public CommandPermissionAuthorizer(ICommandPermissionCache commandPermissionCache,
IPermissionAuthorizationMatcher permissionAuthorizationMatcher,
IUserContext userContext)
{
this.commandPermissionCache = commandPermissionCache;
this.permissionAuthorizationMatcher = permissionAuthorizationMatcher;
this.userContext = userContext;
}
public UserPermissionAuthorizer(IUserContext userContext,
IPermissionAuthorizationMatcher permissionAuthorizationMatcher,
IUserPermissionResolver userPermissionResolver)
{
this.userContext = userContext;
this.permissionAuthorizationMatcher = permissionAuthorizationMatcher;
this.userPermissionResolver = userPermissionResolver;
}
public CommandPermissionAuthorizerTests()
{
commandPermissionCache = Substitute.For <ICommandPermissionCache>();
permissionAuthorizationMatcher = Substitute.For <IPermissionAuthorizationMatcher>();
userContext = new FakeUserContext();
sut = new CommandPermissionAuthorizer(commandPermissionCache,
permissionAuthorizationMatcher, userContext);
}
public UserPermissionAuthorizerTests()
{
userContext = new FakeUserContext();
permissionAuthorizationMatcher = Substitute.For <IPermissionAuthorizationMatcher>();
userPermissionResolver = Substitute.For <IUserPermissionResolver>();
permissionType1Id = Guid.Parse("0F292EFD-792E-48EC-93DF-CD99EEDB5885");
sut = new UserPermissionAuthorizer(userContext, permissionAuthorizationMatcher,
userPermissionResolver);
}
public UserPermissionAuthorizerTests()
{
userContext = new FakeUserContext();
permissionAuthorizationMatcher = Substitute.For <IPermissionAuthorizationMatcher>();
userPermissionResolver = Substitute.For <IUserPermissionResolver>();
permissionTypeRegistry = Substitute.For <IPermissionTypeRegistry>();
permissionTypeRegistry.GetPermissionTypeById(Guid.Parse("0F292EFD-792E-48EC-93DF-CD99EEDB5885"))
.Returns(new PermissionType(Guid.Parse("0F292EFD-792E-48EC-93DF-CD99EEDB5885"), "permission"));
sut = new UserPermissionAuthorizer(userContext, permissionAuthorizationMatcher,
userPermissionResolver, permissionTypeRegistry);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
IPrincipal user = httpContext.User;
if (user == null || user.Identity == null || !user.Identity.IsAuthenticated)
{
return(false); //TODO: allow anonymous permissions
}
bool isAuthorized = base.AuthorizeCore(httpContext);
if (!isAuthorized)
{
return(false);
}
if (user.Identity is ClaimsIdentity claimsIdentity)
{
IKernel kernel = RevoHttpApplication.Current.Kernel;
IPermissionTypeRegistry permissionCache = kernel.Get <IPermissionTypeRegistry>();
if (requiredPermissions == null)
{
requiredPermissions = permissionIds.Select(x => new Permission(
permissionCache.GetPermissionTypeById(x), null, null)).ToArray();
}
IPermissionAuthorizationMatcher authorizationMatcher = kernel.Get <IPermissionAuthorizationMatcher>();
return(authorizationMatcher.CheckAuthorization(claimsIdentity, requiredPermissions));
}
else
{
// only claim-based identities are supported for permission authorization
return(false);
}
}
