public static IEnumerable <Guid> GetNodesWithRightIncludingGroups(this IPermissionStore permissionStore,
Guid subjectID, string spec)
{
return(permissionStore.GetNodesWithRight(subjectID, spec).Union(
permissionStore.GetGroups(subjectID).SelectMany(groupID =>
permissionStore.GetNodesWithRight(groupID, spec))));
}
public PermissionManager(IPermissionStore permissionStore, IUserStore userStore, ILogger <PermissionManager> logger, IMapper mapper)
{
_permissionStore = permissionStore;
_userStore = userStore;
_logger = logger;
_mapper = mapper;
}
public PermissionManager(ResourceCollection resources, IPermissionStore permissionStore, PermissionCache cache, IEnumerable <IResourceInstanceProvider> resourceInstanceProviders)
{
_resources = resources;
_permissionStore = permissionStore;
_cache = cache;
_resourceInstanceProviders = resourceInstanceProviders;
}
public RoleManager(IRoleStore <TRole> store, IPermissionStore permissionStore, ICacheManager cacheManager, IEnumerable <IRoleValidator <TRole> > roleValidators, ILookupNormalizer keyNormalizer, IdentityErrorDescriber errors, IOptions <AuthorizationOptions> options, ILogger <RoleManager <TRole> > logger)
: base(store, roleValidators, keyNormalizer, errors, logger)
{
this.options = options.Value;
this.permissionStore = permissionStore;
this.cacheManager = cacheManager;
}
public static bool HasRightIncludingGroups(this IPermissionStore permissionStore, Guid nodeID, Guid subjectID,
string spec)
{
return(permissionStore.HasRight(nodeID, subjectID, spec) ||
permissionStore.GetGroups(subjectID)
.Any(groupID => permissionStore.HasRight(nodeID, groupID, spec)));
}
public PermissionController(IPermission permission, IPermissionStore permissionStore, IToken token, IApplicationContext applicationContext)
{
_permission = permission;
_permissionStore = permissionStore;
_token = token;
_applicationContext = applicationContext;
}
public PermissionManager(IPermissionStore <TKey> permissionStore, ResourceRegistry resourceRegistry, IResourceInstanceProvider resourceInstanceProvider, INamingConvertor namingConvertor)
{
_permissionStore = permissionStore;
_resourceRegistry = resourceRegistry;
_namingConvertor = namingConvertor;
_resourceInstanceProvider = resourceInstanceProvider;
}
public RoleManager(IRoleStore roleStore, ILogger <RoleManager> logger, IMapper mapper, IRolePermissionStore rolePermissionStore, ITransaction <AuthenticationDbContext> transaction, IPermissionStore permissionStore)
{
_permissionStore = permissionStore;
_roleStore = roleStore;
_rolePermissionStore = rolePermissionStore;
_transaction = transaction;
_logger = logger;
_mapper = mapper;
}
public GrantChecker(
IAppSession session,
IIdentityUserManager <TUser> userManager,
IPermissionStore permissionStore)
{
this.userManager = userManager;
this.permissionStore = permissionStore;
this.session = session;
}
public UserManager(
IUserStore <User, int> userStore,
IPermissionStore <Permission, int> permissionStore,
IIdentityMessageService emailService)
: base(userStore)
{
_permissionStore = permissionStore;
EmailService = emailService;
}
public RoleManger(IRoleStore store, IPermissionStore permissionStore, IOrganizationStore organizationStore, IUserRoleStore userRoleStore, IUserOrgStore userOrgStore, IRoleOrgStore roleOrgStore, IRoleOrgPerStore roleOrgPerStore, IMapper mapper)
{
Store = store ?? throw new ArgumentNullException(nameof(store));
PermissionStore = permissionStore ?? throw new ArgumentNullException(nameof(permissionStore));
OrganizationStore = organizationStore ?? throw new ArgumentNullException(nameof(organizationStore));
UserRoleStore = userRoleStore ?? throw new ArgumentNullException(nameof(userRoleStore));
UserOrgStore = userOrgStore ?? throw new ArgumentNullException(nameof(userOrgStore));
RoleOrgStore = roleOrgStore ?? throw new ArgumentNullException(nameof(roleOrgStore));
RoleOrgPerStore = roleOrgPerStore ?? throw new ArgumentNullException(nameof(roleOrgPerStore));
Mapper = mapper ?? throw new ArgumentNullException(nameof(mapper));
}
protected PermissionManagementProvider(
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant)
{
PermissionGrantRepository = permissionGrantRepository;
PermissionStore = permissionStore;
GuidGenerator = guidGenerator;
CurrentTenant = currentTenant;
}
public UserPermissionManagementProvider(
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant)
: base(
permissionGrantRepository,
permissionStore,
guidGenerator,
