public void Initialize(IPermissionSetBuilder permissionSetBuilder)
{
if (permissionSetBuilder == null)
{
throw new ArgumentNullException(nameof(permissionSetBuilder));
}
// A custom IAnonymousRolePermissionConfiguration implementation can optionally be defined
// which overrides the base implementation in the definition.
var anonymousRolePermissionConfiguration = _serviceProvider.GetService <IEnumerable <IAnonymousRolePermissionConfiguration> >();
if (EnumerableHelper.IsNullOrEmpty(anonymousRolePermissionConfiguration))
{
var anonymousRole = new AnonymousRole();
anonymousRole.ConfigurePermissions(permissionSetBuilder);
}
else if (anonymousRolePermissionConfiguration.Count() > 1)
{
throw new InvalidOperationException($"Expected a single implementation of {nameof(IAnonymousRolePermissionConfiguration)} but encountered {anonymousRolePermissionConfiguration.Count()}. Only one implementation is permitted.");
}
else
{
anonymousRolePermissionConfiguration
.First()
.ConfigurePermissions(permissionSetBuilder);
}
}
public DashboardPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public PageDirectoryPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public NonCofoundryUserPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public SettingsPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public PageTemplatePermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public RewriteRulePermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public CurrentUserPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
public ImageAssetPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
}
/// <summary>
/// This method determines which permissions the role is granted when it is first created.
/// To help do this you are provided with a builder that contains all permissions in the
/// system which you can use to either include or exclude permissions based on rules.
/// </summary>
public void ConfigurePermissions(IPermissionSetBuilder builder)
{
// In this example application we don't require any additional permissions for members
// so we can re-use the permission set on the anonymous role which include read access
// to most entities.
builder.ApplyAnonymousRoleConfiguration();
}
private static IPermissionSetBuilder Run(IPermissionSetBuilder builder, Action <CurrentUserPermissionBuilder> configure, bool isIncludeOperation)
{
var usersBuilder = new CurrentUserPermissionBuilder(builder, isIncludeOperation);
configure(usersBuilder);
return(builder);
}
public EntityPermissionBuilder(
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
{
_permissionSetBuilder = permissionSetBuilder;
_isIncludeOperation = isIncludeOperation;
}
/// <summary>
/// Casts the builder instance as <see cref="IExtendablePermissionSetBuilder"/> to
/// provide access to hidden functionality intended for extending a builder with
/// bespoke features. These are advanced feature intended to be used for extension only
/// e.g. internally by Cofoundry, in plugins or custom extensions
/// </summary>
public static IExtendablePermissionSetBuilder AsExtendableBuilder(this IPermissionSetBuilder builder)
{
if (builder is IExtendablePermissionSetBuilder extendableBuilder)
{
return(extendableBuilder);
}
throw new Exception($"An {nameof(IPermissionSetBuilder)} implementation should also implement {nameof(IExtendablePermissionSetBuilder)} to allow internal/plugin extendibility.");
}
public void Initialize(IPermissionSetBuilder permissionSetBuilder)
{
if (permissionSetBuilder == null)
{
throw new ArgumentNullException(nameof(permissionSetBuilder));
}
_roleDefinition.ConfigurePermissions(permissionSetBuilder);
}
private static IPermissionSetBuilder Run(IPermissionSetBuilder builder, Action <RewriteRulePermissionBuilder> configure, bool isIncludeOperation)
{
if (configure == null)
{
configure = c => c.All();
}
var entityBuilder = new RewriteRulePermissionBuilder(builder, isIncludeOperation);
configure(entityBuilder);
return(builder);
}
public CustomEntityPermissionBuilder(
ICustomEntityDefinition customEntityDefinition,
IPermissionSetBuilder permissionSetBuilder,
bool isIncludeOperation
)
: base(permissionSetBuilder, isIncludeOperation)
{
if (customEntityDefinition == null)
{
throw new ArgumentNullException(nameof(customEntityDefinition));
}
_customEntityDefinition = customEntityDefinition;
}
private static IPermissionSetBuilder Run <TCustomEntityDefinition>(IPermissionSetBuilder builder, Action <CustomEntityPermissionBuilder> configure, bool isIncludeOperation)
where TCustomEntityDefinition : ICustomEntityDefinition
{
if (configure == null)
{
configure = c => c.All();
}
var definition = GetDefinition <TCustomEntityDefinition>(builder);
var entityBuilder = new CustomEntityPermissionBuilder(definition, builder, isIncludeOperation);
configure(entityBuilder);
return(builder);
}
public void ConfigurePermissions(IPermissionSetBuilder builder)
{
builder
.ApplyRoleConfiguration <AnonymousRole>()
.IncludePage(c => c.CRUD())
.IncludeCurrentUser(c => c.Update().Delete())
.ExcludeUserInCofoundryAdminUserArea()
.IncludeAllWrite(p => p.ExceptEntityPermissions <PageEntityDefinition>())
.IncludeAllAdminModule(p => p.ExceptEntityPermissions <PageEntityDefinition>())
.Include <CofoundryUserCreatePermission>()
.IncludeAllRead()
.ExcludeUserInAllUserAreas()
;
}
/// <summary>
/// Configure the builder to exclude all permissions for users in the Cofoundry admin user area.
