public void RbacSegmentEqualityTest() { var segment1 = new RbacSegment("0000"); var segment2 = new RbacSegment("0000"); var segment3 = new RbacSegment("0001"); Assert.AreEqual(segment1, segment2); Assert.AreNotEqual(segment1, segment3); }
private void VerifyRolePermissions(Role role, string subjectId, HttpContext httpContext) { var endpoint = httpContext.GetEndpoint(); // Subject var rbacSubjectSegment = new RbacSegment(subjectId); // Resource var rbacResourceSegment = RbacSegment.All; var resourceMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute)); if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute) { rbacResourceSegment = rbacResourceAttribute.ResourceSegment; } // Action var rbacActionSegment = RbacSegment.All; var actionMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute)); if (actionMetadata is RbacActionAttribute rbacActionAttribute) { rbacActionSegment = rbacActionAttribute.ActionSegment; } // Object var rbacObjectSegment = RbacSegment.All; var objectMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute)); var routeData = httpContext.GetRouteData(); if (routeData?.Values != null && objectMetadata is RbacObjectAttribute rbacObjectAttribute) { if (routeData.Values.ContainsKey(rbacObjectAttribute.RouteParameterName)) { var rbacObject = routeData.Values[rbacObjectAttribute.RouteParameterName]; rbacObjectSegment = new RbacSegment(rbacObject.ToString()); } } var rbac = new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment); if (!role.HasPermission(rbac)) { throw ErtisAuthException.AccessDenied("Your authorization role is unauthorized for this action"); } }
public static Rbac GetRbacDefinition(this HttpContext httpContext, string subjectId) { var endpoint = httpContext.GetEndpoint(); // Subject var rbacSubjectSegment = new RbacSegment(subjectId); // Resource var rbacResourceSegment = RbacSegment.All; var resourceMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute)); if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute) { rbacResourceSegment = rbacResourceAttribute.ResourceSegment; } // Action var rbacActionSegment = RbacSegment.All; var actionMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute)); if (actionMetadata is RbacActionAttribute rbacActionAttribute) { rbacActionSegment = rbacActionAttribute.ActionSegment; } // Object var rbacObjectSegment = RbacSegment.All; var objectMetadata = endpoint?.Metadata?.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute)); var routeData = httpContext.GetRouteData(); if (routeData?.Values != null && objectMetadata is RbacObjectAttribute rbacObjectAttribute) { if (routeData.Values.ContainsKey(rbacObjectAttribute.RouteParameterName)) { var rbacObject = routeData.Values[rbacObjectAttribute.RouteParameterName]; rbacObjectSegment = new RbacSegment(rbacObject.ToString()); } } return(new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment)); }
internal static IEnumerable <string> AssertAdminPermissionsForReservedResources() { string[] reservedResources = { "memberships", "users", "user-types", "applications", "roles", "events", "providers", "tokens", "webhooks", }; RbacSegment[] adminPrivileges = { Rbac.CrudActionSegments.Create, Rbac.CrudActionSegments.Read, Rbac.CrudActionSegments.Update, Rbac.CrudActionSegments.Delete }; var permissions = new List <string>(); foreach (var resource in reservedResources) { var resourceSegment = new RbacSegment(resource); foreach (var privilege in adminPrivileges) { var rbac = new Rbac(RbacSegment.All, resourceSegment, privilege, RbacSegment.All); permissions.Add(rbac.ToString()); } } return(permissions); }
public void RbacSegmentEqualityTest() { var segment1 = new RbacSegment("ismet"); var segment2 = new RbacSegment("ismet"); var segment3 = new RbacSegment("ertuğrul"); if (segment1 == segment2) { Assert.Pass(); } else { Assert.Fail(); } if (segment1 == segment3) { Assert.Fail(); } else { Assert.Pass(); } }
