public void Revoke(CRN resource, CPN principal, CSN schema = null)
{
var found = this.storage.FindBy(it =>
it.Principal == principal &&
it.Resources.Any(r =>
{
if (resource.IncludesWildcard)
{
return(resource.IsWildcardMatch(r.Identifier));
}
return(r.Identifier == resource);
}));
if (schema != default(CSN))
{
found = found.Where(f => f.Resources.Any(r => r.Schema == schema));
}
var keys = found.Select(f => f.GetHash());
foreach (var k in keys)
{
this.storage.Remove(k);
}
}
private IEnumerable <Resource> Find(CRN resource, IEnumerable <Resource> resources)
{
if (resource.IncludesWildcard)
{
return(resources.Where(r => resource.IsWildcardMatch(r.Identifier)));
}
return(resources.Where(r => r.Identifier == resource));
}
public static bool ValidatePermissions <T>(
this T controller,
CRN resource,
ResourceAction action,
CSN schema)
where T : ControllerBase
{
var principal = controller.User;
// parse out resources
var resourceClaims = principal.Claims.Where(c => c.Type.StartsWith("resource"));
var resourcesAllowed = resourceClaims.Select(c =>
{
var base64 = c.Value;
var json = base64.FromBase64Encoded();
return(JsonConvert.DeserializeObject <PermissionTicketResource>(json));
});
// find resources matching schema
var forSchema = resourcesAllowed.Where(r => r.Schema == schema).ToList();
if (!forSchema.Any())
{
return(false);
}
// find resources matching either wildcard or direct match
var matching = forSchema.Where(r =>
{
if (resource.IncludesWildcard)
{
return(resource.IsWildcardMatch(r.Identifier));
}
return(resource == r.Identifier);
}).ToList();
if (!matching.Any())
{
return(false);
}
// find resources matching required action
var withAction = matching.Where(r => r.Actions.Contains(action));
return(withAction.Any());
}
