public HidroAuthorize(string policy)
{
policy = policy.Trim().Replace(HidroConstants.WHITE_SPACE, string.Empty);
if (string.IsNullOrEmpty(policy) || string.IsNullOrWhiteSpace(policy))
{
throw new Exception("HidroAuthorize.Constructor - No permission given.");
}
var stringPermissions = policy.Split(",");
if (stringPermissions.Length == 0 || stringPermissions.Length != PERM_QTY)
{
throw new Exception("HidroAuthorize.Constructor - Permission tokens error.");
}
RequiredPermissions = new HidroPermissionVM {
AllowCreate = stringPermissions[0] == "1",
AllowView = stringPermissions[1] == "1",
AllowEditOwn = stringPermissions[2] == "1",
AllowEditOthers = stringPermissions[3] == "1",
AllowDeleteOwn = stringPermissions[4] == "1",
AllowDeleteOthers = stringPermissions[5] == "1",
AllowReviveOwn = stringPermissions[6] == "1",
AllowReviveOthers = stringPermissions[7] == "1"
};
}
public Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
var sessionPermissions = context.HttpContext.Session.GetString(nameof(HidroAuthorize));
if (sessionPermissions == null)
{
context.Result = new RedirectToActionResult("LogOutInternal", "Authentication", null);
return(Task.CompletedTask);
}
UserPermissions = JsonConvert.DeserializeObject <HidroPermissionVM>(sessionPermissions);
if (RequiredPermissions.AllowCreate && UserPermissions.AllowCreate == RequiredPermissions.AllowCreate)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowView && UserPermissions.AllowView == RequiredPermissions.AllowView)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowEditOwn && UserPermissions.AllowEditOwn == RequiredPermissions.AllowEditOwn)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowEditOthers && UserPermissions.AllowEditOthers == RequiredPermissions.AllowEditOthers)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowDeleteOwn && UserPermissions.AllowDeleteOwn == RequiredPermissions.AllowDeleteOwn)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowDeleteOthers && UserPermissions.AllowDeleteOthers == RequiredPermissions.AllowDeleteOthers)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowReviveOwn && UserPermissions.AllowReviveOwn == RequiredPermissions.AllowReviveOwn)
{
return(Task.CompletedTask);
}
if (RequiredPermissions.AllowReviveOthers && UserPermissions.AllowReviveOthers == RequiredPermissions.AllowReviveOthers)
{
return(Task.CompletedTask);
}
context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden);
return(Task.CompletedTask);
}
public async Task <HidroPermissionVM> ComputeAuthorizationFor(int hidrogenianId)
{
_logger.LogInformation("AuthenticationService.ComputeAuthorizationFor - Service starts.");
var roleClaim = await _dbContext.RoleClaimer.FirstOrDefaultAsync(rc => rc.HidrogenianId == hidrogenianId);
HidroPermissionVM permissions = roleClaim;
if (roleClaim.AllowTemporarily == null)
{
return(permissions);
}
var temporaryPermissions = JsonConvert.DeserializeObject <TemporaryPermissionVM>(roleClaim.AllowTemporarily);
if (temporaryPermissions.EffectUntil < DateTime.UtcNow)
{
return(permissions);
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowCreate)))
{
permissions.AllowCreate = !permissions.AllowCreate;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowView)))
{
permissions.AllowView = !permissions.AllowView;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowEditOwn)))
{
permissions.AllowEditOwn = !permissions.AllowEditOwn;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowEditOthers)))
{
permissions.AllowEditOthers = !permissions.AllowEditOthers;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowDeleteOwn)))
{
permissions.AllowDeleteOwn = !permissions.AllowDeleteOwn;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowDeleteOthers)))
{
permissions.AllowDeleteOthers = !permissions.AllowDeleteOthers;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowReviveOwn)))
{
permissions.AllowReviveOwn = !permissions.AllowReviveOwn;
}
if (temporaryPermissions.OverriddenPermissions.Contains(nameof(HidroPermissionVM.AllowReviveOthers)))
{
permissions.AllowReviveOthers = !permissions.AllowReviveOthers;
}
return(permissions);
}
