// В случае уже имеющегося разрешения на редактирование
public bool CanMove(SunClaimsPrincipal user, CategoryCached categoryFrom, CategoryCached categoryTo)
{
// Если модератор с правом перемещения материалов на обе категории то разрешаем
return(categoryTo.IsMaterialsContainer &&
authorizationService.HasAccess(user.Roles, categoryFrom, OperationKeys.MaterialWrite) &&
authorizationService.HasAccess(user.Roles, categoryTo, OperationKeys.MaterialWrite));
}
public async Task <bool> CanUpdateAsync(SunClaimsPrincipal user, Material material)
{
var operationKeys =
authorizationService.HasAccess(user.Roles, material.CategoryId, new[]
{
OperationKeys.MaterialEditOwn,
OperationKeys.MaterialEditOwnIfHasReplies,
OperationKeys.MaterialEditOwnIfTimeNotExceeded,
OperationKeys.MaterialEditAny
});
// Если пользователь может редактировать любой материал, то пускаем
if (operationKeys.Contains(OperationKeys.MaterialEditAny))
{
return(true);
}
// Если это чужой материал, то запрещаем
if (material.AuthorId != user.UserId)
{
return(false);
}
// Если MaterialEditOwnIfHasReplies заблокировано и есть чужие ответы то запрещаем
if (!operationKeys.Contains(OperationKeys.MaterialEditOwnIfHasReplies))
{
if (await CheckHasNotOwnRepliesAsync(material, user.UserId))
{
return(false);
}
}
// Если MaterialEditOwnIfTimeNotExceeded заблокировано и время редактирования истекло то блокируем
if (!operationKeys.Contains(OperationKeys.MaterialEditOwnIfTimeNotExceeded))
{
if (!EditOwnIfTimeNotExceededCheck(material.PublishDate))
{
return(false);
}
}
// Если MaterialEditOwn то разрешаем
return(operationKeys.Contains(OperationKeys.MaterialEditOwn));
}
public async Task <bool> CanEditAsync(SunClaimsPrincipal user, Comment comment, int categoryId)
{
var operationKeys = authorizationService.HasAccess(user.Roles, categoryId, new[]
{
OperationKeys.CommentEditOwn,
OperationKeys.CommentEditAny,
OperationKeys.CommentEditOwnIfHasReplies,
OperationKeys.CommentEditOwnIfTimeNotExceeded
});
// Если мы модератор с ключём CommentEditAny разрешаем
if (operationKeys.Contains(OperationKeys.CommentEditAny))
{
return(true);
}
// Если мы не автор, то блокируем
if (user.UserId != comment.AuthorId)
{
return(false);
}
// Если CommentEditOwnIfHasReplies заблокировано и есть есть чужие ответы далее
if (operationKeys.Contains(OperationKeys.CommentEditOwnIfHasReplies))
{
if (await CheckHasNotOwnAfterAsync(comment))
{
return(false);
}
}
// Если CommentEditOwnIfTimeNotExceeded заблокировано и время редактирования истекло то блокируем
if (!operationKeys.Contains(OperationKeys.CommentEditOwnIfTimeNotExceeded))
{
if (!EditOwnIfTimeNotExceededCheck(comment.PublishDate))
{
return(false);
}
}
// Если CommentEditOwn то разрешаем
return(operationKeys.Contains(OperationKeys.CommentEditOwn));
}
public bool CanEdit(SunClaimsPrincipal user, Material material)
{
return(CanUpdateAsync(user, material).GetAwaiter().GetResult());
}
/// <summary>
/// Only moderator with OperationKeys.MaterialDeleteAny can restore deleted Materials
/// </summary>
public bool CanRestoreAsync(SunClaimsPrincipal user, int categoryId)
{
return(authorizationService.HasAccess(user.Roles, categoryId, OperationKeys.MaterialDeleteAny));
}
protected override async Task <AuthenticateResult> HandleAuthenticateAsync()
{
async Task <AuthenticateResult> DeleteLongSessionAndLogout(long sessionId)
{
await userManager.DeleteLongSessionAsync(sessionId);
jweService.MakeLogoutCookiesAndHeaders(Response);
return(AuthenticateResult.NoResult());
}
AuthenticateResult Logout(string msg)
{
jweService.MakeLogoutCookiesAndHeaders(Response);
Console.ForegroundColor = ConsoleColor.Red;
Console.WriteLine($"\nLogout: {msg}\n");
Console.ResetColor();
return(AuthenticateResult.NoResult());
}
try
{
var cookie = Request.Cookies[TokenClaimNames.LongToken2CoockiName];
if (cookie == null)
{
return(AuthenticateResult.NoResult());
}
JwtSecurityToken jwtLongToken2 = jweService.ReadLong2Token(cookie);
if (jwtLongToken2 == null)
{
return(Logout("No Long2 cookie token"));
}
var longToken2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value;
SunClaimsPrincipal sunClaimsPrincipal;
if (Request.Headers.TryGetValue(Headers.LongToken1HeaderName, out StringValues longToken1db))
{
int userId = int.Parse(jwtLongToken2.Claims.First(x => x.Type == ClaimTypes.NameIdentifier).Value);
var longSessionToFind = new LongSession
{
UserId = userId,
LongToken1 = longToken1db,
LongToken2 = longToken2db
};
var longSession = await userManager.FindLongSessionAsync(longSessionToFind);
if (longSession == null)
{
return(Logout("Session not found"));
}
sunClaimsPrincipal = await jweService.RenewSecurityTokensAsync(Context, userId, longSession);
Console.ForegroundColor = ConsoleColor.Green;
Console.WriteLine("\nToken renews\n");
Console.ResetColor();
}
else
{
string authorization = Request.Headers["Authorization"];
if (string.IsNullOrEmpty(authorization))
{
return(Logout("No Authorization header"));
}
string jwtShortToken = null;
if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
{
jwtShortToken = authorization.Substring("Bearer ".Length).Trim();
}
if (string.IsNullOrEmpty(jwtShortToken))
{
return(Logout("No Bearer in Authorization header"));
}
var claimsPrincipal = jweService.ReadShortToken(jwtShortToken);
string lat2ran_1 = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value;
string lat2ran_2 = claimsPrincipal.Claims.First(x => x.Type == TokenClaimNames.LongToken2Ran).Value;
long sessionId =
long.Parse(jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.SessionId).Value);
if (!string.Equals(lat2ran_1, lat2ran_2))
{
return(await DeleteLongSessionAndLogout(sessionId));
}
string lat2db = jwtLongToken2.Claims.First(x => x.Type == TokenClaimNames.LongToken2Db).Value;
sunClaimsPrincipal = new SunClaimsPrincipal(claimsPrincipal, rolesCache, sessionId, lat2db);
}
if (jweBlackListService.IsTokenInBlackList(sunClaimsPrincipal.LongToken2Db))
{
return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId));
}
if (sunClaimsPrincipal.Roles.ContainsKey(RoleNames.Banned))
{
return(await DeleteLongSessionAndLogout(sunClaimsPrincipal.SessionId));
}
var authenticationTicket = new AuthenticationTicket(sunClaimsPrincipal, SunJwt.Scheme);
return(AuthenticateResult.Success(authenticationTicket));
}
catch (Exception e)
{
return(Logout("Error " + e));
}
}