public bool HasAnyPermissions(IAuthSession session)
{
return(this.RequiredPermissions
.Any(requiredPermission => session != null &&
session.UserAuthId != null &&
session.HasPermission(requiredPermission)));
}
public bool HasAnyPermissions(IAuthSession session)
{
return this.RequiredPermissions
.Any(requiredPermission => session != null
&& session.UserAuthId != null
&& session.HasPermission(requiredPermission));
}
/// <summary>
/// Adds a request filter which checks if the required permission is given
/// </summary>
/// <param name="appHost"></param>
public static void Init(AppHostBase appHost)
{
appHost.RequestFilters.Add((req, res, dto) => {
string sessionId = req.GetSessionId();
using (var client = appHost.GetCacheClient())
{
IAuthSession session = client.GetSession(sessionId);
ApplyTo httpMethod = req.HttpMethodAsApplyTo();
var attributes = (RequiredPermissionAttribute[])dto.GetType().GetCustomAttributes(typeof(RequiredPermissionAttribute), true);
foreach (var attribute in attributes)
{
if (attribute.ApplyTo.Has(httpMethod))
{
foreach (string requiredPermission in attribute.RequiredPermissions)
{
if (!session.HasPermission(requiredPermission))
{
res.StatusCode = (int)HttpStatusCode.Unauthorized;
res.StatusDescription = "Invalid Permissions";
res.Close();
return;
}
}
}
}
}
});
}
public bool HasAllPermissions(IAuthSession session, IAuthRepository authRepo)
{
if (session == null)
return false;
return this.RequiredPermissions.All(x => session.HasPermission(x, authRepo));
}
public bool HasAllPermissions(IAuthSession session, IAuthRepository authRepo)
{
if (session == null)
{
return(false);
}
return(this.RequiredPermissions.All(x => session.HasPermission(x, authRepo)));
}
private static bool SessionHasAllPermissions(IRequest req, IAuthSession session, IAuthRepository authRepo, ICollection <string> requiredPermissions)
{
if (session.HasRole(RoleNames.Admin, authRepo))
{
return(true);
}
if (requiredPermissions.All(x => session.HasPermission(x, authRepo)))
{
return(true);
}
session.UpdateFromUserAuthRepo(req, authRepo);
if (requiredPermissions.All(x => session.HasPermission(x, authRepo)))
{
req.SaveSession(session);
return(true);
}
return(false);
}
public bool HasAllPermissions(IAuthSession session)
{
return(this.RequiredPermissions
.All(requiredPermission => session != null &&
session.HasPermission(requiredPermission)));
}
public virtual bool HasAnyPermissions(IAuthSession session, IAuthRepository authRepo)
{
return(session != null && this.RequiredPermissions
.Any(requiredPermission =>
session.HasPermission(requiredPermission, authRepo)));
}
public bool IsAuthorized(Operation operation, IRequest req, IAuthSession session)
{
if (HostContext.HasValidAuthSecret(req))
{
return(true);
}
if (operation.RequiresAuthentication && !session.IsAuthenticated)
{
return(false);
}
var authRepo = HostContext.AppHost.GetAuthRepository(req);
using (authRepo as IDisposable)
{
if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(x => session.HasRole(x, authRepo)))
{
return(false);
}
if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(x => session.HasPermission(x, authRepo)))
{
return(false);
}
if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(x => session.HasRole(x, authRepo)))
{
return(false);
}
if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(x => session.HasPermission(x, authRepo)))
{
return(false);
}
return(true);
}
}
public bool IsAuthorized(Operation operation, IRequest req, IAuthSession session)
{
if (HostContext.HasValidAuthSecret(req))
return true;
if (operation.RequiresAuthentication && !session.IsAuthenticated)
return false;
var authRepo = HostContext.AppHost.GetAuthRepository(req);
using (authRepo as IDisposable)
{
if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(x => session.HasRole(x, authRepo)))
return false;
if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(x => session.HasPermission(x, authRepo)))
return false;
if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(x => session.HasRole(x, authRepo)))
return false;
if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(x => session.HasPermission(x, authRepo)))
return false;
return true;
}
}
public bool HasAllPermissions(IAuthSession session)
{
return this.RequiredPermissions
.All(requiredPermission => session != null
&& session.HasPermission(requiredPermission));
}
public virtual bool HasAnyPermissions(IAuthSession session, IAuthRepository authRepo)
{
return this.RequiredPermissions
.Any(requiredPermission => session != null
&& session.HasPermission(requiredPermission, authRepo));
}
