public void Revoke(CRN resource, CPN principal, CSN schema = null) { var found = this.storage.FindBy(it => it.Principal == principal && it.Resources.Any(r => { if (resource.IncludesWildcard) { return(resource.IsWildcardMatch(r.Identifier)); } return(r.Identifier == resource); })); if (schema != default(CSN)) { found = found.Where(f => f.Resources.Any(r => r.Schema == schema)); } var keys = found.Select(f => f.GetHash()); foreach (var k in keys) { this.storage.Remove(k); } }
private IEnumerable <Resource> Find(CRN resource, IEnumerable <Resource> resources) { if (resource.IncludesWildcard) { return(resources.Where(r => resource.IsWildcardMatch(r.Identifier))); } return(resources.Where(r => r.Identifier == resource)); }
public static bool ValidatePermissions <T>( this T controller, CRN resource, ResourceAction action, CSN schema) where T : ControllerBase { var principal = controller.User; // parse out resources var resourceClaims = principal.Claims.Where(c => c.Type.StartsWith("resource")); var resourcesAllowed = resourceClaims.Select(c => { var base64 = c.Value; var json = base64.FromBase64Encoded(); return(JsonConvert.DeserializeObject <PermissionTicketResource>(json)); }); // find resources matching schema var forSchema = resourcesAllowed.Where(r => r.Schema == schema).ToList(); if (!forSchema.Any()) { return(false); } // find resources matching either wildcard or direct match var matching = forSchema.Where(r => { if (resource.IncludesWildcard) { return(resource.IsWildcardMatch(r.Identifier)); } return(resource == r.Identifier); }).ToList(); if (!matching.Any()) { return(false); } // find resources matching required action var withAction = matching.Where(r => r.Actions.Contains(action)); return(withAction.Any()); }