public void AssignResourceToOwner(string resourceKey, string userId, string specificResourceId)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var resource = context.Resources.FirstOrDefault(c => c.Key == resourceKey);
if (resource == null)
{
throw new Exception($"Unable to assign resource to user. Unknown resource key {resourceKey}");
}
if (UserAlreadyOwnsResource(context, resource, userId, specificResourceId))
{
return;
}
context.ResourceOwners.Add(new ResourceOwner
{
ResourceId = resource.Id,
UserId = userId,
SpecificResourceId = specificResourceId
});
context.SaveChanges();
}
}
public void AssignWebsiteUser(string userId)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var webUser = context.Roles.FirstOrDefault(c => c.Description == "Website User");
if (webUser == null)
{
webUser = new Role
{
Description = "Website User",
};
context.Roles.Add(webUser);
context.SaveChanges();
}
context.UserRoles.Add(new UserRole()
{
RoleId = webUser.Id,
UserId = userId
});
context.SaveChanges();
//return webUser;
}
}
public object GetUserPermissions(string userId)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var userRoles = context.UserRoles
.Where(c => c.UserId == userId)
.Select(p => p.RoleId)
.ToList();
var roleDescription = context.Roles.FirstOrDefault(c => c.Id == userRoles.FirstOrDefault());
if (roleDescription == null)
{
return("");
}
if (roleDescription?.Description == "Super User")
{
var allPerms = context.ResourceDetails.Include(c => c.Resource).ToList(); //.Include(c=>c.ResourceDetail.Resource).ToList();
return(allPerms.Select(c => $"{c.Resource.Key}_{c.Key}"));
}
//
var perms = context.Permissions
.Include(c => c.ResourceDetail)
.Include(c => c.ResourceDetail.Resource)
.Where(c => userRoles.Contains(c.RoleId))
.Select(c => $"{c.ResourceDetail.Resource.Key}_{c.ResourceDetail.Key}")
.ToList();
return(perms);
}
}
public Role GetOrCreateSuperUser(string userId)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var superUser = context.Roles.FirstOrDefault(c => c.Description == "Super User");
if (superUser == null)
{
superUser = new Role
{
Description = "Super User",
};
context.Roles.Add(superUser);
context.SaveChanges();
}
context.UserRoles.Add(new UserRole()
{
RoleId = superUser.Id,
UserId = userId
});
context.SaveChanges();
return(superUser);
}
}
public ReplyBase IsAuthorized(string userId, string resourceKey, string resourceDetailKey, string specificResourceId = null)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var userRoles = context.UserRoles.Where(c => c.UserId == userId).ToList();
if (!userRoles.Any())
{
return(ReplyBase.Unauthorized());
}
var resource = context.Resources.FirstOrDefault(c => c.Key == resourceKey);
if (resource == null)
{
resource = new Resource
{
Description = resourceKey,
Key = resourceKey
};
context.Resources.Add(resource);
context.SaveChanges();
//return ReplyBase.Unauthorized("Invalid resource key");
}
var resourceDetail =
context.ResourceDetails.FirstOrDefault(c =>
c.ResourceId == resource.Id && c.Key == resourceDetailKey);
if (resourceDetail == null)
{
resourceDetail = new ResourceDetail
{
Description = resourceDetailKey,
Key = resourceDetailKey,
ResourceId = resource.Id
};
context.ResourceDetails.Add(resourceDetail);
context.SaveChanges();
//return ReplyBase.Unauthorized("Invalid resource detail id");
}
var roles = context.Roles.Where(c => userRoles.Select(u => u.RoleId).Contains(c.Id)).ToList();
if (roles.Any(c => c.Description == "Super User"))
{
return(ReplyBase.Success());
}
var roleIds = roles.Select(c => c.Id).ToList();
var permissions = context.Permissions
.Where(c => roleIds.Contains(c.RoleId) && c.ResourceDetailId == resourceDetail.Id).ToList();
if (!permissions.Any())
{
return(ReplyBase.Unauthorized());
}
if (permissions.Any(c =>
c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Deny))
{
return(ReplyBase.Unauthorized());
}
var allowedPermission = permissions.FirstOrDefault(c =>
c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Allow);
if (allowedPermission != null)
{
if (allowedPermission.OwnerScoped && specificResourceId != null)
{
var allowed = context.ResourceOwners.Any(c =>
c.ResourceId == resource.Id && c.SpecificResourceId == specificResourceId &&
c.UserId == userId);
if (!allowed)
{
return(ReplyBase.Unauthorized());
}
}
return(ReplyBase.Success());
}
}
return(ReplyBase.Unauthorized("Unknown resource check"));
}
private bool UserAlreadyOwnsResource(AuthorizationDbContext dbContext, Resource resource, string userId, string specificResourceId)
{
return(dbContext.ResourceOwners.Any(c =>
c.ResourceId == resource.Id && c.UserId == userId && c.SpecificResourceId == specificResourceId));
}
public DefaultRoleSeeder(AuthorizationDbContext authDbContext)
{
_authDbContext = authDbContext;
}
