예제 #1
0
        public async Task <List <Role> > GetCollectionRolesForUserAsync(string collectionName, User user)
        {
            if (collectionName == null)
            {
                return(user.Roles);
            }
            var collectionMetadata = await GetCollectionMetadata(collectionName);

            var isCollectionProtected = collectionMetadata?.IsProtected ?? false;

            if (!isCollectionProtected)
            {
                return(user.Roles);
            }
            var collectionPermissionId        = CollectionPermissions.GetId(collectionName, user.UserName);
            var matchingCollectionPermissions = await collectionPermissionsCollection
                                                .Find(x => x.Id == collectionPermissionId)
                                                .FirstOrDefaultAsync();

            var collectionRoles = matchingCollectionPermissions != null ? matchingCollectionPermissions.Roles : new List <Role>();

            // Add admin and user manager roles, which always will be inherited
            if (user.Roles.Contains(Role.Admin) && !collectionRoles.Contains(Role.Admin))
            {
                collectionRoles.Add(Role.Admin);
            }
            if (user.Roles.Contains(Role.UserManager) && !collectionRoles.Contains(Role.UserManager)) // TODO: Reconsider this rule. UserManager inheritance is not necessary
            {
                collectionRoles.Add(Role.UserManager);
            }
            return(collectionRoles);
        }
예제 #2
0
        public async Task <bool> RemoveCollectionRoleFromUser(string username, Role role, string collectionName)
        {
            var permissionId = CollectionPermissions.GetId(collectionName, username);
            var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();

            if (matchingCollectionPermission == null)
            {
                return(true);
            }
            if (!matchingCollectionPermission.Roles.Contains(role))
            {
                return(true);
            }
            return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.Pull(x => x.Roles, role)));
        }
예제 #3
0
        public async Task <bool> AddCollectionRoleToUser(string username, Role role, string collectionName)
        {
            var permissionId = CollectionPermissions.GetId(collectionName, username);
            var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();

            if (matchingCollectionPermission == null)
            {
                var collectionPermissions = new CollectionPermissions(collectionName, username, new List <Role> {
                    role
                });
                await collectionPermissionsCollection.InsertOneAsync(collectionPermissions);

                return(true);
            }
            if (matchingCollectionPermission.Roles.Contains(role))
            {
                return(true);
            }
            return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.AddToSet(x => x.Roles, role)));
        }
예제 #4
0
        public async Task <bool> SetCollectionRolesForUser(string username, List <Role> roles, string collectionName)
        {
            var permissionId = CollectionPermissions.GetId(collectionName, username);
            var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();

            if (matchingCollectionPermission == null)
            {
                if (!roles.Any())
                {
                    return(true); // Nothing to do. Empty role list clears all permissions
                }
                var collectionPermissions = new CollectionPermissions(collectionName, username, roles);
                await collectionPermissionsCollection.InsertOneAsync(collectionPermissions);

                return(true);
            }

            if (matchingCollectionPermission.Roles.Equivalent(roles))
            {
                return(true);
            }
            return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.Set(x => x.Roles, roles)));
        }