private static Response RequiresAuthorization(NancyContext context, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get, StorePermissions post, StorePermissions delete) { var permissionRequired = StorePermissions.None; switch (context.Request.Method.ToUpperInvariant()) { case "GET": case "HEAD": permissionRequired = get; break; case "POST": permissionRequired = post; break; case "DELETE": permissionRequired = delete; break; } if (permissionRequired == StorePermissions.None) return HttpStatusCode.Unauthorized; var storeName = context.Parameters["storeName"]; if (!permissionsProvider.HasStorePermission(context.CurrentUser, storeName, permissionRequired)) { return HttpStatusCode.Unauthorized; } return null; }
private static Response RequiresAuthorization(NancyContext context, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get, StorePermissions post, StorePermissions delete) { var permissionRequired = StorePermissions.None; switch (context.Request.Method.ToUpperInvariant()) { case "GET": case "HEAD": permissionRequired = get; break; case "POST": permissionRequired = post; break; case "DELETE": permissionRequired = delete; break; } if (permissionRequired == StorePermissions.None) { return(HttpStatusCode.Unauthorized); } var storeName = context.Parameters["storeName"]; if (!permissionsProvider.HasStorePermission(context.CurrentUser, storeName, permissionRequired)) { return(HttpStatusCode.Unauthorized); } return(null); }
private void AssertPermission(StorePermissions permissionRequired) { var entry = Context.ViewBag["BrightstarStorePermissions"]; if (entry.HasValue) { if ((((StorePermissions)entry.Value) & permissionRequired) == permissionRequired) { return; } } throw new UnauthorizedAccessException(); }
private void AssertPermissionRequired(JobRequestObject jobRequest, StorePermissions witheldPermission) { var brightstar = new Mock <IBrightstarService>(); var permissionsService = new Mock <AbstractStorePermissionsProvider>(); permissionsService.Setup(s => s.GetStorePermissions(null, "foo")) .Returns(StorePermissions.All ^ witheldPermission) .Verifiable(); var app = new Browser(new FakeNancyBootstrapper(brightstar.Object, permissionsService.Object)); // Execute var response = app.Post("/foo/jobs", with => { with.Accept(MediaRange.FromString("application/json")); with.JsonBody(jobRequest); }); // Assert Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); permissionsService.Verify(); }
public static bool TryGetStorePermissionsAttributeValue(XmlElement providerElement, string attrName, out StorePermissions storePermissions) { try { storePermissions = GetStorePermissionsAttributeValue(providerElement, attrName); return(true); } catch (ConfigurationErrorsException) { storePermissions = StorePermissions.None; return(false); } }
public static bool TryGetStorePermissionsAttributeValue(XmlElement providerElement, string attrName, out StorePermissions storePermissions) { try { storePermissions = GetStorePermissionsAttributeValue(providerElement, attrName); return true; } catch (ConfigurationErrorsException) { storePermissions = StorePermissions.None; return false; } }
private void AssertPermissionRequired(JobRequestObject jobRequest, StorePermissions witheldPermission) { var brightstar = new Mock<IBrightstarService>(); var permissionsService = new Mock<AbstractStorePermissionsProvider>(); permissionsService.Setup(s => s.GetStorePermissions(null, "foo")) .Returns(StorePermissions.All ^ witheldPermission) .Verifiable(); var app = new Browser(new FakeNancyBootstrapper(brightstar.Object, permissionsService.Object)); // Execute var response = app.Post("/foo/jobs", with => { with.Accept(MediaRange.FromString("application/json")); with.JsonBody(jobRequest); }); // Assert Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized)); permissionsService.Verify(); }
/// <summary> /// Creates a provider with one fixed set of permissions for authenticated users /// and a different fixed set of permissions for anonymous users /// </summary> /// <param name="authenticatedUserPermissions">The fallback store permissions to be /// granted to authenticated users</param> /// <param name="anonymousUserPermissions">The fallback store permissions to be granted /// to anonymous users</param> public FallbackStorePermissionsProvider(StorePermissions authenticatedUserPermissions, StorePermissions anonymousUserPermissions) { _authenticatedUserPermissions = authenticatedUserPermissions; _anonymousUserPermissions = anonymousUserPermissions; }
/// <summary> /// Returns true if the specified user has the required permissions for the specified sotre /// </summary><param name="userIdentity">The user identiy. This will be NULL for the anonymous user</param><param name="storeName">The name of the store on which permissions are requested</param><param name="permissionRequested">The requestd permissions</param><returns>True if the user has all of the requested permissions, false otherwise</returns> public virtual bool HasStorePermission(IUserIdentity userIdentity, string storeName, StorePermissions permissionRequested) { return (GetStorePermissions(userIdentity, storeName) & permissionRequested) == permissionRequested; }
public static void RequiresBrightstarStorePermission(this NancyModule module, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get = StorePermissions.None, StorePermissions post = StorePermissions.None, StorePermissions delete = StorePermissions.None, StorePermissions put = StorePermissions.None) { module.Before.AddItemToEndOfPipeline(ctx => RequiresAuthorization(ctx, permissionsProvider, get, post, delete, put)); }
public static void RequiresBrightstarStorePermission(this NancyModule module, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get = StorePermissions.None, StorePermissions post = StorePermissions.None, StorePermissions delete = StorePermissions.None) { module.Before.AddItemToEndOfPipeline(ctx => RequiresAuthorization(ctx, permissionsProvider, get, post, delete)); }
/// <summary> /// Returns true if the specified user has the required permissions for the specified sotre /// </summary><param name="userIdentity">The user identiy. This will be NULL for the anonymous user</param><param name="storeName">The name of the store on which permissions are requested</param><param name="permissionRequested">The requestd permissions</param><returns>True if the user has all of the requested permissions, false otherwise</returns> public virtual bool HasStorePermission(IUserIdentity userIdentity, string storeName, StorePermissions permissionRequested) { return((GetStorePermissions(userIdentity, storeName) & permissionRequested) == permissionRequested); }