/// <summary>
/// Create a new <see cref="UserAreaOptions"/>, copying data from
/// the specified <paramref name="settings"/>.
/// </summary>
/// <param name="settings">
/// <see cref="UsersSettings"/> configuration to copy from.
/// </param>
public static UserAreaOptions CopyFrom(UsersSettings settings)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
EntityInvalidOperationException.ThrowIfNull(settings, s => s.EmailAddress);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.Password);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.Username);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cookies);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.Authentication);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountRecovery);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountVerification);
EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cleanup);
var options = new UserAreaOptions()
{
EmailAddress = settings.EmailAddress.Clone(),
Password = settings.Password.Clone(),
Username = settings.Username.Clone(),
Cookies = settings.Cookies.Clone(),
Authentication = settings.Authentication.Clone(),
AccountRecovery = settings.AccountRecovery.Clone(),
AccountVerification = settings.AccountVerification.Clone(),
Cleanup = settings.Cleanup.Clone()
};
return(options);
}
public async Task ExecuteAsync(Controller controller, PageActionRoutingState state)
{
if (controller == null)
{
throw new ArgumentNullException(nameof(controller));
}
if (state == null)
{
throw new ArgumentNullException(nameof(state));
}
EntityInvalidOperationException.ThrowIfNull(state, r => r.AmbientUserContext);
// If no page (404) skip this step - it will be handled later
// Access rules don't apply to Cofoundry admin users, so skip this step
var isAmbientContextCofoundryAdmin = state.AmbientUserContext.IsCofoundryUser();
if (state.PageRoutingInfo == null || isAmbientContextCofoundryAdmin)
{
var skipReason = isAmbientContextCofoundryAdmin ? "User is Cofoundry admin user" : "no page found";
_logger.LogDebug("Skipping access rule validation step, {SkipReason}.", skipReason);
return;
}
var accessRuleViolation = await FindAccessRuleViolation(state);
if (accessRuleViolation == null)
{
_logger.LogDebug("No access rule violations found.");
}
else
{
EnforceRuleViolation(controller, state, accessRuleViolation);
}
}
/// <summary>
/// Determines if the <paramref name="user"/> violates any access rules
/// for this route. If the user cannot access the route then a rule viloation
/// is returned. The user may violate several rules in the page and directory
/// tree but only the most specific rule set is returned, starting with the page and
/// then working back up through the directory tree.
/// </summary>
/// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param>
/// <returns>
/// If any rules are violated, then the most specific rule is returned;
/// otherwise <see langword="null"/>.
/// </returns>
public EntityAccessRuleSet ValidateAccess(IUserContext user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
EntityInvalidOperationException.ThrowIfNull(this, r => r.PageRoute);
return(PageRoute.ValidateAccess(user));
}
public IEnumerable <EntityAccessRuleSet> EnumerateAccessRuleSets(PageRoutingInfo pageRoutingInfo)
{
EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo, r => r.PageRoute);
EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo.PageRoute, r => r.PageDirectory);
if (pageRoutingInfo.PageRoute.AccessRuleSet != null)
{
yield return(pageRoutingInfo.PageRoute.AccessRuleSet);
}
foreach (var ruleSet in EnumerableHelper.Enumerate(pageRoutingInfo.PageRoute.PageDirectory.AccessRuleSets))
{
yield return(ruleSet);
}
}
/// <summary>
/// Determines if the <paramref name="user"/> violates any access rules
/// for this page or any parent directories. If the user cannot access the
/// page then the violated <see cref="EntityAccessRuleSet"/> is returned. The user may
/// violate several rules in the page and directory tree but only the most specific rule set is
/// returned, starting with the page and then working back up through the
/// directory tree.
/// </summary>
/// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param>
/// <returns>
/// If any rules are violated, then the most specific <see cref="EntityAccessRuleSet"/> is returned;
/// otherwise <see langword="null"/>.
/// </returns>
public EntityAccessRuleSet ValidateAccess(IUserContext user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
EntityInvalidOperationException.ThrowIfNull(this, r => r.PageDirectory);
if (AccessRuleSet != null && !AccessRuleSet.IsAuthorized(user))
{
return(AccessRuleSet);
}
var directoryViolation = PageDirectory
.AccessRuleSets
.GetRuleViolations(user)
.FirstOrDefault();
return(directoryViolation);
}
/// <summary>
/// Determines if the <paramref name="user"/> is permitted to
/// access the resource associated with this ruleset. To pass the
/// check the user must match any of the <see cref="AccessRules"/>.
/// If there are no access rules, then the resource is public and
/// the check passes.
/// </summary>
/// <param name="user">The user to check; cannot be null.</param>
/// <returns>true if the user is authorized to access this resource; otherwise false.</returns>
public bool IsAuthorized(IUserContext user)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (EnumerableHelper.IsNullOrEmpty(AccessRules))
{
return(true);
}
if (!user.IsSignedIn())
{
return(false);
}
// if logged in, the user should always be assigned a user area
EntityInvalidOperationException.ThrowIfNull(user, u => u.UserArea);
return(AccessRules
.Any(r => r.UserAreaCode == user.UserArea.UserAreaCode &&
(!r.RoleId.HasValue || r.RoleId == user.RoleId)));
}
