private Authorization GetFromAuthorizationResource(RoleDefinitionDataProvider roleDP, ResourceAttribute resAttr) { Authorization auth = new Authorization() { ResourceName = resAttr.Name, ResourceDescription = resAttr.Description, }; auth.AllowedRoles.Add(new Role() { RoleId = RoleDefinitionDataProvider.SuperUserId }); if (resAttr.Anonymous) { auth.AllowedRoles.Add(new Role() { RoleId = roleDP.GetAnonymousRoleId() }); } if (resAttr.User) { auth.AllowedRoles.Add(new Role() { RoleId = roleDP.GetUserRoleId() }); } if (resAttr.Editor) { auth.AllowedRoles.Add(new Role() { RoleId = roleDP.GetEditorRoleId() }); } if (resAttr.Administrator) { auth.AllowedRoles.Add(new Role() { RoleId = roleDP.GetAdministratorRoleId() }); } return(auth); }
public async Task <bool> IsResourceAuthorizedAsync(string resourceName) { // we need to check if this resource is protected if (string.IsNullOrEmpty(resourceName)) { throw new InternalError("Missing resource name"); } if (IsBackDoorWideOpen()) { return(true); } if (YetaWFManager.IsDemo || Manager.IsDemoUser) { return(true); } // check if this is the superuser if (Manager.HasSuperUserRole) { return(true); } using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) { Authorization auth = await authDP.GetItemAsync(resourceName); if (auth == null) { Logging.AddLog("Resource {0} doesn't exist", resourceName); #if DEBUG throw new InternalError("Resource {0} doesn't exist", resourceName); #else return(false);// not authorized, there is no such resource #endif } RoleComparer roleComp = new RoleComparer(); using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) { if (!Manager.HaveUser) { // check if anonymous user allowed if (auth.AllowedRoles.Contains(new Role { RoleId = roleDP.GetAnonymousRoleId() }, roleComp)) { return(true); } return(false); } // authenticated user // check if any authenticated user allowed if (auth.AllowedRoles.Contains(new Role { RoleId = roleDP.GetUserRoleId() }, roleComp)) { return(true); } } string userName = Manager.UserName; UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user if (user == null) { throw new InternalError("UserObject missing for authenticated user"); } // check if this user is allowed if (auth.AllowedUsers.Contains(new User { UserId = user.UserId }, new UserComparer())) { return(true); } // check if this user is in a permitted role foreach (Role loginRole in user.RolesList) { if (auth.AllowedRoles.Contains(new Role { RoleId = loginRole.RoleId }, roleComp)) { return(true); } } } // simply not authorized return(false); }
public int GetAnonymousRoleId() { using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) { return(roleDP.GetAnonymousRoleId()); } }