public PermissionsService( IMongoDbContext permissionsContext, ILogger <PermissionsService> logger) { _permissionsContext = permissionsContext as PermissionsContext; _logger = logger; }
private ExecutionOptions BuildExecutionOptions(string query, PermissionsContext permissionsContext) { var services = new ServiceCollection(); services.AddAuthorization(); services.AddLogging(); services.AddOptions(); services.AddScoped <IAuthorizationHandler, PermissionContextAuthorizationHandler>(x => { return(new PermissionContextAuthorizationHandler(permissionsContext)); }); services.AddScoped <IValidationRule, RequiresPermissionValidationRule>(); var serviceProvider = services.BuildServiceProvider(); return(new ExecutionOptions { Query = query, Schema = new ValidationSchema(), UserContext = new GraphQLContext { ServiceProvider = serviceProvider, User = new ClaimsPrincipal(new StubIdentity()) }, ValidationRules = DocumentValidator.CoreRules().Concat(serviceProvider.GetServices <IValidationRule>()) }); }
/// <summary> /// Retrieves a specific entity /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="id">Entity unique identifier</param> /// <returns> /// <see cref="TEntityDto"/>s object containing the entity. /// </returns> public TEntityDto Get(PermissionsContext ctx, TIdentity id) { if (!ValidateEntityKey(id)) { throw new EntityValidationException(id); } return(OnGet(ctx, id)); }
public PermissionRepository( IPermissionsService permissionsService, IMongoDbContext permissionsContext, ILogger <PermissionRepository> logger) { _permissionsService = permissionsService; _permissionsContext = permissionsContext as PermissionsContext; _logger = logger; }
private void PromptDefaultPermissions(PermissionsContext permissionsContext, string redirectUrl) { FacebookClient client = permissionsContext.FacebookContext.Client; // Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog. Uri navigationUrl = client.GetLoginUrl(redirectUrl, _config.AppId, permissions: null); permissionsContext.FilterContext.Result = CreateRedirectResult(navigationUrl); }
public static void ConfigureDatabase(this IHost host) { using IServiceScope scope = host.Services.CreateScope(); ILogger logger = scope.ServiceProvider.GetRequiredService <ILogger <PermissionsContext> >(); PermissionsContext permissionsContext = scope.ServiceProvider.GetRequiredService <PermissionsContext>(); CreateDatabase(permissionsContext, logger); SeedDatabase(permissionsContext, logger); }
private static void CreateDatabase(PermissionsContext permissionsContext, ILogger logger) { try { permissionsContext.Database.EnsureCreated(); } catch (Exception ex) { logger.LogCritical(ex, "Unable to create the database"); throw; } }
/// <summary> /// Retrieves list of specific comments associated for the document. /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="args">Document unique identifier</param> /// <returns> /// List of <see cref="CommentDto"/>s object containing the results in the /// sequence specified in the documentId. /// </returns> protected override IEnumerable <CommentDto> OnGetAll(PermissionsContext ctx, params object[] args) { var isGetCommentsByDocumentId = (args != null && args.Length == 1 && args[0] is Guid && !((Guid)args[0]).Equals(Guid.Empty)); if (isGetCommentsByDocumentId) { return(GetCommentsByDocumentId(ctx, (Guid)args[0])); } else { return(null); } }
/// <summary> /// Retrieves list of all specific documents. /// Or retrieves list of specific documents associated for the user. /// </summary> /// <param name="ctx">Contains information of current user</param> /// <returns> /// List of <see cref="DocumentDto"/>s object containing the results. /// </returns> protected override IEnumerable <DocumentDto> OnGetAll(PermissionsContext ctx, params object[] args) { var isGetDocumentsByUserId = (args != null && args.Length == 1 && args[0] is int && (int)args[0] > 0); if (isGetDocumentsByUserId) { return(GetDocumentsByUserId((int)args[0])); } else { return(GetAllDocuments(ctx)); } }
/// <summary> /// Retrieves all users /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="userId">User identifier</param> /// <returns> /// List of <see cref="UserDto"/>s object containing the results. /// </returns> protected override IEnumerable <UserDto> OnGetAll(PermissionsContext ctx, params object[] args) { var isGetUsersByUserLogin = (args != null && args.Length == 1 && args[0] is string && !String.IsNullOrEmpty((string)args[0])); if (isGetUsersByUserLogin) { return(GetUsersByUserLogin((string)args[0])); } else { return(GetAllUsers()); } }
private static void SeedDatabase(PermissionsContext permissionsContext, ILogger logger) { try { if (permissionsContext.Permissions.Any()) { return; // DB has been seeded } //Add any code required to seed the database here } catch (Exception ex) { logger.LogCritical(ex, "Error while seeding the database"); throw; } }
