Exemplo n.º 1
0
        public void AssignWebsiteUser(string userId)
        {
            using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
            {
                var webUser = context.Roles.FirstOrDefault(c => c.Description == "Website User");
                if (webUser == null)
                {
                    webUser = new Role
                    {
                        Description = "Website User",
                    };
                    context.Roles.Add(webUser);
                    context.SaveChanges();
                }

                context.UserRoles.Add(new UserRole()
                {
                    RoleId = webUser.Id,
                    UserId = userId
                });
                context.SaveChanges();

                //return webUser;
            }
        }
Exemplo n.º 2
0
        public Role GetOrCreateSuperUser(string userId)
        {
            using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
            {
                var superUser = context.Roles.FirstOrDefault(c => c.Description == "Super User");
                if (superUser == null)
                {
                    superUser = new Role
                    {
                        Description = "Super User",
                    };
                    context.Roles.Add(superUser);
                    context.SaveChanges();
                }

                context.UserRoles.Add(new UserRole()
                {
                    RoleId = superUser.Id,
                    UserId = userId
                });
                context.SaveChanges();

                return(superUser);
            }
        }
Exemplo n.º 3
0
        public void AssignResourceToOwner(string resourceKey, string userId, string specificResourceId)
        {
            using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
            {
                var resource = context.Resources.FirstOrDefault(c => c.Key == resourceKey);

                if (resource == null)
                {
                    throw new Exception($"Unable to assign resource to user. Unknown resource key {resourceKey}");
                }

                if (UserAlreadyOwnsResource(context, resource, userId, specificResourceId))
                {
                    return;
                }

                context.ResourceOwners.Add(new ResourceOwner
                {
                    ResourceId         = resource.Id,
                    UserId             = userId,
                    SpecificResourceId = specificResourceId
                });
                context.SaveChanges();
            }
        }
Exemplo n.º 4
0
        /// <summary>
        /// find all declared resources and add them to the db.
        /// </summary>
        private void SeedResources()
        {
            var assembly = Assembly.GetEntryAssembly();
            var attribs  = assembly.GetTypes()
                           .SelectMany(type => type.GetMembers())
                           .Union(assembly.GetTypes())
                           .Where(type => Attribute.IsDefined(type, typeof(ResourcePermissionAttribute)));

            foreach (var memberInfo in attribs)
            {
                var permResource = memberInfo.GetCustomAttribute <ResourcePermissionAttribute>();

                var resource = _authDbContext.Resources.FirstOrDefault(c => c.Key == permResource.ResourceKey);
                if (resource == null)
                {
                    resource = new Resource
                    {
                        Key         = permResource.ResourceKey,
                        Description = permResource.ResourceKey
                    };
                    _authDbContext.Resources.Add(resource);
                }

                var resourceDetail = _authDbContext.ResourceDetails.FirstOrDefault(c =>
                                                                                   c.ResourceId == resource.Id && c.Key == permResource.ResourceDetailKey);

                if (resourceDetail == null)
                {
                    resourceDetail = new ResourceDetail()
                    {
                        Key         = permResource.ResourceDetailKey,
                        Description = permResource.ResourceDetailKey,
                        ResourceId  = resource.Id
                    };
                    _authDbContext.ResourceDetails.Add(resourceDetail);
                }

                _authDbContext.SaveChanges();
            }
        }
Exemplo n.º 5
0
        public ReplyBase IsAuthorized(string userId, string resourceKey, string resourceDetailKey, string specificResourceId = null)
        {
            using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
            {
                var userRoles = context.UserRoles.Where(c => c.UserId == userId).ToList();
                if (!userRoles.Any())
                {
                    return(ReplyBase.Unauthorized());
                }

                var resource = context.Resources.FirstOrDefault(c => c.Key == resourceKey);

                if (resource == null)
                {
                    resource = new Resource
                    {
                        Description = resourceKey,
                        Key         = resourceKey
                    };
                    context.Resources.Add(resource);
                    context.SaveChanges();
                    //return ReplyBase.Unauthorized("Invalid resource key");
                }

                var resourceDetail =
                    context.ResourceDetails.FirstOrDefault(c =>
                                                           c.ResourceId == resource.Id && c.Key == resourceDetailKey);

                if (resourceDetail == null)
                {
                    resourceDetail = new ResourceDetail
                    {
                        Description = resourceDetailKey,
                        Key         = resourceDetailKey,
                        ResourceId  = resource.Id
                    };

                    context.ResourceDetails.Add(resourceDetail);
                    context.SaveChanges();


                    //return ReplyBase.Unauthorized("Invalid resource detail id");
                }

                var roles = context.Roles.Where(c => userRoles.Select(u => u.RoleId).Contains(c.Id)).ToList();
                if (roles.Any(c => c.Description == "Super User"))
                {
                    return(ReplyBase.Success());
                }

                var roleIds = roles.Select(c => c.Id).ToList();

                var permissions = context.Permissions
                                  .Where(c => roleIds.Contains(c.RoleId) && c.ResourceDetailId == resourceDetail.Id).ToList();

                if (!permissions.Any())
                {
                    return(ReplyBase.Unauthorized());
                }

                if (permissions.Any(c =>
                                    c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Deny))
                {
                    return(ReplyBase.Unauthorized());
                }

                var allowedPermission = permissions.FirstOrDefault(c =>
                                                                   c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Allow);
                if (allowedPermission != null)
                {
                    if (allowedPermission.OwnerScoped && specificResourceId != null)
                    {
                        var allowed = context.ResourceOwners.Any(c =>
                                                                 c.ResourceId == resource.Id && c.SpecificResourceId == specificResourceId &&
                                                                 c.UserId == userId);
                        if (!allowed)
                        {
                            return(ReplyBase.Unauthorized());
                        }
                    }
                    return(ReplyBase.Success());
                }
            }
            return(ReplyBase.Unauthorized("Unknown resource check"));
        }