public void RbacSegmentEquality_WithEquals_ReturnTrue_Test1()
{
var rbac1 = Rbac.Parse("*.*.*.123");
var rbac2 = Rbac.Parse("*.*.*.987");
Assert.True(rbac1.Action.Equals(rbac2.Action));
}
public void RbacEquality_WithEquals_ObjectSegmentsDifferent_ReturnFalse_Test()
{
var rbac1 = Rbac.Parse("*.*.*.123");
var rbac2 = Rbac.Parse("*.*.*.987");
Assert.False(rbac1.Equals(rbac2));
}
public void RbacSegmentEquality_WithOperator_ReturnTrue_Test2()
{
var rbac1 = Rbac.Parse("*.*.*.123");
var rbac2 = Rbac.Parse("*.*.*.123");
Assert.True(rbac1.Object == rbac2.Object);
}
public void RbacEquality_WithOperator_ActionSegmentsDifferent_ReturnFalse_Test()
{
var rbac1 = Rbac.Parse("*.*.123.*");
var rbac2 = Rbac.Parse("*.*.987.*");
Assert.False(rbac1 == rbac2);
}
public static bool?HasPermission(this Utilizer utilizer, Rbac rbac)
{
bool isPermittedFilter(string permission)
{
if (Ubac.TryParse(permission, out var userUbac))
{
bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase);
bool isActionPermitted = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase);
bool isObjectPermitted = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object);
bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted;
if (isPermitted)
{
return(true);
}
}
return(false);
}
var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {};
var matchedForbiddens = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {};
var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray();
var forbiddens = matchedForbiddens as string[] ?? matchedForbiddens.ToArray();
if (!permissions.Any() && !forbiddens.Any())
{
return(null);
}
return(!forbiddens.Any() && permissions.Any());
}
public void GetSample(Rbac rbac)
{
string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, rbac.Name + "_sample_role.xml");
RbacRole.GetSample(rbac).Export(fileName);
WriteColor(ConsoleColor.Green, fileName + " exported." + Environment.NewLine);
}
public void RbacEquality_WithEquals_AllSegmentsSame_ReturnTrue_Test2()
{
var rbac1 = Rbac.Parse("*.users.read.*");
var rbac2 = Rbac.Parse("*.users.read.*");
Assert.True(rbac1.Equals(rbac2));
}
public void RbacEquality_WithOperator_AllSegmentsSame_ReturnTrue_Test1()
{
var rbac1 = Rbac.Parse("*.*.*.*");
var rbac2 = Rbac.Parse("*.*.*.*");
Assert.True(rbac1 == rbac2);
}
public RbacEngineWebResponse Post([FromBody] RbacEngineWebRequest request)
{
RbacEngineWebResponse response = new RbacEngineWebResponse();
try
{
response.UserName = request.UserName;
response.RoleName = request.RoleName;
using (Rbac ctx = new Rbac(request.UserName, request.RbacName, request.RoleName))
{
response.RbacName = request.RbacName;
SqlQueryParser parser = new SqlQueryParser(ctx, request.SkipParsing);
parser.Parse(request.Query);
using (RbacSqlQueryEngine eng = new RbacSqlQueryEngine(parser, request.DebugMode))
{
eng.SkipExecution = request.SkipExecution;
eng.Execute();
response.SetResult(eng);
}
}
}
catch (Exception ex)
{
response.SetResult(ex.Message);
}
return(response);
}
public RbacSqlQueryEngine TestOne(string query = null)
{
File.WriteAllText(Path.Combine(_rootDir, "Books", "test_parsed_query.txt"), string.Empty);
RbacSqlQueryEngine engine = null;
using (Rbac rbac = new Rbac("Lashawn"))
{
if (string.IsNullOrEmpty(query))
{
query = File.ReadAllText(Path.Combine(_rootDir, "Books", "test.txt"));
}
engine = new RbacSqlQueryEngine(rbac, query);
engine.Execute();
//if ((!engine.IsErrored) && (engine.SqlQueryParser.IsParsed) && (engine.SqlQueryParser.QueryType == RbacQueryTypes.Select))
// table = engine.Table; //--> gives you data table if it is a select query
}
if (!string.IsNullOrEmpty(engine.AllErrors))
{
Console.WriteLine("Errors:{0}", engine.AllErrors);
}
if ((engine.Parser.QueryType == RbacQueryTypes.Select) && (engine.Table != null))
{
Console.WriteLine("The query was a select query and returned {0} records", engine.Table.Rows.Count);
}
File.WriteAllText(Path.Combine(_rootDir, "Books", "test_parsed_query.txt"), engine.Parser.ParsedQuery);
return(engine);
}
public async Task <IHttpActionResult> AddNew([FromBody] RbacRegisterUser user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
RbacUser dbUser = new RbacUser(user.UserName);
if (dbUser != null)
{
return(BadRequest(string.Format("User '{0}' already exists!", user.UserName)));