currentTenant)
{
}
public DefaultPermissionManager(
IPermissionDefinitionManager permissionDefinitionManager,
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IServiceProvider serviceProvider,
IGuidGenerator guidGenerator,
IOptions <PermissionManagementOptions> options,
ICurrentTenant currentTenant)
: base(permissionDefinitionManager, permissionGrantRepository, serviceProvider, guidGenerator, options, currentTenant)
{
ServiceProvider = serviceProvider;
PermissionStore = permissionStore;
}
public IdentityPermissionManager(
IPermissionDefinitionManager permissionDefinitionManager,
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IServiceProvider serviceProvider,
IGuidGenerator guidGenerator,
IOptions <PermissionManagementOptions> options,
ICurrentTenant currentTenant,
IUserRoleFinder userRoleFinder)
: base(permissionDefinitionManager, permissionGrantRepository, permissionStore, serviceProvider, guidGenerator, options, currentTenant)
{
UserRoleFinder = userRoleFinder;
}
public ConfiguredUserManager(IUserStore <User, int> userStore,
IPermissionStore <Permission, int> permissionStore,
IIdentityMessageService emailService,
IdentityFactoryOptions <UserManager> options)
: base(userStore, permissionStore, emailService)
{
var dataProtectionProvider = options.DataProtectionProvider;
if (dataProtectionProvider != null)
{
UserTokenProvider = new DataProtectorTokenProvider <User, int>(
dataProtectionProvider.Create("ASP.NET Identity"));
}
}
public RolePermissionManagementProvider(
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IGuidGenerator guidGenerator,
ICurrentTenant currentTenant,
IUserRoleFinder userRoleFinder)
: base(
permissionGrantRepository,
permissionStore,
guidGenerator,
currentTenant)
{
UserRoleFinder = userRoleFinder;
}
// Constructors
public PermissionValidator(IPermissionStore <TPermission, TKey> store)
{
#region Contracts
if (store == null)
{
throw new ArgumentNullException("store");
}
#endregion
// Default
this.Store = store;
}
// Constructors
public PermissionManager(IPermissionStore <TPermission, TKey> store)
{
#region Contracts
if (store == null)
{
throw new ArgumentNullException("store");
}
#endregion
// Default
_store = store;
_validator = new PermissionValidator <TPermission, TKey>(store);
}
public OnUserPermissionImp(IAppUser user, IPermissionStore permissionStore, IResourcePermissionGroupMapper secProv)
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (permissionStore == null)
{
throw new ArgumentNullException(nameof(permissionStore));
}
if (secProv == null)
{
throw new ArgumentNullException(nameof(secProv));
}
this.user = user;
this.permissionStore = permissionStore;
this.secProv = secProv;
}
/// <summary>
/// Initializes a new instance of the <see cref="PermissionEvaluator" /> class.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="resourceId">The resource type identifier.</param>
/// <param name="permissionStore">The permission store.</param>
/// <param name="adminRoleName">Name of the admin role.</param>
public PermissionEvaluator(IAppUser user, long resourceId, IPermissionStore permissionStore, string adminRoleName = "Admin")
{
if (user == null)
{
throw new ArgumentNullException(nameof(user));
}
if (permissionStore == null)
{
throw new ArgumentNullException(nameof(permissionStore));
}
User = user;
this.resourceId = resourceId;
this.permissionStore = permissionStore;
this.adminRoleName = adminRoleName;
if (user.Roles != null)
{
userRoles = user.Roles.Values.ToDictionary(c => c.RoleNumber);
}
}
public DefaultPermissionManager(
IPermissionDefinitionManager permissionDefinitionManager,
IPermissionStateManager permissionStateManager,
IPermissionGrantRepository permissionGrantRepository,
IPermissionStore permissionStore,
IServiceProvider serviceProvider,
IGuidGenerator guidGenerator,
IOptions <PermissionManagementOptions> options,
ICurrentTenant currentTenant,
IDistributedCache <PermissionGrantCacheItem> cache)
: base(
permissionDefinitionManager,
permissionStateManager,
permissionGrantRepository,
serviceProvider,
guidGenerator,
options,
currentTenant,
cache)
{
ServiceProvider = serviceProvider;
PermissionStore = permissionStore;
}
public UserPermissionValueProvider(IPermissionStore permissionStore)
{
_permissionStore = permissionStore;
}
public Authorizer(IPermissionStore permissionStore)
{
_permissionStore = permissionStore;
}
/// <summary>
/// Initializes a new instance of the <see cref="PermissionBuilder" /> class.
