public bool IsAllowed(string permission) { var request = new Model.Requests.PermissionCheckRequest(); request.Permission = permission; return(IsAllowed(request).IsAllowed); }
public bool IsAllowed(A.Core.Model.PermissionCheckRequest permission) { var request = new Model.Requests.PermissionCheckRequest(); request.Permission = permission.Permission; request.OperationType = permission.OperationType; return(IsAllowed(request).IsAllowed); }
public virtual PermissionCheckResult IsAllowed(Model.Requests.PermissionCheckRequest request) { PermissionCheckResult isAllowed = null; string[] roleList = null; object roleListTmp; if (ActionContext.Value.Data.TryGetValue("RoleList", out roleListTmp)) { roleList = (string[])roleListTmp; } isAllowed = IsAllowedByRole(request, roleList); isAllowed.IsAuthorized = ActionContext.Value.Data.ContainsKey("UserId"); return(isAllowed); }
protected virtual PermissionCheckResult IsAllowedByPermission(Model.Requests.PermissionCheckRequest request, List <string> permissionList) { PermissionCheckResult checkResult = new PermissionCheckResult(); checkResult.RequestedPermission = request.Permission; checkResult.PermissionResolveMode = PermissionResolveMode.Default; PermissionSearchObject permissionSearch = new PermissionSearchObject(); permissionSearch.NameWithHierarchy = request.Permission; permissionSearch.RetrieveAll = true; var permissionResult = PermissionService.Value.GetPage(permissionSearch); foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length)) { var permissionSelect = permissionResult.ResultList.Where(y => !string.IsNullOrWhiteSpace(y.OperationType) && !string.IsNullOrWhiteSpace(request.OperationType) && y.OperationType.Equals(request.OperationType, StringComparison.InvariantCultureIgnoreCase) && y.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase)).ToList(); if (permissionSelect.Count == 0) { permissionSelect = permissionResult.ResultList.Where(y => y.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase) && string.IsNullOrWhiteSpace(y.OperationType)).ToList(); } //first check is this permission disabled in any role if (permissionSelect.Any(x => x.IsAllowed == false)) { checkResult.IsAllowed = false; checkResult.ResolvedByPermission = currentPermission; break; } //is this method allowed in any role else if (permissionSelect.Any(x => x.IsAllowed == true)) { checkResult.IsAllowed = true; checkResult.ResolvedByPermission = currentPermission; break; } } return(checkResult); }
protected virtual PermissionCheckResult IsAllowedByRole(Model.Requests.PermissionCheckRequest request, string[] roleList) { if (request == null || string.IsNullOrWhiteSpace(request.Permission)) { throw new ApplicationException("Permission must be set"); } request.Permission = request.Permission.ToLower(); PermissionCheckResult checkResult = new PermissionCheckResult(); List <string> permissionList = new List <string>(); permissionList.Add(request.Permission); if (!request.IsExactMatchRequired) { string[] permissionParts = request.Permission.Split('.'); StringBuilder previousPermissionPart = new StringBuilder(); for (int i = 0; i < permissionParts.Length - 1; i++) { string permissionPart = permissionParts[i]; previousPermissionPart.Append(permissionPart + "."); string permissionTemp = previousPermissionPart.ToString() + "*"; permissionList.Add(permissionTemp); } //add root permission to list permissionList.Add("*"); } bool isHandled = false; if (roleList != null && roleList.Length > 0) { checkResult.RequestedPermission = request.Permission; checkResult.PermissionResolveMode = PermissionResolveMode.Role; RoleSearchObject search = new RoleSearchObject(); foreach (var role in roleList) { search.NameList.Add(role); } search.PermissionName = request.Permission; var result = RoleService.Value.GetPage(search); foreach (var currentPermission in permissionList.OrderByDescending(x => x.Length)) { var permissionSelect = result.ResultList .SelectMany(x => x.RolePermissions.Where(y => !string.IsNullOrWhiteSpace(y.Permission.OperationType) && !string.IsNullOrWhiteSpace(request.OperationType) && y.Permission.OperationType.Equals(request.OperationType, StringComparison.InvariantCultureIgnoreCase) && y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList(); if (permissionSelect.Count == 0) { permissionSelect = result.ResultList .SelectMany(x => x.RolePermissions.Where(y => y.Permission.Name.Equals(currentPermission, StringComparison.InvariantCultureIgnoreCase))).ToList(); } //first check is this permission disabled in any role if (permissionSelect.Any(x => x.IsAllowed == false)) { checkResult.IsAllowed = false; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } //is this method allowed in any role else if (permissionSelect.Any(x => x.IsAllowed == true)) { checkResult.IsAllowed = true; checkResult.ResolvedByPermission = currentPermission; isHandled = true; break; } } } if (!isHandled && !request.IsDefaultResolveModeDisabled) { checkResult = IsAllowedByPermission(request, permissionList); } return(checkResult); }