Пример #1
0
        /// <summary>
        /// Create a new <see cref="UserAreaOptions"/>, copying data from
        /// the specified <paramref name="settings"/>.
        /// </summary>
        /// <param name="settings">
        /// <see cref="UsersSettings"/> configuration to copy from.
        /// </param>
        public static UserAreaOptions CopyFrom(UsersSettings settings)
        {
            if (settings == null)
            {
                throw new ArgumentNullException(nameof(settings));
            }
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.EmailAddress);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.Password);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.Username);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cookies);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.Authentication);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountRecovery);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.AccountVerification);
            EntityInvalidOperationException.ThrowIfNull(settings, s => s.Cleanup);

            var options = new UserAreaOptions()
            {
                EmailAddress        = settings.EmailAddress.Clone(),
                Password            = settings.Password.Clone(),
                Username            = settings.Username.Clone(),
                Cookies             = settings.Cookies.Clone(),
                Authentication      = settings.Authentication.Clone(),
                AccountRecovery     = settings.AccountRecovery.Clone(),
                AccountVerification = settings.AccountVerification.Clone(),
                Cleanup             = settings.Cleanup.Clone()
            };

            return(options);
        }
        public async Task ExecuteAsync(Controller controller, PageActionRoutingState state)
        {
            if (controller == null)
            {
                throw new ArgumentNullException(nameof(controller));
            }
            if (state == null)
            {
                throw new ArgumentNullException(nameof(state));
            }
            EntityInvalidOperationException.ThrowIfNull(state, r => r.AmbientUserContext);

            // If no page (404) skip this step - it will be handled later
            // Access rules don't apply to Cofoundry admin users, so skip this step
            var isAmbientContextCofoundryAdmin = state.AmbientUserContext.IsCofoundryUser();

            if (state.PageRoutingInfo == null || isAmbientContextCofoundryAdmin)
            {
                var skipReason = isAmbientContextCofoundryAdmin ? "User is Cofoundry admin user" : "no page found";
                _logger.LogDebug("Skipping access rule validation step, {SkipReason}.", skipReason);

                return;
            }

            var accessRuleViolation = await FindAccessRuleViolation(state);

            if (accessRuleViolation == null)
            {
                _logger.LogDebug("No access rule violations found.");
            }
            else
            {
                EnforceRuleViolation(controller, state, accessRuleViolation);
            }
        }
Пример #3
0
        /// <summary>
        /// Determines if the <paramref name="user"/> violates any access rules
        /// for this route. If the user cannot access the route then a rule viloation
        /// is returned. The user may violate several rules in the page and directory
        /// tree but only the most specific rule set is returned, starting with the page and
        /// then working back up through the directory tree.
        /// </summary>
        /// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param>
        /// <returns>
        /// If any rules are violated, then the most specific rule is returned;
        /// otherwise <see langword="null"/>.
        /// </returns>
        public EntityAccessRuleSet ValidateAccess(IUserContext user)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            EntityInvalidOperationException.ThrowIfNull(this, r => r.PageRoute);

            return(PageRoute.ValidateAccess(user));
        }
        public IEnumerable <EntityAccessRuleSet> EnumerateAccessRuleSets(PageRoutingInfo pageRoutingInfo)
        {
            EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo, r => r.PageRoute);
            EntityInvalidOperationException.ThrowIfNull(pageRoutingInfo.PageRoute, r => r.PageDirectory);

            if (pageRoutingInfo.PageRoute.AccessRuleSet != null)
            {
                yield return(pageRoutingInfo.PageRoute.AccessRuleSet);
            }

            foreach (var ruleSet in EnumerableHelper.Enumerate(pageRoutingInfo.PageRoute.PageDirectory.AccessRuleSets))
            {
                yield return(ruleSet);
            }
        }
Пример #5
0
        /// <summary>
        /// Determines if the <paramref name="user"/> violates any access rules
        /// for this page or any parent directories. If the user cannot access the
        /// page then the violated <see cref="EntityAccessRuleSet"/> is returned. The user may
        /// violate several rules in the page and directory tree but only the most specific rule set is
        /// returned, starting with the page and then working back up through the
        /// directory tree.
        /// </summary>
        /// <param name="user">The <see cref="IUserContext"/> to check against access rules.</param>
        /// <returns>
        /// If any rules are violated, then the most specific <see cref="EntityAccessRuleSet"/> is returned;
        /// otherwise <see langword="null"/>.
        /// </returns>
        public EntityAccessRuleSet ValidateAccess(IUserContext user)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }
            EntityInvalidOperationException.ThrowIfNull(this, r => r.PageDirectory);

            if (AccessRuleSet != null && !AccessRuleSet.IsAuthorized(user))
            {
                return(AccessRuleSet);
            }

            var directoryViolation = PageDirectory
                                     .AccessRuleSets
                                     .GetRuleViolations(user)
                                     .FirstOrDefault();

            return(directoryViolation);
        }
        /// <summary>
        /// Determines if the <paramref name="user"/> is permitted to
        /// access the resource associated with this ruleset. To pass the
        /// check the user must match any of the <see cref="AccessRules"/>.
        /// If there are no access rules, then the resource is public and
        /// the check passes.
        /// </summary>
        /// <param name="user">The user to check; cannot be null.</param>
        /// <returns>true if the user is authorized to access this resource; otherwise false.</returns>
        public bool IsAuthorized(IUserContext user)
        {
            if (user == null)
            {
                throw new ArgumentNullException(nameof(user));
            }

            if (EnumerableHelper.IsNullOrEmpty(AccessRules))
            {
                return(true);
            }

            if (!user.IsSignedIn())
            {
                return(false);
            }

            // if logged in, the user should always be assigned a user area
            EntityInvalidOperationException.ThrowIfNull(user, u => u.UserArea);

            return(AccessRules
                   .Any(r => r.UserAreaCode == user.UserArea.UserAreaCode &&
                        (!r.RoleId.HasValue || r.RoleId == user.RoleId)));
        }