/// <summary> /// Retrieves a specific user /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="userId">User identifier</param> /// <returns> /// <see cref="UserDto"/>s object containing the new comment. /// </returns> protected override UserDto OnGet(PermissionsContext ctx, int id) { UserDto result = null; using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>()) { var user = unitOfWork .UserRepository .GetByID(id); if (user != null && !user.Deleted) { result = user .ToDto(); } } return(result); }
private void PromptMissingPermissions(PermissionsContext permissionsContext, string redirectUrl) { AuthorizationContext filterContext = permissionsContext.FilterContext; HashSet <string> requiredPermissions = permissionsContext.RequiredPermissions; // If there were no errors it means that we will be prompted with a permission prompt. // Therefore, invoke the permission prompt hooks and navigate to the prompt. IEnumerable <string> declinedPermissions = permissionsContext.DeclinedPermissions; IEnumerable <string> skippedPermissions = permissionsContext.SkippedPermissions; FacebookContext facebookContext = permissionsContext.FacebookContext; IEnumerable <string> missingPermissions = permissionsContext.MissingPermissions; // Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check // them against the current pages permissions, this will determine if we should invoke the denied permission hook. bool deniedPermissions = missingPermissions.Where( permission => declinedPermissions.Contains(permission) || skippedPermissions.Contains(permission)).Any(); // The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions. // It is attempted PRIOR to the pre hook to allow app creators to handle situations when a user // skip's or revokes previously prompted permissions. Ex: redirect to a different page. if (deniedPermissions && InvokeDeniedPermissionPromptHook(permissionsContext)) { return; } else if (InvokePrePermissionPromptHook(permissionsContext)) { return; } // We persist the requested permissions in a cookie to know if a permission was denied in any way. // The persisted data allows us to detect skipping of permissions. PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions); FacebookClient client = facebookContext.Client; Uri navigationUrl = client.GetLoginUrl(redirectUrl, _config.AppId, permissions: String.Join(",", requiredPermissions)); filterContext.Result = CreateRedirectResult(navigationUrl); }
/// <summary> /// Retrieves list of all specific documents. /// </summary> /// <param name="ctx">Contains information of current user</param> /// <returns> /// List of <see cref="DocumentDto"/>s object containing the results. /// </returns> protected IEnumerable <DocumentDto> GetAllDocuments(PermissionsContext ctx) { List <DocumentDto> result = null; using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>()) { var documents = unitOfWork .DocumentRepository .GetWithInclude(p => true, "User") .ToList(); if (documents != null && documents.Any()) { var userId = ctx != null ? ctx.CurrentUserId : 0; result = new List <DocumentDto>(); documents.ForEach(d => result.Add(d.ToDto(userId == d.UserId))); } } return(result); }
/// <summary> /// Retrieves list of specific comments associated for the document. /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="documentId">Document unique identifier</param> /// <returns> /// List of <see cref="CommentDto"/>s object containing the results in the /// sequence specified in the documentId. /// </returns> protected IEnumerable <CommentDto> GetCommentsByDocumentId(PermissionsContext ctx, Guid documentId) { List <CommentDto> result = null; using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>()) { var comments = unitOfWork .CommentRepository .GetWithInclude(p => p.DocumentId == documentId, "User") .ToList(); if (comments != null && comments.Any()) { var userId = ctx != null ? ctx.CurrentUserId : 0; result = new List <CommentDto>(); comments.ForEach(c => result.Add(c.ToDto(userId == c.UserId))); } } return(result); }
/// <summary> /// Retrieves a specific document /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="documentId">Document unique identifier</param> /// <returns></returns> protected override DocumentDto OnGet(PermissionsContext ctx, Guid id) { DocumentDto result = null; using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>()) { var document = unitOfWork .DocumentRepository .GetWithInclude(p => p.Id.Equals(id), "User") .FirstOrDefault(); if (document != null) { var userId = ctx != null ? ctx.CurrentUserId : 0; result = document .ToDto(userId == document.UserId); } } return(result); }
