public override IQueryable <Role> Get(RoleSearchObject search) { var query = base.Get(search); if (!string.IsNullOrWhiteSpace(search.PermissionName)) { List <string> permissionList = new List <string>(); permissionList.Add(search.PermissionName); string[] permissionParts = search.PermissionName.Split('.'); StringBuilder previousPermissionPart = new StringBuilder(); for (int i = 0; i < permissionParts.Length - 1; i++) { string permissionPart = permissionParts[i]; previousPermissionPart.Append(permissionPart + "."); string permission = previousPermissionPart.ToString() + "*"; permissionList.Add(permission); } //add root permission to list permissionList.Add("*"); query = query.IncludeFilter(x => x.RolePermissions.Where(y => permissionList.Contains(y.Permission.Name))) .IncludeFilter(x => x.RolePermissions.Where(y => permissionList.Contains(y.Permission.Name)).Select(y => y.Permission)); } return(query); }
protected virtual PermissionCheckResult IsAllowedByRole(PermissionCheckRequest request, string[] roleList) { if (request == null || string.IsNullOrWhiteSpace(request.Permission)) { throw new ApplicationException("Permission must be set"); } request.Permission = request.Permission.ToLower(); PermissionCheckResult checkResult = new PermissionCheckResult(); List <string> permissionList = new List <string>(); permissionList.Add(request.Permission); if (!request.IsExactMatchRequired) { string[] permissionParts = request.Permission.Split('.'); StringBuilder previousPermissionPart = new StringBuilder(); for (int i = 0; i < permissionParts.Length - 1; i++) { string permissionPart = permissionParts[i]; previousPermissionPart.Append(permissionPart + "."); string permissionTemp = previousPermissionPart.ToString() + "*"; permissionList.Add(permissionTemp); } //add root permission to list permissionList.Add("*"); } bool isHandled = false; if (roleList != null && roleList.Length > 0) { checkResult.RequestedPermission = request.Permission; checkResult.PermissionResolveMode = PermissionResolveMode.Role; RoleSearchObject search = new RoleSearchObject(); foreach (var role in roleList) { search.NameList.Add(role); } search.PermissionName = request.Permission; var result = RoleService.Value.GetPage(search); foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length)) { var permissionSelect = result.ResultList .SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList(); //first check is this permission disabled in any role if (permissionSelect.Any(x => x.IsAllowed == false)) { checkResult.IsAllowed = false; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } //is this method allowed in any role else if (permissionSelect.Any(x => x.IsAllowed == true)) { checkResult.IsAllowed = true; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } } } if (!isHandled && !request.IsDefaultResolveModeDisabled) { checkResult = IsAllowedByPermission(request, permissionList); } return(checkResult); }