/// <summary> /// Create a new <see cref="UserAreaOptions"/>, copying data from /// the specified <paramref name="settings"/>. /// </summary> /// <param name="settings"> /// <see cref="UsersSettings"/> configuration to copy from. /// </param> public static UserAreaOptions CopyFrom(UsersSettings settings) { if (settings == null) { throw new ArgumentNullException(nameof(settings)); } EntityInvalidOperationException.ThrowIfNull(settings, s => s.EmailAddress); EntityInvalidOperationException.ThrowIfNull(settings, s => s.Password); EntityInvalidOperationException.ThrowIfNull(settings, s => s.Username); EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cookies); EntityInvalidOperationException.ThrowIfNull(settings, s => s.Authentication); EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountRecovery); EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountVerification); EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cleanup); var options = new UserAreaOptions() { EmailAddress = settings.EmailAddress.Clone(), Password = settings.Password.Clone(), Username = settings.Username.Clone(), Cookies = settings.Cookies.Clone(), Authentication = settings.Authentication.Clone(), AccountRecovery = settings.AccountRecovery.Clone(), AccountVerification = settings.AccountVerification.Clone(), Cleanup = settings.Cleanup.Clone() }; return(options); }
public async Task ExecuteAsync(Controller controller, PageActionRoutingState state) { if (controller == null) { throw new ArgumentNullException(nameof(controller)); } if (state == null) { throw new ArgumentNullException(nameof(state)); } EntityInvalidOperationException.ThrowIfNull(state, r => r.AmbientUserContext); // If no page (404) skip this step - it will be handled later // Access rules don't apply to Cofoundry admin users, so skip this step var isAmbientContextCofoundryAdmin = state.AmbientUserContext.IsCofoundryUser(); if (state.PageRoutingInfo == null || isAmbientContextCofoundryAdmin) { var skipReason = isAmbientContextCofoundryAdmin ? "User is Cofoundry admin user" : "no page found"; _logger.LogDebug("Skipping access rule validation step, {SkipReason}.", skipReason); return; } var accessRuleViolation = await FindAccessRuleViolation(state); if (accessRuleViolation == null) { _logger.LogDebug("No access rule violations found."); } else { EnforceRuleViolation(controller, state, accessRuleViolation); } }
/// <summary> /// Determines if the <paramref name="user"/> violates any access rules /// for this route. If the user cannot access the route then a rule viloation /// is returned. The user may violate several rules in the page and directory /// tree but only the most specific rule set is returned, starting with the page and /// then working back up through the directory tree. /// </summary> /// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param> /// <returns> /// If any rules are violated, then the most specific rule is returned; /// otherwise <see langword="null"/>. /// </returns> public EntityAccessRuleSet ValidateAccess(IUserContext user) { if (user == null) { throw new ArgumentNullException(nameof(user)); } EntityInvalidOperationException.ThrowIfNull(this, r => r.PageRoute); return(PageRoute.ValidateAccess(user)); }
public IEnumerable <EntityAccessRuleSet> EnumerateAccessRuleSets(PageRoutingInfo pageRoutingInfo) { EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo, r => r.PageRoute); EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo.PageRoute, r => r.PageDirectory); if (pageRoutingInfo.PageRoute.AccessRuleSet != null) { yield return(pageRoutingInfo.PageRoute.AccessRuleSet); } foreach (var ruleSet in EnumerableHelper.Enumerate(pageRoutingInfo.PageRoute.PageDirectory.AccessRuleSets)) { yield return(ruleSet); } }
/// <summary> /// Determines if the <paramref name="user"/> violates any access rules /// for this page or any parent directories. If the user cannot access the /// page then the violated <see cref="EntityAccessRuleSet"/> is returned. The user may /// violate several rules in the page and directory tree but only the most specific rule set is /// returned, starting with the page and then working back up through the /// directory tree. /// </summary> /// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param> /// <returns> /// If any rules are violated, then the most specific <see cref="EntityAccessRuleSet"/> is returned; /// otherwise <see langword="null"/>. /// </returns> public EntityAccessRuleSet ValidateAccess(IUserContext user) { if (user == null) { throw new ArgumentNullException(nameof(user)); } EntityInvalidOperationException.ThrowIfNull(this, r => r.PageDirectory); if (AccessRuleSet != null && !AccessRuleSet.IsAuthorized(user)) { return(AccessRuleSet); } var directoryViolation = PageDirectory .AccessRuleSets .GetRuleViolations(user) .FirstOrDefault(); return(directoryViolation); }
/// <summary> /// Determines if the <paramref name="user"/> is permitted to /// access the resource associated with this ruleset. To pass the /// check the user must match any of the <see cref="AccessRules"/>. /// If there are no access rules, then the resource is public and /// the check passes. /// </summary> /// <param name="user">The user to check; cannot be null.</param> /// <returns>true if the user is authorized to access this resource; otherwise false.</returns> public bool IsAuthorized(IUserContext user) { if (user == null) { throw new ArgumentNullException(nameof(user)); } if (EnumerableHelper.IsNullOrEmpty(AccessRules)) { return(true); } if (!user.IsSignedIn()) { return(false); } // if logged in, the user should always be assigned a user area EntityInvalidOperationException.ThrowIfNull(user, u => u.UserArea); return(AccessRules .Any(r => r.UserAreaCode == user.UserArea.UserAreaCode && (!r.RoleId.HasValue || r.RoleId == user.RoleId))); }