainer container)
{
base.RegisterTypes(container);
var config = new AuthorizationConfiguration <MyDefaultAuthorizer>();
container.RegisterInstance <IAuthorizationConfiguration>(config, (new ContainerControlledLifetimeManager()));
container.RegisterType <IFacetDecorator, AuthorizationManager>("AuthorizationManager", new ContainerControlledLifetimeManager());
var reflectorConfig = new ReflectorConfiguration(
new[] {
typeof(MyDefaultAuthorizer),
},
new[] {
typeof(SimpleRepository <Foo>),
typeof(FooService),
},
new[] { typeof(Foo).Namespace });
container.RegisterInstance <IReflectorConfiguration>(reflectorConfig, new ContainerControlledLifetimeManager());
}
public void Test_PermissionManager()
{
var authorizationConfiguration = new AuthorizationConfiguration();
authorizationConfiguration.Providers.Add <MyAuthorizationProvider1>();
authorizationConfiguration.Providers.Add <MyAuthorizationProvider2>();
LocalIocManager.IocContainer.Register(
Component.For <IFeatureDependencyContext, FeatureDependencyContext>().UsingFactoryMethod(() => new FeatureDependencyContext(LocalIocManager, Substitute.For <IFeatureChecker>())),
Component.For <MyAuthorizationProvider1>().LifestyleTransient(),
Component.For <MyAuthorizationProvider2>().LifestyleTransient(),
Component.For <IUnitOfWorkManager, UnitOfWorkManager>().LifestyleTransient(),
Component.For <ICurrentUnitOfWorkProvider, AsyncLocalCurrentUnitOfWorkProvider>().LifestyleTransient(),
Component.For <IUnitOfWorkDefaultOptions, UnitOfWorkDefaultOptions>().LifestyleTransient(),
Component.For <IMultiTenancyConfig, MultiTenancyConfig>().LifestyleTransient()
);
var permissionManager = new PermissionManager(LocalIocManager, authorizationConfiguration, LocalIocManager.Resolve <IUnitOfWorkManager>(), LocalIocManager.Resolve <IMultiTenancyConfig>());
permissionManager.Initialize();
permissionManager.GetAllPermissions().Count.ShouldBe(5);
var userManagement = permissionManager.GetPermissionOrNull("Abp.Zero.Administration.UserManagement");
userManagement.ShouldNotBe(null);
userManagement.Children.Count.ShouldBe(1);
var changePermissions = permissionManager.GetPermissionOrNull("Abp.Zero.Administration.UserManagement.ChangePermissions");
changePermissions.ShouldNotBe(null);
changePermissions.Parent.ShouldBeSameAs(userManagement);
permissionManager.GetPermissionOrNull("NonExistingPermissionName").ShouldBe(null);
userManagement.RemoveChildPermission(userManagement.Children.FirstOrDefault()?.Name);
userManagement.Children.Count.ShouldBe(0);
permissionManager.RemovePermission("Abp.Zero.Administration");
permissionManager.GetPermissionOrNull("Abp.Zero.Administration").ShouldBe(null);
}
private void SynchronizePermissions()
{
using (var transaction = _uniDbContext.Database.BeginTransaction(IsolationLevel.ReadCommitted))
{
try
{
var permissions = AuthorizationConfiguration.GetPermissions(typeof(Permissions));
var currentPermissions = _uniDbContext.Permissions.ToHashSet();
var newPermissions = permissions
.Where(
x => !currentPermissions.Any(
y => string.Equals(x, y.Name, StringComparison.OrdinalIgnoreCase)
)
).Select(x => new Permission {
Name = x
}).ToArray();
if (newPermissions.Length != 0)
{
_logger.LogInformation($"Found {newPermissions.Length} new permissions.");
_uniDbContext.Permissions.AddRange(newPermissions);
_uniDbContext.SaveChanges();
}
else
{
_logger.LogInformation("No permissions were added. The database is already up to date.");
}
transaction.Commit();
}
catch
{
transaction.Rollback();
throw;
}
}
}
private static bool IsReader(IPrincipal principal, AuthorizationConfiguration configuration)
{
return IsUserOrInRole(principal, configuration.Readers);
}
private static bool IsAdministrator(IPrincipal principal, AuthorizationConfiguration configuration)
{
return IsUserOrInRole(principal, configuration.Administrators);
}
