protected virtual PermissionCheckResult IsAllowedByPermission(PermissionCheckRequest request, List <string> permissionList)
{
PermissionCheckResult checkResult = new PermissionCheckResult();
checkResult.RequestedPermission = request.Permission;
checkResult.PermissionResolveMode = PermissionResolveMode.Default;
PermissionSearchObject permissionSearch = new PermissionSearchObject();
permissionSearch.NameWithHierarchy = request.Permission;
permissionSearch.RetrieveAll = true;
var permissionResult = PermissionService.Value.GetPage(permissionSearch);
foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length))
{
var permissionSelect = permissionResult.ResultList.Where(y => y.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase)).ToList();
//first check is this permission disabled in any role
if (permissionSelect.Any(x => x.IsAllowed == false))
{
checkResult.IsAllowed = false;
checkResult.ResolvedByPermission = currentPermission;
break;
}
//is this method allowed in any role
else if (permissionSelect.Any(x => x.IsAllowed == true))
{
checkResult.IsAllowed = true;
checkResult.ResolvedByPermission = currentPermission;
break;
}
}
return(checkResult);
}
public virtual PermissionCheckResult IsAllowed(PermissionCheckRequest request)
{
PermissionCheckResult isAllowed = null;
string[] roleList = (string[])ActionContext.Value.Data["RoleList"];
isAllowed = IsAllowedByRole(request, roleList);
return(isAllowed);
}
public bool IsAllowed(string permission)
{
PermissionCheckRequest request = new PermissionCheckRequest();
request.Permission = permission;
return(IsAllowed(request).IsAllowed);
}
private static async void CheckPermission(string userAlias, string action, string resourceType, Guid resourceId)
{
var client = new UserService.UserServiceClient(channel);
var request = new PermissionCheckRequest()
{
UserName = userAlias,
Action = action,
ResourceType = resourceType,
ResourceId = resourceId
};
var response = await client.HasPermissionAsync(request);
var result = response.Payload.Deserialize();
logger.LogInformation($"Permission check for user '{userAlias}' request '{action}' on resource '{resourceType}':'{resourceId}' is: '{result.HasPermission}'");
}
public virtual PermissionCheckResult IsAllowed(PermissionCheckRequest request)
{
PermissionCheckResult isAllowed = null;
string[] roleList = null;
object roleListTmp;
if (ActionContext.Value.Data.TryGetValue("RoleList", out roleListTmp))
{
;
}
{
roleList = (string[])roleListTmp;
}
isAllowed = IsAllowedByRole(request, roleList);
isAllowed.IsAuthorized = ActionContext.Value.Data.ContainsKey("UserId");
return(isAllowed);
}
public void ThrowExceptionIfNotAllowed(PermissionCheckRequest permission)
{
}
public bool IsAllowed(PermissionCheckRequest permission)
{
return(true);
}
protected virtual PermissionCheckResult IsAllowedByRole(PermissionCheckRequest request, string[] roleList)
{
if (request == null || string.IsNullOrWhiteSpace(request.Permission))
{
throw new ApplicationException("Permission must be set");
}
request.Permission = request.Permission.ToLower();
PermissionCheckResult checkResult = new PermissionCheckResult();
List <string> permissionList = new List <string>();
permissionList.Add(request.Permission);
if (!request.IsExactMatchRequired)
{
string[] permissionParts = request.Permission.Split('.');
StringBuilder previousPermissionPart = new StringBuilder();
for (int i = 0; i < permissionParts.Length - 1; i++)
{
string permissionPart = permissionParts[i];
previousPermissionPart.Append(permissionPart + ".");
string permissionTemp = previousPermissionPart.ToString() + "*";
permissionList.Add(permissionTemp);
}
//add root permission to list
permissionList.Add("*");
}
bool isHandled = false;
if (roleList != null && roleList.Length > 0)
{
checkResult.RequestedPermission = request.Permission;
checkResult.PermissionResolveMode = PermissionResolveMode.Role;
RoleSearchObject search = new RoleSearchObject();
foreach (var role in roleList)
{
search.NameList.Add(role);
}
search.PermissionName = request.Permission;
var result = RoleService.Value.GetPage(search);
foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length))
{
var permissionSelect = result.ResultList
.SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList();
//first check is this permission disabled in any role
if (permissionSelect.Any(x => x.IsAllowed == false))
{
checkResult.IsAllowed = false;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
//is this method allowed in any role
else if (permissionSelect.Any(x => x.IsAllowed == true))
{
checkResult.IsAllowed = true;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
}
}
if (!isHandled && !request.IsDefaultResolveModeDisabled)
{
checkResult = IsAllowedByPermission(request, permissionList);
}
return(checkResult);
}
