public static bool?HasPermission(this Utilizer utilizer, Rbac rbac)
{
bool isPermittedFilter(string permission)
{
if (Ubac.TryParse(permission, out var userUbac))
{
bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase);
bool isActionPermitted = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase);
bool isObjectPermitted = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object);
bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted;
if (isPermitted)
{
return(true);
}
}
return(false);
}
var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {};
var matchedForbiddens = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {};
var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray();
var forbiddens = matchedForbiddens as string[] ?? matchedForbiddens.ToArray();
if (!permissions.Any() && !forbiddens.Any())
{
return(null);
}
return(!forbiddens.Any() && permissions.Any());
}
protected override bool ValidateModel(Application model, out IEnumerable <string> errors)
{
var errorList = new List <string>();
if (string.IsNullOrEmpty(model.Name))
{
errorList.Add("name is a required field");
}
if (string.IsNullOrEmpty(model.MembershipId))
{
errorList.Add("membership_id is a required field");
}
if (string.IsNullOrEmpty(model.Role))
{
errorList.Add("role is a required field");
}
else
{
var role = this.roleService.GetByName(model.Role, model.MembershipId);
if (role == null)
{
errorList.Add($"Role is invalid. There is no role named '{model.Role}'");
}
}
try
{
var permissionList = new List <Ubac>();
if (model.Permissions != null)
{
foreach (var permission in model.Permissions)
{
var ubac = Ubac.Parse(permission);
permissionList.Add(ubac);
}
}
var forbiddenList = new List <Ubac>();
if (model.Forbidden != null)
{
foreach (var forbidden in model.Forbidden)
{
var ubac = Ubac.Parse(forbidden);
forbiddenList.Add(ubac);
}
}
// Is there any conflict?
foreach (var permissionUbac in permissionList)
{
foreach (var forbiddenUbac in forbiddenList)
{
if (permissionUbac == forbiddenUbac)
{
errorList.Add($"Permitted and forbidden sets are conflicted. The same permission is there in the both set. ('{permissionUbac}')");
}
}
}
}
catch (Exception ex)
{
errorList.Add(ex.Message);
}
errors = errorList;
return(!errors.Any());
}