/// <summary> /// Constructor /// </summary> /// <param name="resourceName"></param> public RbacResourceAttribute(string resourceName) { this.ResourceSegment = new RbacSegment(resourceName); }
/// <summary> /// Constructor /// </summary> /// <param name="segment"></param> protected RbacAttribute(RbacSegment segment) { this.Value = segment; }
/// <summary> /// Constructor /// </summary> /// <param name="segmentValue"></param> protected RbacAttribute(string segmentValue) { this.Value = new RbacSegment(segmentValue); }
/// <summary> /// Constructor /// </summary> /// <param name="action"></param> public RbacActionAttribute(Rbac.CrudActions action) { this.ActionSegment = Rbac.GetSegment(action); }
/// <summary> /// Constructor /// </summary> /// <param name="customAction"></param> public RbacActionAttribute(string customAction) { this.ActionSegment = new RbacSegment(customAction); }
public static Rbac GetRbacDefinition(this HttpContext httpContext, string utilizerId) { var endpoint = httpContext.GetEndpoint(); var formatter = new Ertis.TemplateEngine.Formatter(new Ertis.TemplateEngine.ParserOptions { OpenBrackets = "{", CloseBrackets = "}" }); if (endpoint is RouteEndpoint routeEndpoint) { // Subject var rbacSubjectSegment = string.IsNullOrEmpty(utilizerId) ? RbacSegment.All : new RbacSegment(utilizerId); var subjectMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacSubjectAttribute)); if (subjectMetadata is RbacSubjectAttribute rbacSubjectAttribute) { rbacSubjectSegment = rbacSubjectAttribute.Value; if (!string.IsNullOrEmpty(rbacSubjectSegment.Value?.Trim())) { var rbacSubjectSegmentValue = rbacSubjectSegment.Value.Trim(); rbacSubjectSegmentValue = formatter.Format(rbacSubjectSegmentValue, httpContext.Request.RouteValues); rbacSubjectSegment = new RbacSegment(rbacSubjectSegmentValue); } } // Resource var rbacResourceSegment = RbacSegment.All; var resourceMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacResourceAttribute)); if (resourceMetadata is RbacResourceAttribute rbacResourceAttribute) { rbacResourceSegment = rbacResourceAttribute.Value; if (!string.IsNullOrEmpty(rbacResourceSegment.Value?.Trim())) { var rbacResourceSegmentValue = rbacResourceSegment.Value.Trim(); rbacResourceSegmentValue = formatter.Format(rbacResourceSegmentValue, httpContext.Request.RouteValues); rbacResourceSegment = new RbacSegment(rbacResourceSegmentValue); } } else { var routePath = routeEndpoint.RoutePattern.RawText; if (!string.IsNullOrEmpty(routePath)) { rbacResourceSegment = new RbacSegment(routePath.Split('/').Last()); } } // Action var rbacActionSegment = RbacSegment.All; var actionMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacActionAttribute)); if (actionMetadata is RbacActionAttribute rbacActionAttribute) { rbacActionSegment = rbacActionAttribute.Value; if (!string.IsNullOrEmpty(rbacActionSegment.Value?.Trim())) { var rbacActionSegmentValue = rbacActionSegment.Value.Trim(); rbacActionSegmentValue = formatter.Format(rbacActionSegmentValue, httpContext.Request.RouteValues); rbacActionSegment = new RbacSegment(rbacActionSegmentValue); } } // Object var rbacObjectSegment = RbacSegment.All; var objectMetadata = routeEndpoint.Metadata.FirstOrDefault(x => x.GetType() == typeof(RbacObjectAttribute)); if (objectMetadata is RbacObjectAttribute rbacObjectAttribute) { rbacObjectSegment = rbacObjectAttribute.Value; if (!string.IsNullOrEmpty(rbacObjectSegment.Value?.Trim())) { var rbacObjectSegmentValue = rbacObjectSegment.Value.Trim(); rbacObjectSegmentValue = formatter.Format(rbacObjectSegmentValue, httpContext.Request.RouteValues); rbacObjectSegment = new RbacSegment(rbacObjectSegmentValue); } } // Rbac return(new Rbac(rbacSubjectSegment, rbacResourceSegment, rbacActionSegment, rbacObjectSegment)); } return(default);