public void GivenIHaveAProviderWithRequiredPermissions() { var permissions = new Permissions(requiredRights: TestPermissions.BasicRights); var permissionsProvider = new PermissionsProvider(permissions); this.testContext.Access = new TestTypeAccessProvider(permissionsProvider, new[] { typeof(int) }); }
public static void Configure() { var permissionProvider = new PermissionsProvider(MyPermissionsProvider.GetPermissions); //Initialization of Permission based Authorization library PermissionAuthorizationService.Initialize(permissionProvider); //Add authorization rules //Rules should be added in the order they will be processed. If a rule fails, then the user is not authorized for the resource //1. Do not authorize when the logged in user does not have specified permission PermissionAuthorizationService.AddRule(new AuthorizeWhenUserHasPermission()); //2. If user has VIEW OWN STUDENT PROFILE permission, and requesting to view a student resource. PermissionAuthorizationService.AddRule(new AuthorizationRuleFunctionForPermission(AppPermissions.VIEW_OWN_STUDENT_PROFILE, ResourceTypes.STUDENT) { RuleFunction = (userId, resourceId) => { InMemoryRepository repository = new InMemoryRepository(); var resource = repository.GetAll <Student>().Where(s => s.Id.ToString() == resourceId).FirstOrDefault(); return(resource != null && resource.User.Username == userId); //Logged in user can view only his/her student profile } }); //2. If user has VIEW OWN ADMIN PROFILE permission, and requesting to view an administrator resource. PermissionAuthorizationService.AddRule(new OwnAdminProfileRule(AppPermissions.VIEW_OWN_ADMIN_PROFILE, ResourceTypes.ADMINISTRATOR)); }
public static void Populate() { string user1 = "user1", user2 = "user2", user3 = "user3", admin = "admin"; if (!WebSecurity.UserExists(user1)) { WebSecurity.CreateUserAndAccount(user1, user1); Roles.CreateRole(user1); Roles.AddUserToRole(user1, user1); PermissionsProvider.AssignPermissionsToRole(user1, Permissions.Permission1); } if (!WebSecurity.UserExists(user2)) { WebSecurity.CreateUserAndAccount(user2, user2); Roles.CreateRole(user2); Roles.AddUserToRole(user2, user2); PermissionsProvider.AssignPermissionsToRole(user2, Permissions.Permission2); } if (!WebSecurity.UserExists(user3)) { WebSecurity.CreateUserAndAccount(user3, user3); Roles.CreateRole(user3); Roles.AddUserToRole(user3, user3); PermissionsProvider.AssignPermissionsToRole(user3, Permissions.Permission3); } if (!WebSecurity.UserExists(admin)) { WebSecurity.CreateUserAndAccount(admin, admin); Roles.CreateRole(admin); Roles.AddUserToRole(admin, admin); PermissionsProvider.AssignPermissionsToRole(admin, Permissions.Permission1, Permissions.Permission2, Permissions.Permission3); } }
private static void InitializePermissionProvider() { var permissionProvider = new PermissionsProvider(); var usersDomain = new UsersDomain(); var permissionList = usersDomain.GetPermissionList(); if (permissionList != null) { permissionProvider.SetPermissionDict(permissionList); } var menuList = usersDomain.GetMenuList(); if (menuList != null) { permissionProvider.SetMenuDict(menuList); } var cache = MemoryCache.Default; cache.AddOrGetExisting("PermissionManager", permissionProvider, new CacheItemPolicy()); }
/// <summary> /// Seed clients /// </summary> /// <typeparam name="TConfigurator"></typeparam> /// <param name="services"></param> /// <param name="configurator"></param>ram> /// <returns></returns> public static async Task SeedAsync <TConfigurator>(IServiceProvider services, TConfigurator configurator) where TConfigurator : DefaultClientsConfigurator { var context = services.GetRequiredService <IClientsContext>(); var configuration = services.GetRequiredService <IConfiguration>(); var permissionsContext = services.GetRequiredService <IPermissionsContext>(); var clientsSection = configuration.GetSection(ClientResources.WebClientsSection) .GetChildren() .Select(x => x.Key) .ToList(); var clientUrls = clientsSection .ToDictionary(sectionClient => sectionClient, sectionClient => GetClientUrl(configuration, sectionClient)); //Seed clients if (!context.Clients.Any()) { var clients = configurator.GetClients(clientUrls).GetSeedClients(); await context.Clients.AddRangeAsync(clients); try { await context.SaveChangesAsync(); } catch (Exception ex) { Debug.WriteLine(ex); } } //Seed Identity resources if (!context.IdentityResources.Any()) { var resources = configurator.GetResources().GetSeedResources(); await context.IdentityResources.AddRangeAsync(resources); await context.PushAsync(); } //Seed api resources if (!context.ApiResources.Any()) { var apiResources = configurator.GetApiResources().GetSeedApiResources(context); context.ApiResources.AddRange(apiResources); await context.PushAsync(); } //Seed permissions if (!permissionsContext.Permissions.Any()) { var clients = context.Clients.ToList(); //Start seed permissions await PermissionsProvider.InvokeAsync(); var baseDirectory = AppContext.BaseDirectory; var entity = JsonParser.ReadObjectDataFromJsonFile <IdentitySeedViewModel>(Path.Combine(baseDirectory, IdentityResources.Configuration.DEFAULT_FILE_PATH)); //Set core permissions for roles var coreClientId = clients.FirstOrDefault(y => y.ClientId.Equals("core"))?.Id; var corePermissions = permissionsContext.Permissions.Where(x => x.ClientId.Equals(coreClientId)); if (corePermissions.Any()) { await permissionsContext.Roles.Where(x => x.ClientId.Equals(coreClientId)) .ForEachAsync(async x => { var configuredPermissions = entity.ApplicationRoles.FirstOrDefault(y => y.Name.Equals(x.Name)); if (configuredPermissions == null) { return; } if (configuredPermissions.Permissions == null || !configuredPermissions.Permissions.Any()) { await permissionsContext.RolePermissions.AddRangeAsync(corePermissions.Select(o => new RolePermission { RoleId = x.Id, PermissionId = o.Id })); } else { await permissionsContext.RolePermissions.AddRangeAsync(configuredPermissions.Permissions.Select( o => { var permission = corePermissions.FirstOrDefault(c => c.PermissionKey.Equals(o)); var rolePermission = new RolePermission { RoleId = x.Id, PermissionId = permission?.Id ?? Guid.Empty }; return(rolePermission); })); } }); await permissionsContext.PushAsync(); } } }