private Authorization GetFromAuthorizationResource(RoleDefinitionDataProvider roleDP, ResourceAttribute resAttr)
{
Authorization auth = new Authorization()
{
ResourceName = resAttr.Name,
ResourceDescription = resAttr.Description,
};
auth.AllowedRoles.Add(new Role()
{
RoleId = RoleDefinitionDataProvider.SuperUserId
});
if (resAttr.Anonymous)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAnonymousRoleId()
});
}
if (resAttr.User)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetUserRoleId()
});
}
if (resAttr.Editor)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetEditorRoleId()
});
}
if (resAttr.Administrator)
{
auth.AllowedRoles.Add(new Role()
{
RoleId = roleDP.GetAdministratorRoleId()
});
}
return(auth);
}
public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
{
// we need to check if this resource is protected
if (string.IsNullOrEmpty(resourceName))
{
throw new InternalError("Missing resource name");
}
if (IsBackDoorWideOpen())
{
return(true);
}
if (YetaWFManager.IsDemo || Manager.IsDemoUser)
{
return(true);
}
// check if this is the superuser
if (Manager.HasSuperUserRole)
{
return(true);
}
using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
Authorization auth = await authDP.GetItemAsync(resourceName);
if (auth == null)
{
Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
return(false);// not authorized, there is no such resource
#endif
}
RoleComparer roleComp = new RoleComparer();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
if (!Manager.HaveUser)
{
// check if anonymous user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetAnonymousRoleId()
}, roleComp))
{
return(true);
}
return(false);
}
// authenticated user
// check if any authenticated user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetUserRoleId()
}, roleComp))
{
return(true);
}
}
string userName = Manager.UserName;
UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user
if (user == null)
{
throw new InternalError("UserObject missing for authenticated user");
}
// check if this user is allowed
if (auth.AllowedUsers.Contains(new User {
UserId = user.UserId
}, new UserComparer()))
{
return(true);
}
// check if this user is in a permitted role
foreach (Role loginRole in user.RolesList)
{
if (auth.AllowedRoles.Contains(new Role {
RoleId = loginRole.RoleId
}, roleComp))
{
return(true);
}
}
} // simply not authorized
return(false);
}
public int GetAnonymousRoleId()
{
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
return(roleDP.GetAnonymousRoleId());
}
}