public static bool?HasPermission(this IUtilizer utilizer, Rbac rbac) { bool isPermittedFilter(string permission) { if (Ubac.TryParse(permission, out var userUbac)) { bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase); bool isActionPermitted = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase); bool isObjectPermitted = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object); bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted; if (isPermitted) { return(true); } } return(false); } var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {}; var matchedForbiddens = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {}; var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray(); var forbiddens = matchedForbiddens as string[] ?? matchedForbiddens.ToArray(); if (!permissions.Any() && !forbiddens.Any()) { return(null); } return(!forbiddens.Any() && permissions.Any()); }
public static bool HasOwnUpdatePermission(this Role role, Rbac rbac, IUtilizer utilizer) { if (rbac.Action.Slug != Rbac.GetSegment(Rbac.CrudActions.Update).Slug) { return(false); } if (rbac.Resource == "users" && utilizer.UtilizerType == Utilizer.UtilizerType.User) { if (rbac.Object == utilizer.Id) { return(true); } } if (rbac.Resource == "applications" && utilizer.UtilizerType == Utilizer.UtilizerType.Application) { if (rbac.Object == utilizer.Id) { return(true); } } return(false); }
private static bool CheckPermission(Role role, Rbac rbac, IUtilizer utilizer = null) { var hasUbacPermission = utilizer?.HasPermission(rbac); if (hasUbacPermission != null) { return(hasUbacPermission.Value); } if (role.HasPermission(rbac)) { return(true); } else if (utilizer != null && role.HasOwnUpdatePermission(rbac, utilizer)) { return(true); } else { return(false); } }
/// <summary> /// Returns whether the role of utilizer has the permission specified in the given rbac expression. Also if the rbac action is 'update' and the rcab object is equal to the utilizer id (ie the utilizer is the user doing the action) accepted to be permitted. /// </summary> /// <param name="rbac"></param> /// <param name="utilizer"></param> /// <returns></returns> public bool HasPermission(IUtilizer utilizer, string rbac) { return(this.CheckPermission(utilizer.Role, utilizer.MembershipId, Rbac.Parse(rbac), utilizer)); }
/// <summary> /// Returns whether the role of utilizer has the permission specified in the given rbac expression. Also if the rbac action is 'update' and the rcab object is equal to the utilizer id (ie the utilizer is the user doing the action) accepted to be permitted. /// </summary> /// <param name="rbac"></param> /// <param name="utilizer"></param> /// <returns></returns> public bool HasPermission(IUtilizer utilizer, Rbac rbac) { return(this.CheckPermission(utilizer.Role, utilizer.MembershipId, rbac, utilizer)); }
private bool CheckPermission(string roleName, string membershipId, Rbac rbac, IUtilizer utilizer = null) { var hasUbacPermission = utilizer?.HasPermission(rbac); if (hasUbacPermission != null) { return(hasUbacPermission.Value); } var role = this.roleService.GetByName(roleName, membershipId); if (role != null) { return(CheckPermission(role, rbac, utilizer)); } else { throw Core.Exceptions.ErtisAuthException.RoleNotFound(roleName, true); } }
public UtilitySelector(IScheduler s, IUtilizer u) : base(s) { Utilizer = u; }