/// <summary> /// Retrieves a specific comment /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="id">Commentary unique identifier</param> /// <returns> /// <see cref="CommentDto"/>s object containing the new comment. /// </returns> protected override CommentDto OnGet(PermissionsContext ctx, int id) { CommentDto result = null; using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>()) { var comment = unitOfWork .CommentRepository .GetWithInclude(p => p.Id == id, "User") .FirstOrDefault(); if (comment != null) { var userId = ctx != null ? ctx.CurrentUserId : 0; result = comment .ToDto(userId == comment.UserId); } } return(result); }
public async Task ShouldNotReturnBlogsWithoutViewBlogContentPermission() { var permissionContext = new PermissionsContext { UsePermissionsContext = true, AuthorizedPermissions = new[] { GraphQLApi.Permissions.ExecuteGraphQL } }; using (var context = new SiteContext()) { await context.InitializeAsync(permissionContext); var result = await context.GraphQLClient.Content .Query("blog", builder => { builder.WithField("contentItemId"); }); Assert.Equal(GraphQLApi.ValidationRules.RequiresPermissionValidationRule.ErrorCode, result["errors"][0]["extensions"]["code"]); } }
public async Task ShouldReturnBlogsWithViewBlogContentPermission() { var permissionContext = new PermissionsContext { UsePermissionsContext = true, AuthorizedPermissions = new[] { GraphQLApi.Permissions.ExecuteGraphQL, Contents.Permissions.ViewContent } }; using (var context = new SiteContext()) { await context.InitializeAsync(permissionContext); var result = await context.GraphQLClient.Content .Query("blog", builder => { builder.WithField("contentItemId"); }); Assert.NotEmpty(result["data"]["blog"]); } }
private void PromptMissingPermissions(PermissionsContext permissionsContext, string redirectUrl) { AuthorizationContext filterContext = permissionsContext.FilterContext; HashSet<string> requiredPermissions = permissionsContext.RequiredPermissions; // If there were no errors it means that we will be prompted with a permission prompt. // Therefore, invoke the permission prompt hooks and navigate to the prompt. IEnumerable<string> declinedPermissions = permissionsContext.DeclinedPermissions; IEnumerable<string> skippedPermissions = permissionsContext.SkippedPermissions; FacebookContext facebookContext = permissionsContext.FacebookContext; IEnumerable<string> missingPermissions = permissionsContext.MissingPermissions; // Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check // them against the current pages permissions, this will determine if we should invoke the denied permission hook. bool deniedPermissions = missingPermissions.Where( permission => declinedPermissions.Contains(permission) || skippedPermissions.Contains(permission)).Any(); // The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions. // It is attempted PRIOR to the pre hook to allow app creators to handle situations when a user // skip's or revokes previously prompted permissions. Ex: redirect to a different page. if (deniedPermissions && InvokeDeniedPermissionPromptHook(permissionsContext)) { return; } else if (InvokePrePermissionPromptHook(permissionsContext)) { return; } // We persist the requested permissions in a cookie to know if a permission was denied in any way. // The persisted data allows us to detect skipping of permissions. PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions); FacebookClient client = facebookContext.Client; Uri navigationUrl = client.GetLoginUrl(redirectUrl, _config.AppId, permissions: String.Join(",", requiredPermissions)); filterContext.Result = CreateRedirectResult(navigationUrl); }
protected override ActionResult OnDeniedPermissionPrompt(PermissionsContext context) { DeniedPermissionPromptHookTriggered = true; return base.OnDeniedPermissionPrompt(context); }
protected override ActionResult OnPermissionPrompt(PermissionsContext context) { return _promptPermissionHookResult; }
private bool InvokePrePermissionPromptHook(PermissionsContext context) { ActionResult preResult = OnPermissionPrompt(context); return HandleParsedHookResult(context.FilterContext, preResult); }
protected override ActionResult OnPermissionPrompt(PermissionsContext context) { return null; }
protected override ActionResult OnDeniedPermissionPrompt(PermissionsContext context) { return _deniedPermissionPromptHookResult; }
public PermissionRepository(PermissionsContext context, IDistributedCache cache) { _context = context; _cache = cache; }
/// <summary> /// Check is document owner /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="id">Document unique identifier</param> /// <returns></returns> public bool CheckIsCommentOwner(PermissionsContext ctx, int id) { var comment = Get(ctx, id); return(comment != null && comment.CanModify); }
