public void GivenIHaveAProviderWithRequiredPermissions()
{
var permissions = new Permissions(requiredRights: TestPermissions.BasicRights);
var permissionsProvider = new PermissionsProvider(permissions);
this.testContext.Access = new TestTypeAccessProvider(permissionsProvider, new[] { typeof(int) });
}
public static void Configure()
{
var permissionProvider = new PermissionsProvider(MyPermissionsProvider.GetPermissions);
//Initialization of Permission based Authorization library
PermissionAuthorizationService.Initialize(permissionProvider);
//Add authorization rules
//Rules should be added in the order they will be processed. If a rule fails, then the user is not authorized for the resource
//1. Do not authorize when the logged in user does not have specified permission
PermissionAuthorizationService.AddRule(new AuthorizeWhenUserHasPermission());
//2. If user has VIEW OWN STUDENT PROFILE permission, and requesting to view a student resource.
PermissionAuthorizationService.AddRule(new AuthorizationRuleFunctionForPermission(AppPermissions.VIEW_OWN_STUDENT_PROFILE, ResourceTypes.STUDENT)
{
RuleFunction = (userId, resourceId) =>
{
InMemoryRepository repository = new InMemoryRepository();
var resource = repository.GetAll <Student>().Where(s => s.Id.ToString() == resourceId).FirstOrDefault();
return(resource != null && resource.User.Username == userId); //Logged in user can view only his/her student profile
}
});
//2. If user has VIEW OWN ADMIN PROFILE permission, and requesting to view an administrator resource.
PermissionAuthorizationService.AddRule(new OwnAdminProfileRule(AppPermissions.VIEW_OWN_ADMIN_PROFILE, ResourceTypes.ADMINISTRATOR));
}
public static void Populate()
{
string user1 = "user1", user2 = "user2", user3 = "user3", admin = "admin";
if (!WebSecurity.UserExists(user1))
{
WebSecurity.CreateUserAndAccount(user1, user1);
Roles.CreateRole(user1);
Roles.AddUserToRole(user1, user1);
PermissionsProvider.AssignPermissionsToRole(user1, Permissions.Permission1);
}
if (!WebSecurity.UserExists(user2))
{
WebSecurity.CreateUserAndAccount(user2, user2);
Roles.CreateRole(user2);
Roles.AddUserToRole(user2, user2);
PermissionsProvider.AssignPermissionsToRole(user2, Permissions.Permission2);
}
if (!WebSecurity.UserExists(user3))
{
WebSecurity.CreateUserAndAccount(user3, user3);
Roles.CreateRole(user3);
Roles.AddUserToRole(user3, user3);
PermissionsProvider.AssignPermissionsToRole(user3, Permissions.Permission3);
}
if (!WebSecurity.UserExists(admin))
{
WebSecurity.CreateUserAndAccount(admin, admin);
Roles.CreateRole(admin);
Roles.AddUserToRole(admin, admin);
PermissionsProvider.AssignPermissionsToRole(admin, Permissions.Permission1, Permissions.Permission2, Permissions.Permission3);
}
}
private static void InitializePermissionProvider()
{
var permissionProvider = new PermissionsProvider();
var usersDomain = new UsersDomain();
var permissionList = usersDomain.GetPermissionList();
if (permissionList != null)
{
permissionProvider.SetPermissionDict(permissionList);
}
var menuList = usersDomain.GetMenuList();
if (menuList != null)
{
permissionProvider.SetMenuDict(menuList);
}
var cache = MemoryCache.Default;
cache.AddOrGetExisting("PermissionManager", permissionProvider, new CacheItemPolicy());
}
/// <summary>
/// Seed clients
/// </summary>
/// <typeparam name="TConfigurator"></typeparam>
/// <param name="services"></param>
/// <param name="configurator"></param>ram>
/// <returns></returns>
public static async Task SeedAsync <TConfigurator>(IServiceProvider services, TConfigurator configurator) where TConfigurator : DefaultClientsConfigurator
{
var context = services.GetRequiredService <IClientsContext>();
var configuration = services.GetRequiredService <IConfiguration>();
var permissionsContext = services.GetRequiredService <IPermissionsContext>();
var clientsSection = configuration.GetSection(ClientResources.WebClientsSection)
.GetChildren()
.Select(x => x.Key)
.ToList();
var clientUrls = clientsSection
.ToDictionary(sectionClient => sectionClient,
sectionClient => GetClientUrl(configuration, sectionClient));
//Seed clients
if (!context.Clients.Any())
{
var clients = configurator.GetClients(clientUrls).GetSeedClients();
await context.Clients.AddRangeAsync(clients);
try
{
await context.SaveChangesAsync();
}
catch (Exception ex)
{
Debug.WriteLine(ex);
}
}
//Seed Identity resources
if (!context.IdentityResources.Any())
{
var resources = configurator.GetResources().GetSeedResources();
await context.IdentityResources.AddRangeAsync(resources);
await context.PushAsync();
}
//Seed api resources
if (!context.ApiResources.Any())
{
var apiResources = configurator.GetApiResources().GetSeedApiResources(context);
context.ApiResources.AddRange(apiResources);
await context.PushAsync();
}
//Seed permissions
if (!permissionsContext.Permissions.Any())
{
var clients = context.Clients.ToList();
//Start seed permissions
await PermissionsProvider.InvokeAsync();
var baseDirectory = AppContext.BaseDirectory;
var entity = JsonParser.ReadObjectDataFromJsonFile <IdentitySeedViewModel>(Path.Combine(baseDirectory, IdentityResources.Configuration.DEFAULT_FILE_PATH));
//Set core permissions for roles
var coreClientId = clients.FirstOrDefault(y => y.ClientId.Equals("core"))?.Id;
var corePermissions = permissionsContext.Permissions.Where(x => x.ClientId.Equals(coreClientId));
if (corePermissions.Any())
{
await permissionsContext.Roles.Where(x => x.ClientId.Equals(coreClientId))
.ForEachAsync(async x =>
{
var configuredPermissions =
entity.ApplicationRoles.FirstOrDefault(y => y.Name.Equals(x.Name));
if (configuredPermissions == null)
{
return;
}
if (configuredPermissions.Permissions == null || !configuredPermissions.Permissions.Any())
{
await permissionsContext.RolePermissions.AddRangeAsync(corePermissions.Select(o =>
new RolePermission
{
RoleId = x.Id,
PermissionId = o.Id
}));
}
else
{
await permissionsContext.RolePermissions.AddRangeAsync(configuredPermissions.Permissions.Select(
o =>
{
var permission = corePermissions.FirstOrDefault(c =>
c.PermissionKey.Equals(o));
var rolePermission = new RolePermission
{
RoleId = x.Id,
PermissionId = permission?.Id ?? Guid.Empty
};
return(rolePermission);
}));
}
});
await permissionsContext.PushAsync();
}
}
}
