protected virtual PermissionCheckResult IsAllowedByPermission(PermissionCheckRequest request, List <string> permissionList) { PermissionCheckResult checkResult = new PermissionCheckResult(); checkResult.RequestedPermission = request.Permission; checkResult.PermissionResolveMode = PermissionResolveMode.Default; PermissionSearchObject permissionSearch = new PermissionSearchObject(); permissionSearch.NameWithHierarchy = request.Permission; permissionSearch.RetrieveAll = true; var permissionResult = PermissionService.Value.GetPage(permissionSearch); foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length)) { var permissionSelect = permissionResult.ResultList.Where(y => y.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase)).ToList(); //first check is this permission disabled in any role if (permissionSelect.Any(x => x.IsAllowed == false)) { checkResult.IsAllowed = false; checkResult.ResolvedByPermission = currentPermission; break; } //is this method allowed in any role else if (permissionSelect.Any(x => x.IsAllowed == true)) { checkResult.IsAllowed = true; checkResult.ResolvedByPermission = currentPermission; break; } } return(checkResult); }
public virtual PermissionCheckResult IsAllowed(PermissionCheckRequest request) { PermissionCheckResult isAllowed = null; string[] roleList = (string[])ActionContext.Value.Data["RoleList"]; isAllowed = IsAllowedByRole(request, roleList); return(isAllowed); }
public bool IsAllowed(string permission) { PermissionCheckRequest request = new PermissionCheckRequest(); request.Permission = permission; return(IsAllowed(request).IsAllowed); }
private static async void CheckPermission(string userAlias, string action, string resourceType, Guid resourceId) { var client = new UserService.UserServiceClient(channel); var request = new PermissionCheckRequest() { UserName = userAlias, Action = action, ResourceType = resourceType, ResourceId = resourceId }; var response = await client.HasPermissionAsync(request); var result = response.Payload.Deserialize(); logger.LogInformation($"Permission check for user '{userAlias}' request '{action}' on resource '{resourceType}':'{resourceId}' is: '{result.HasPermission}'"); }
public virtual PermissionCheckResult IsAllowed(PermissionCheckRequest request) { PermissionCheckResult isAllowed = null; string[] roleList = null; object roleListTmp; if (ActionContext.Value.Data.TryGetValue("RoleList", out roleListTmp)) { ; } { roleList = (string[])roleListTmp; } isAllowed = IsAllowedByRole(request, roleList); isAllowed.IsAuthorized = ActionContext.Value.Data.ContainsKey("UserId"); return(isAllowed); }
public void ThrowExceptionIfNotAllowed(PermissionCheckRequest permission) { }
public bool IsAllowed(PermissionCheckRequest permission) { return(true); }
protected virtual PermissionCheckResult IsAllowedByRole(PermissionCheckRequest request, string[] roleList) { if (request == null || string.IsNullOrWhiteSpace(request.Permission)) { throw new ApplicationException("Permission must be set"); } request.Permission = request.Permission.ToLower(); PermissionCheckResult checkResult = new PermissionCheckResult(); List <string> permissionList = new List <string>(); permissionList.Add(request.Permission); if (!request.IsExactMatchRequired) { string[] permissionParts = request.Permission.Split('.'); StringBuilder previousPermissionPart = new StringBuilder(); for (int i = 0; i < permissionParts.Length - 1; i++) { string permissionPart = permissionParts[i]; previousPermissionPart.Append(permissionPart + "."); string permissionTemp = previousPermissionPart.ToString() + "*"; permissionList.Add(permissionTemp); } //add root permission to list permissionList.Add("*"); } bool isHandled = false; if (roleList != null && roleList.Length > 0) { checkResult.RequestedPermission = request.Permission; checkResult.PermissionResolveMode = PermissionResolveMode.Role; RoleSearchObject search = new RoleSearchObject(); foreach (var role in roleList) { search.NameList.Add(role); } search.PermissionName = request.Permission; var result = RoleService.Value.GetPage(search); foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length)) { var permissionSelect = result.ResultList .SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList(); //first check is this permission disabled in any role if (permissionSelect.Any(x => x.IsAllowed == false)) { checkResult.IsAllowed = false; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } //is this method allowed in any role else if (permissionSelect.Any(x => x.IsAllowed == true)) { checkResult.IsAllowed = true; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } } } if (!isHandled && !request.IsDefaultResolveModeDisabled) { checkResult = IsAllowedByPermission(request, permissionList); } return(checkResult); }