public void RbacSegmentEqualityTest()
{
var segment1 = new RbacSegment("0000");
var segment2 = new RbacSegment("0000");
var segment3 = new RbacSegment("0001");
Assert.AreEqual(segment1, segment2);
Assert.AreNotEqual(segment1, segment3);
}
private void VerifyRolePermissions(Role role, string subjectId, HttpContext httpContext)
{
var endpoint = httpContext.GetEndpoint();
// Subject
var rbacSubjectSegment = new RbacSegment(subjectId);
// Resource
var rbacResourceSegment = RbacSegment.All;
var resourceMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute));
if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute)
{
rbacResourceSegment = rbacResourceAttribute.ResourceSegment;
}
// Action
var rbacActionSegment = RbacSegment.All;
var actionMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute));
if (actionMetadata is RbacActionAttribute rbacActionAttribute)
{
rbacActionSegment = rbacActionAttribute.ActionSegment;
}
// Object
var rbacObjectSegment = RbacSegment.All;
var objectMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute));
var routeData = httpContext.GetRouteData();
if (routeData?.Values != null && objectMetadata is RbacObjectAttribute rbacObjectAttribute)
{
if (routeData.Values.ContainsKey(rbacObjectAttribute.RouteParameterName))
{
var rbacObject = routeData.Values[rbacObjectAttribute.RouteParameterName];
rbacObjectSegment = new RbacSegment(rbacObject.ToString());
}
}
var rbac = new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment);
if (!role.HasPermission(rbac))
{
throw ErtisAuthException.AccessDenied("Your authorization role is unauthorized for this action");
}
}
public static Rbac GetRbacDefinition(this HttpContext httpContext, string subjectId)
{
var endpoint = httpContext.GetEndpoint();
// Subject
var rbacSubjectSegment = new RbacSegment(subjectId);
// Resource
var rbacResourceSegment = RbacSegment.All;
var resourceMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute));
if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute)
{
rbacResourceSegment = rbacResourceAttribute.ResourceSegment;
}
// Action
var rbacActionSegment = RbacSegment.All;
var actionMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute));
if (actionMetadata is RbacActionAttribute rbacActionAttribute)
{
rbacActionSegment = rbacActionAttribute.ActionSegment;
}
// Object
var rbacObjectSegment = RbacSegment.All;
var objectMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute));
var routeData = httpContext.GetRouteData();
if (routeData?.Values != null && objectMetadata is RbacObjectAttribute rbacObjectAttribute)
{
if (routeData.Values.ContainsKey(rbacObjectAttribute.RouteParameterName))
{
var rbacObject = routeData.Values[rbacObjectAttribute.RouteParameterName];
rbacObjectSegment = new RbacSegment(rbacObject.ToString());
}
}
return(new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment));
}
internal static IEnumerable <string> AssertAdminPermissionsForReservedResources()
{
string[] reservedResources =
{
"memberships",
"users",
"user-types",
"applications",
"roles",
"events",
"providers",
"tokens",
"webhooks",
};
RbacSegment[] adminPrivileges =
{
Rbac.CrudActionSegments.Create,
Rbac.CrudActionSegments.Read,
Rbac.CrudActionSegments.Update,
Rbac.CrudActionSegments.Delete
};
var permissions = new List <string>();
foreach (var resource in reservedResources)
{
var resourceSegment = new RbacSegment(resource);
foreach (var privilege in adminPrivileges)
{
var rbac = new Rbac(RbacSegment.All, resourceSegment, privilege, RbacSegment.All);
permissions.Add(rbac.ToString());
}
}
return(permissions);
}
public void RbacSegmentEqualityTest()
{
var segment1 = new RbacSegment("ismet");
var segment2 = new RbacSegment("ismet");
var segment3 = new RbacSegment("ertuğrul");
if (segment1 == segment2)
