Exemplo n.º 1
0
        /// <summary>
        /// CheckComponentPermission()
        /// Check current user role permissioned to access the component as a whole
        /// </summary>
        private PermissionLevel CheckComponentPermission(UserClaims claims, ComponentExtensionEventArgs e)
        {
            // If not authenticated and no role assigned to anonymous users
            if (claims.IsAuthenticated == false && claims.Roles.Count == 0)
            {
                return(PermissionLevel.Denied);
            }

            return(CheckDefaultComponentPermission(claims, e));
        }
Exemplo n.º 2
0
        /// <summary>
        /// CheckComponentOperationPermission()
        /// Check default user role permission to access the component operation named in e.OperationName
        /// </summary>
        private PermissionLevel CheckComponentOperationPermission(UserClaims claims, ComponentExtensionEventArgs e)
        {
            switch (e.OperationName)
            {
            default:
                break;
            }

            // If we get here, it means there is no explicit (override) authorization operation rule for at least one of the user's roles
            // So we go 'up' to the component permissions and try the same logic at component level
            return(CheckComponentPermission(claims, e));
        }
Exemplo n.º 3
0
        /// <summary>
        /// CheckDefaultComponentPermission()
        /// Check default user role permission to access the component
        /// </summary>
        private PermissionLevel CheckDefaultComponentPermission(UserClaims claims, ComponentExtensionEventArgs e)
        {
            // Roles "Administrator", "User" have default authorized access to all components (can still later be overridden by more specific rules)
            if (claims.Roles.Intersect(new List <string> {
                "Administrator", "User"
            }).Any())
            {
                return(PermissionLevel.Authorized);
            }

            return(PermissionLevel.Denied);
        }
Exemplo n.º 4
0
        /// <summary>
        /// OnBeforeCall()
        /// Check current user role permissions for the proposed component operation call
        /// </summary>
        private void OnBeforeCall(object sender, ComponentExtensionEventArgs e)
        {
            // Get user claims
            IAuthentication authentication = ApplicationSettings.Container.Resolve <IAuthentication>();
            UserClaims      claims         = authentication.GetCurrentUserClaims();

            // We start by looking at the operation permissions
            // If no decision reached from doing that, it internally ripples up to check the component permissions
            if (CheckComponentOperationPermission(claims, e) != PermissionLevel.Authorized)
            {
                // Give authentication opportunity to package up the exception
                authentication.ThrowAccessDenied(new GOServerException("accessDenied", "Access denied to component operation GOFileUploader." + e.OperationName, new ForbiddenAccessException("forbidden access")));
            }
        }
Exemplo n.º 5
0
        /// <summary>
        /// CheckComponentOperationPermission()
        /// Check default user role permission to access the component operation named in e.OperationName
        /// </summary>
        private PermissionLevel CheckComponentOperationPermission(UserClaims claims, ComponentExtensionEventArgs e)
        {
            switch (e.OperationName)
            {
            case "Authenticate":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "AuthorizeNavigationTo":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "ChangePassword":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "LostPassword":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "Register":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "RegisterByEmail":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "RegisterFull":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "ResetPassword":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            case "ValidateRegistration":
            {
                int deniedRoleCount = 0;

                foreach (string role in claims.Roles)
                {
                    if (role == "Guest")
                    {
                        return(PermissionLevel.Authorized);
                    }
                }

                // all roles denied?
                if (deniedRoleCount == claims.Roles.Count())
                {
                    return(PermissionLevel.Denied);
                }

                break;
            }

            default:
                break;
            }

            // If we get here, it means there is no explicit (override) authorization operation rule for at least one of the user's roles
            // So we go 'up' to the component permissions and try the same logic at component level
            return(CheckComponentPermission(claims, e));
        }