public override IQueryable <Role> Get(RoleSearchObject search)
{
var query = base.Get(search);
if (!string.IsNullOrWhiteSpace(search.PermissionName))
{
List <string> permissionList = new List <string>();
permissionList.Add(search.PermissionName);
string[] permissionParts = search.PermissionName.Split('.');
StringBuilder previousPermissionPart = new StringBuilder();
for (int i = 0; i < permissionParts.Length - 1; i++)
{
string permissionPart = permissionParts[i];
previousPermissionPart.Append(permissionPart + ".");
string permission = previousPermissionPart.ToString() + "*";
permissionList.Add(permission);
}
//add root permission to list
permissionList.Add("*");
query = query.IncludeFilter(x => x.RolePermissions.Where(y => permissionList.Contains(y.Permission.Name)))
.IncludeFilter(x => x.RolePermissions.Where(y => permissionList.Contains(y.Permission.Name)).Select(y => y.Permission));
}
return(query);
}
protected virtual PermissionCheckResult IsAllowedByRole(PermissionCheckRequest request, string[] roleList)
{
if (request == null || string.IsNullOrWhiteSpace(request.Permission))
{
throw new ApplicationException("Permission must be set");
}
request.Permission = request.Permission.ToLower();
PermissionCheckResult checkResult = new PermissionCheckResult();
List <string> permissionList = new List <string>();
permissionList.Add(request.Permission);
if (!request.IsExactMatchRequired)
{
string[] permissionParts = request.Permission.Split('.');
StringBuilder previousPermissionPart = new StringBuilder();
for (int i = 0; i < permissionParts.Length - 1; i++)
{
string permissionPart = permissionParts[i];
previousPermissionPart.Append(permissionPart + ".");
string permissionTemp = previousPermissionPart.ToString() + "*";
permissionList.Add(permissionTemp);
}
//add root permission to list
permissionList.Add("*");
}
bool isHandled = false;
if (roleList != null && roleList.Length > 0)
{
checkResult.RequestedPermission = request.Permission;
checkResult.PermissionResolveMode = PermissionResolveMode.Role;
RoleSearchObject search = new RoleSearchObject();
foreach (var role in roleList)
{
search.NameList.Add(role);
}
search.PermissionName = request.Permission;
var result = RoleService.Value.GetPage(search);
foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length))
{
var permissionSelect = result.ResultList
.SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList();
//first check is this permission disabled in any role
if (permissionSelect.Any(x => x.IsAllowed == false))
{
checkResult.IsAllowed = false;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
//is this method allowed in any role
else if (permissionSelect.Any(x => x.IsAllowed == true))
{
checkResult.IsAllowed = true;
checkResult.ResolvedByPermission = currentPermission;
isHandled = true;
break;
}
}
}
if (!isHandled && !request.IsDefaultResolveModeDisabled)
{
checkResult = IsAllowedByPermission(request, permissionList);
}
return(checkResult);
}