}
RbacRole role = new RbacRole(user.RoleId);
if (role == null)
{
return(BadRequest(string.Format("Role id '{0}' not found!", user.RoleId)));
}
RbacUser newUser = Rbac.CreateUser(user.UserName, user.FullName, user.Email, user.Password, role);
if ((newUser != null) && (newUser.UserId > 0))
{
return(Ok());
}
return(BadRequest("Cannot create user!"));
}
public static bool HasOwnUpdatePermission(this Role role, Rbac rbac, IUtilizer utilizer)
{
if (rbac.Action.Slug != Rbac.GetSegment(Rbac.CrudActions.Update).Slug)
{
return(false);
}
if (rbac.Resource == "users" && utilizer.UtilizerType == Utilizer.UtilizerType.User)
{
if (rbac.Object == utilizer.Id)
{
return(true);
}
}
if (rbac.Resource == "applications" && utilizer.UtilizerType == Utilizer.UtilizerType.Application)
{
if (rbac.Object == utilizer.Id)
{
return(true);
}
}
return(false);
}
public RbacEngineWeb Get(string name)
{
RbacEngineWeb rbac = new RbacEngineWeb(Rbac.GetRbac(name));
rbac.ConnectionString = string.Empty;
return(rbac);
}
public void RbacSegmentEquality_WithEquals_ReturnFalse_Test2()
{
var rbac1 = Rbac.Parse("*.*.*.123");
var rbac2 = Rbac.Parse("*.*.*.987");
Assert.False(rbac1.Object.Equals(rbac2.Object));
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
string rbacName = context.OwinContext.Get <string>("rbac");
if (string.IsNullOrEmpty(rbacName))
{
RbacException.Raise("Parameter rbac was not passed in the request!", RbacExceptionCategories.Web);
}
Rbac rbac = new Rbac(context.UserName);
//RbacUser user = rbac.Authenticate(context.UserName, context.Password);
var claims = new List <Claim>();
claims.Add(new Claim(ClaimTypes.Name, rbac.User.UserName));
claims.Add(new Claim(ClaimTypes.Email, rbac.User.Email));
claims.Add(new Claim("rbac", rbacName));
var oAuthIdentity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie);
Dictionary <string, string> kvPair = new Dictionary <string, string>();
kvPair.Add("rbacid", rbac.RbacId.ToString());
kvPair.Add("fullname", rbac.User.FullName);
var props = new AuthenticationProperties(kvPair);
AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, props);
context.Validated(ticket);
context.Request.Context.Authentication.SignIn(oAuthIdentity);
}
public RbacEngineWeb Get(int id)
{
RbacEngineWeb rbac = new RbacEngineWeb(Rbac.GetRbac(id));
rbac.ConnectionString = string.Empty;
return(rbac);
}
public async Task <IHttpActionResult> Register([FromBody] RbacRegisterUser user)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (user.RbacId == 0)
{
return(BadRequest("Rbac id cannot be zero!"));
}
Rbac rbac = new Rbac(user.RbacId, "");
if (rbac == null)
{
return(BadRequest(string.Format("Rbac instance with rbac id '{0}' not found!", user.RbacId)));
}
RbacRole role = new RbacRole(user.RoleId);
if (role == null)
{
return(BadRequest(string.Format("Role id '{0}' not found!", user.RoleId)));
}
RbacUser newUser = rbac.CreateUser(user.UserName, user.FullName, user.Email, user.Password, role);
if ((newUser != null) && (newUser.UserId > 0))
{
return(Ok());
}
return(BadRequest("Cannot create user!"));
}
public static bool HasPermission(this Role role, Rbac rbac)
{
bool isPermittedFilter(string permission)
{
if (Rbac.TryParse(permission, out var userRbac))
{
bool isSubjectPermitted = userRbac.Subject.IsAll() || userRbac.Subject.Equals(rbac.Subject);
bool isResourcePermitted = userRbac.Resource.IsAll() || userRbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase);
bool isActionPermitted = userRbac.Action.IsAll() || userRbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase);
bool isObjectPermitted = userRbac.Object.IsAll() || userRbac.Object.Equals(rbac.Object);
bool isPermitted = isSubjectPermitted && isResourcePermitted && isActionPermitted && isObjectPermitted;
if (isPermitted)
{
return(true);
}
}
return(false);
}
var matchedPermissions = role.Permissions?.Where(isPermittedFilter) ?? new string[] {};
var matchedForbiddens = role.Forbidden?.Where(isPermittedFilter) ?? new string[] {};
return(!matchedForbiddens.Any() && matchedPermissions.Any());
}
public void CreateNew(Options options)
{
bool errored = false;
if (string.IsNullOrEmpty(options.Name))
{
WriteErrorLine("Rbac name is required");
errored = true;
}
if (string.IsNullOrEmpty(options.AppCs))
{