/// <summary> /// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt. /// </summary> /// <param name="context">Provides access to permission information associated with the user.</param> /// <returns>An <see cref="ActionResult"/> for how to handle the coming permission prompt. Defaults to showing the prompt /// via the <see cref="ShowPrompt"/> result.</returns> protected virtual ActionResult OnPermissionPrompt(PermissionsContext context) { return ShowPrompt(); }
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } IEnumerable<FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true) .Union(filterContext.ActionDescriptor.ControllerDescriptor .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)) .OfType<FacebookAuthorizeAttribute>(); if (!authorizeAttributes.Any()) { return; } FacebookClient client = _config.ClientProvider.CreateClient(); HttpRequestBase request = filterContext.HttpContext.Request; dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest( filterContext.HttpContext, rawSignedRequest => { return client.ParseSignedRequest(rawSignedRequest); }); string userId = null; string accessToken = null; if (signedRequest != null) { userId = signedRequest.user_id; accessToken = signedRequest.oauth_token; } NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query); HashSet<string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes); bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]); // This must occur AFTER the handleError calculation because it modifies the parsed queries. string redirectUrl = GetRedirectUrl(request, parsedQueries); // Check if there was an error and we should handle it. if (handleError) { Uri errorUrl; if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath)) { errorUrl = DefaultAuthorizationRedirectUrl; } else { errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions); } filterContext.Result = CreateRedirectResult(errorUrl); // There was an error so short circuit return; } FacebookContext facebookContext = new FacebookContext { Client = client, SignedRequest = signedRequest, AccessToken = accessToken, UserId = userId, Configuration = _config }; PermissionsContext permissionsContext = new PermissionsContext { FacebookContext = facebookContext, FilterContext = filterContext, RequiredPermissions = requiredPermissions, }; // Check if we need to prompt for default permissions. if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken)) { PromptDefaultPermissions(permissionsContext, redirectUrl); } else if (requiredPermissions.Any()) { PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken); // Instead of performing another request to gather "granted" permissions just parse the status IEnumerable<string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus); IEnumerable<string> missingPermissions = requiredPermissions.Except(currentPermissions); // If we have missing permissions than we need to present a prompt or redirect to an error // page if there's an error. if (missingPermissions.Any()) { permissionsContext.MissingPermissions = missingPermissions; permissionsContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus); permissionsContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions( filterContext.HttpContext.Request, missingPermissions, permissionsContext.DeclinedPermissions); PromptMissingPermissions(permissionsContext, redirectUrl); } } }
/// <summary> /// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that requests permissions that were skipped /// or revoked. Occurs before the <see cref="OnPermissionPrompt"/> and short circuits the pipeline by default via /// returning an <see cref="IgnorePrompt"/> result. /// </summary> /// <param name="context">Provides access to permission information associated with the user.</param> /// <returns>An <see cref="ActionResult"/> for how to handle the denied permissions. Defaults to ignoring the coming prompt /// via the <see cref="IgnorePrompt"/> result.</returns> protected virtual ActionResult OnDeniedPermissionPrompt(PermissionsContext context) { return(IgnorePrompt()); }
public ServersController(IHttpContextAccessor httpContext, PermissionsContext permissionsContext, IConfiguration configuration) { _httpContext = httpContext; _permissionsContext = permissionsContext; _zmqUrl = configuration.GetSection("ZeroMQUrl").Value; }
private bool InvokeDeniedPermissionPromptHook(PermissionsContext context) { ActionResult postResult = OnDeniedPermissionPrompt(context); return HandleParsedHookResult(context.FilterContext, postResult); }
/// <summary> /// Retrieves list of specific DTO's entities. /// </summary> /// <param name="ctx">Contains information of current user</param> /// <param name="args"></param> /// <returns></returns> public IEnumerable <TEntityDto> GetAll(PermissionsContext ctx, params object[] args) { return(OnGetAll(ctx, args)); }