{
Assert.Pass();
}
else
{
Assert.Fail();
}
if (segment1 == segment3)
{
Assert.Fail();
}
else
{
Assert.Pass();
}
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="resourceName"></param>
public RbacResourceAttribute(string resourceName)
{
this.ResourceSegment = new RbacSegment(resourceName);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="segment"></param>
protected RbacAttribute(RbacSegment segment)
{
this.Value = segment;
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="segmentValue"></param>
protected RbacAttribute(string segmentValue)
{
this.Value = new RbacSegment(segmentValue);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="action"></param>
public RbacActionAttribute(Rbac.CrudActions action)
{
this.ActionSegment = Rbac.GetSegment(action);
}
/// <summary>
/// Constructor
/// </summary>
/// <param name="customAction"></param>
public RbacActionAttribute(string customAction)
{
this.ActionSegment = new RbacSegment(customAction);
}
public static Rbac GetRbacDefinition(this HttpContext httpContext, string utilizerId)
{
var endpoint = httpContext.GetEndpoint();
var formatter = new Ertis.TemplateEngine.Formatter(new Ertis.TemplateEngine.ParserOptions {
OpenBrackets = "{", CloseBrackets = "}"
});
if (endpoint is RouteEndpoint routeEndpoint)
{
// Subject
var rbacSubjectSegment = string.IsNullOrEmpty(utilizerId) ? RbacSegment.All : new RbacSegment(utilizerId);
var subjectMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacSubjectAttribute));
if (subjectMetadata is RbacSubjectAttribute rbacSubjectAttribute)
{
rbacSubjectSegment = rbacSubjectAttribute.Value;
if (!string.IsNullOrEmpty(rbacSubjectSegment.Value?.Trim()))
{
var rbacSubjectSegmentValue = rbacSubjectSegment.Value.Trim();
rbacSubjectSegmentValue = formatter.Format(rbacSubjectSegmentValue, httpContext.Request.RouteValues);
rbacSubjectSegment = new RbacSegment(rbacSubjectSegmentValue);
}
}
// Resource
var rbacResourceSegment = RbacSegment.All;
var resourceMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute));
if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute)
{
rbacResourceSegment = rbacResourceAttribute.Value;
if (!string.IsNullOrEmpty(rbacResourceSegment.Value?.Trim()))
{
var rbacResourceSegmentValue = rbacResourceSegment.Value.Trim();
rbacResourceSegmentValue = formatter.Format(rbacResourceSegmentValue, httpContext.Request.RouteValues);
rbacResourceSegment = new RbacSegment(rbacResourceSegmentValue);
}
}
else
{
var routePath = routeEndpoint.RoutePattern.RawText;
if (!string.IsNullOrEmpty(routePath))
{
rbacResourceSegment = new RbacSegment(routePath.Split('/').Last());
}
}
// Action
var rbacActionSegment = RbacSegment.All;
var actionMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute));
if (actionMetadata is RbacActionAttribute rbacActionAttribute)
{
rbacActionSegment = rbacActionAttribute.Value;
if (!string.IsNullOrEmpty(rbacActionSegment.Value?.Trim()))
{
var rbacActionSegmentValue = rbacActionSegment.Value.Trim();
rbacActionSegmentValue = formatter.Format(rbacActionSegmentValue, httpContext.Request.RouteValues);
rbacActionSegment = new RbacSegment(rbacActionSegmentValue);
}
}
// Object
var rbacObjectSegment = RbacSegment.All;
var objectMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute));
if (objectMetadata is RbacObjectAttribute rbacObjectAttribute)
{
rbacObjectSegment = rbacObjectAttribute.Value;
if (!string.IsNullOrEmpty(rbacObjectSegment.Value?.Trim()))
{
var rbacObjectSegmentValue = rbacObjectSegment.Value.Trim();
rbacObjectSegmentValue = formatter.Format(rbacObjectSegmentValue, httpContext.Request.RouteValues);
rbacObjectSegment = new RbacSegment(rbacObjectSegmentValue);
}
}
// Rbac
return(new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment));
}
return(default);