WriteErrorLine("Application connection string is required");
errored = true;
}
if (errored)
{
return;
}
Rbac rbac = new Rbac();
rbac.Callback += Rbac_Callback;
Rbac newRbac = rbac.CreateNew(options.Name, options.Description, options.AppCs, string.Empty);
rbac.ChangePassword(options.Password);
WriteColor(ConsoleColor.Green, "Done!" + Environment.NewLine);
Console.WriteLine();
Console.Write("Rbac '{0}' was created with id '{1}. Now it's time to configure some roles & users in the RBAC website.",
options.Name, newRbac.RbacId);
Console.WriteLine();
}
private void btnSaveInstance_Click(object sender, EventArgs e)
{
if (propInstance != null)
{
RbacEngineWeb rbac = propInstance.SelectedObject as RbacEngineWeb;
Rbac.Save(rbac);
}
}
public void RbacEqualityTest()
{
var rbac1 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object"));
var rbac2 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object"));
var rbac3 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("other"));
Assert.AreEqual(rbac1, rbac2);
Assert.AreNotEqual(rbac1, rbac3);
}
public void CreateNew(Rbac rbac, Options options)
{
string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, options.FileName);
RbacRole role = rbac.ImportRole(fileName);
Console.WriteLine();
WriteColor(ConsoleColor.Green, "Role from " + fileName + " imported into "
+ rbac.Name + ". The role id is:" + role.RoleId + "." + Environment.NewLine);
}
protected override bool ValidateModel(Role model, out IEnumerable <string> errors)
{
var errorList = new List <string>();
if (string.IsNullOrEmpty(model.Name))
{
errorList.Add("name is a required field");
}
if (string.IsNullOrEmpty(model.MembershipId))
{
errorList.Add("membership_id is a required field");
}
try
{
var permissionList = new List <Rbac>();
if (model.Permissions != null)
{
foreach (var permission in model.Permissions)
{
var rbac = Rbac.Parse(permission);
permissionList.Add(rbac);
}
}
var forbiddenList = new List <Rbac>();
if (model.Forbidden != null)
{
foreach (var forbidden in model.Forbidden)
{
var rbac = Rbac.Parse(forbidden);
forbiddenList.Add(rbac);
}
}
// Is there any conflict?
foreach (var permissionRbac in permissionList)
{
foreach (var forbiddenRbac in forbiddenList)
{
if (permissionRbac == forbiddenRbac)
{
errorList.Add($"Permitted and forbidden sets are conflicted. The same permission is there in the both set. ('{permissionRbac}')");
}
}
}
}
catch (Exception ex)
{
errorList.Add(ex.Message);
}
errors = errorList;
return(!errors.Any());
}
private void IsAllowedToInsertOrUpdateOrDelete(string query = null)
{
using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context
{
using (SqlQueryParser parser = new SqlQueryParser(rbac))
{
parser.Parse(query); //<-- this will throw error if not permitted and silent is false
}
}
}
public void RbacNullValuesEqualityTest()
{
var rbac1 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object"));
Rbac rbac2 = null;
Rbac rbac3 = null;
Assert.AreNotEqual(rbac1, rbac2);
Assert.AreEqual(rbac2, rbac3);
}
private void cbInstances_SelectedIndexChanged(object sender, EventArgs e)
{
if (cbInstances.SelectedIndex > -1)
{
propInstance.SelectedObject = new RbacEngineWeb(Rbac.GetRbac(((Rbac)cbInstances.SelectedItem).Name));
tabPage2.Text = ((RbacEngineWeb)propInstance.SelectedObject).Name;
ParseInline();
}
}
private void LoadAssemblies()
{
//this will load the assembly into memory, so that 2nd call is more efficient
try
{
Rbac rbac = new Rbac("Lashawn", "Books", "role_city_mgr");
SqlQueryParser parser = new SqlQueryParser(rbac);
parser.Parse("select * from Author");
}
catch { }
}
public RbacRoleWeb Get(string name)
{
RbacRole role = Rbac.GetRole(name);
if (role != null)
{
role.ParseMetaData();
return(new RbacRoleWeb(role));
}
return(null);
}
public RbacRoleWeb Get(int id)
{
RbacRole role = Rbac.GetRole(id);
if (role != null)
{
role.ParseMetaData();
return(new RbacRoleWeb(role));
}
return(null);
}
private void IsAllowedToInsertOrUpdateOrDelete(string query = null)
{
using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context
{
using (SqlQueryParser parser = new SqlQueryParser(rbac))
{
parser.Parse(query); //<-- this will throw exception if not permitted
//<-- if you are here, you are goood. Just perform basic insert/update/delete
}
}
}