/// </summary>
public static IPermissionSetBuilder ExcludeUserInCofoundryAdminUserArea(this IPermissionSetBuilder builder)
{
Action <CofoundryUserPermissionBuilder> configure = c => c.All();
return(Run(builder, configure, false));
}
/// <summary>
/// Configure the builder to exclude permissions for rewrite rules.
/// </summary>
/// <param name="configure">A configuration action to select which permissions to exclude.</param>
public static IPermissionSetBuilder ExcludeRewriteRule(this IPermissionSetBuilder builder, Action <RewriteRulePermissionBuilder> configure)
{
return(Run(builder, configure, false));
}
/// <summary>
/// Configure the builder to exclude permissions for the currently signed in user account.
/// </summary>
/// <param name="configure">A configuration action to select which permissions to exclude.</param>
public static IPermissionSetBuilder ExcludeCurrentUser(this IPermissionSetBuilder builder, Action <CurrentUserPermissionBuilder> configure)
{
return(Run(builder, configure, false));
}
/// <summary>
/// Configure the builder to include permissions for users in the Cofoundry admin user area.
/// </summary>
/// <param name="configure">A configuration action to select which permissions to include.</param>
public static IPermissionSetBuilder IncludeUserInCofoundryAdminUserArea(this IPermissionSetBuilder builder, Action <CofoundryUserPermissionBuilder> configure)
{
return(Run(builder, configure, true));
}
/// <summary>
/// Configure the builder to exclude all permissions for rewrite rules.
/// </summary>
public static IPermissionSetBuilder ExcludeRewriteRule(this IPermissionSetBuilder builder)
{
return(Run(builder, null, false));
}
/// <summary>
/// Configure the builder to exclude permissions for users in a custom user area (excludes the Cofoundry admin user area).
/// </summary>
/// <param name="configure">A configuration action to select which permissions to exclude.</param>
public static IPermissionSetBuilder ExcludeUserInCustomUserArea(this IPermissionSetBuilder builder, Action <NonCofoundryUserPermissionBuilder> configure)
{
return(Run(builder, configure, false));
}
/// <summary>
/// Configure the builder to include the permissions configured for
/// the <see cref="AnonymousRole"/>, which usually is a good base
/// to start from before adding additional permissions.
/// </summary>
public static IPermissionSetBuilder ApplyAnonymousRoleConfiguration(this IPermissionSetBuilder builder)
{
return(builder.ApplyRoleConfiguration <AnonymousRole>());
}
/// <summary>
/// Configure the builder to include all permissions.
/// </summary>
public static IPermissionSetBuilder IncludeAll(this IPermissionSetBuilder builder)
{
return(builder.Include(p => p));
}
public void ConfigurePermissions(IPermissionSetBuilder builder)
{
builder.IncludeAnonymousRoleDefaults();
}
/// <summary>
/// Configure the builder to include all permissions for the currently signed in user account.
/// </summary>
public static IPermissionSetBuilder IncludeCurrentUser(this IPermissionSetBuilder builder)
{
Action <CurrentUserPermissionBuilder> configure = c => c.All();
return(Run(builder, configure, true));
}
public void ConfigurePermissions(IPermissionSetBuilder builder)
{
builder.IncludeAll();
}
/// <summary>
/// Configure the builder to include all permissions for users in a custom user area (excludes the Cofoundry admin user area).
/// </summary>
public static IPermissionSetBuilder IncludeUserInCustomUserArea(this IPermissionSetBuilder builder)
{
Action <NonCofoundryUserPermissionBuilder> configure = c => c.All();
return(Run(builder, configure, true));
}