public virtual void OnAuthorization(AuthorizationContext filterContext) { if (filterContext == null) { throw new ArgumentNullException("filterContext"); } IEnumerable <FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true) .Union(filterContext.ActionDescriptor.ControllerDescriptor .GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)) .OfType <FacebookAuthorizeAttribute>(); if (!authorizeAttributes.Any()) { return; } FacebookClient client = _config.ClientProvider.CreateClient(); HttpRequestBase request = filterContext.HttpContext.Request; dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest( filterContext.HttpContext, rawSignedRequest => { return(client.ParseSignedRequest(rawSignedRequest)); }); string userId = null; string accessToken = null; if (signedRequest != null) { userId = signedRequest.user_id; accessToken = signedRequest.oauth_token; } NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query); HashSet <string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes); bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]); // This must occur AFTER the handleError calculation because it modifies the parsed queries. string redirectUrl = GetRedirectUrl(request, parsedQueries); // Check if there was an error and we should handle it. if (handleError) { Uri errorUrl; if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath)) { errorUrl = DefaultAuthorizationRedirectUrl; } else { errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions); } filterContext.Result = CreateRedirectResult(errorUrl); // There was an error so short circuit return; } FacebookContext facebookContext = new FacebookContext { Client = client, SignedRequest = signedRequest, AccessToken = accessToken, UserId = userId, Configuration = _config }; PermissionsContext permissionsContext = new PermissionsContext { FacebookContext = facebookContext, FilterContext = filterContext, RequiredPermissions = requiredPermissions, }; // Check if we need to prompt for default permissions. if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken)) { PromptDefaultPermissions(permissionsContext, redirectUrl); } else if (requiredPermissions.Any()) { PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken); // Instead of performing another request to gather "granted" permissions just parse the status IEnumerable <string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus); IEnumerable <string> missingPermissions = requiredPermissions.Except(currentPermissions); // If we have missing permissions than we need to present a prompt or redirect to an error // page if there's an error. if (missingPermissions.Any()) { permissionsContext.MissingPermissions = missingPermissions; permissionsContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus); permissionsContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions( filterContext.HttpContext.Request, missingPermissions, permissionsContext.DeclinedPermissions); PromptMissingPermissions(permissionsContext, redirectUrl); } } }
/// <summary> /// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt. /// </summary> /// <param name="context">Provides access to permission information associated with the user.</param> /// <returns>An <see cref="ActionResult"/> for how to handle the coming permission prompt. Defaults to showing the prompt /// via the <see cref="ShowPrompt"/> result.</returns> protected virtual ActionResult OnPermissionPrompt(PermissionsContext context) { return(ShowPrompt()); }
protected abstract TEntityDto OnGet(PermissionsContext ctx, TIdentity id);
private bool InvokeDeniedPermissionPromptHook(PermissionsContext context) { ActionResult postResult = OnDeniedPermissionPrompt(context); return(HandleParsedHookResult(context.FilterContext, postResult)); }
protected abstract IEnumerable <TEntityDto> OnGetAll(PermissionsContext ctx, params object[] args);
private bool InvokePrePermissionPromptHook(PermissionsContext context) { ActionResult preResult = OnPermissionPrompt(context); return(HandleParsedHookResult(context.FilterContext, preResult)); }
/// <summary> /// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that requests permissions that were skipped /// or revoked. Occurs before the <see cref="OnPermissionPrompt"/> and short circuits the pipeline by default via /// returning an <see cref="IgnorePrompt"/> result. /// </summary> /// <param name="context">Provides access to permission information associated with the user.</param> /// <returns>An <see cref="ActionResult"/> for how to handle the denied permissions. Defaults to ignoring the coming prompt /// via the <see cref="IgnorePrompt"/> result.</returns> protected virtual ActionResult OnDeniedPermissionPrompt(PermissionsContext context) { return IgnorePrompt(); }