/// </summary>
/// <param name="permissionStore">The permission store.</param>
/// <param name="secProv">The sec prov.</param>
public PermissionBuilder(IPermissionStore permissionStore, IResourcePermissionGroupMapper secProv)
{
this.permissionStore = permissionStore;
this.secProv = secProv;
}
public UserPermissionValueProvider(IPermissionStore permissionStore)
: base(permissionStore)
{
}
public PermissionManager(IPermissionStore <IdentityPermission> store) : base(store)
{
}
public PermissionTestController(IPermissionStore permissionStore)
{
_permissionInfoExtractor = new PermissionInfoExtractor(permissionStore, new DefaultNameResolver("user_"));
}
private void TestCrudApp(IApplicationBuilder app)
{
using (IServiceScope serviceScope = app.ApplicationServices.GetService <IServiceScopeFactory>().CreateScope()) {
IClientStore clientStore = serviceScope.ServiceProvider.GetRequiredService <IClientStore>();
IPermissionStore permissionStore = serviceScope.ServiceProvider.GetRequiredService <IPermissionStore>();
IRoleStore roleStore = serviceScope.ServiceProvider.GetRequiredService <IRoleStore>();
String clientId = "test";
Int32 client_Id = -1;
Int32 policy_Id = -1;
String permissionId = "PermissionId01";
Int32 permission_Id = -1;
String RoleId = "Role01";
Int32 role_Id = -1;
PolicyServer1.Models.Client existsingClient = null;
PolicyServer1.Models.PolicyPermission existsingPermission = null;
List <PolicyServer1.Models.Permission> permissions = new List <PolicyServer1.Models.Permission>();
PolicyServer1.Models.PolicyRole existsingRole = null;
Task.Run(async() => {
try {
await clientStore.RemoveClientIdAsync(clientId);
} catch (Exception) { }
PolicyServer1.Models.Client newClient = new PolicyServer1.Models.Client {
ClientId = clientId,
ClientName = "ceci est un test",
Description = "ceci est une description",
};
client_Id = await clientStore.CreateAsync(newClient);
existsingClient = await clientStore.GetFromClientIdAsync(clientId);
existsingClient.Description = "une autre descripiton";
existsingClient.ClientUri = "http://localhost:50022";
await clientStore.UpdateAsync(existsingClient.Id, existsingClient);
policy_Id = existsingClient.Policy.Id;
}).Wait();
Task.Run(async() => {
try {
//await permissionStore.RemoveAsync((clientId, permissionId));
} catch (Exception) { }
PolicyServer1.Models.PolicyPermission newClientPermission = new PolicyServer1.Models.PolicyPermission {
PolicyId = policy_Id,
Name = permissionId,
Description = "Cecei un un desdcription"
};
permission_Id = await permissionStore.CreateAsync(newClientPermission);
existsingPermission = await permissionStore.GetAsync((policy_Id, permission_Id));
existsingPermission.Description = "L'action de permission - 01";
existsingPermission.IsRevoked = false;
await permissionStore.UpdateAsync((client_Id, permission_Id), existsingPermission);
if ((await permissionStore.GetByNameAsync(policy_Id, "Permission_0")) == null)
{
for (Int32 i = 0; i < 20; ++i)
{
await permissionStore.CreateAsync(new PolicyServer1.Models.PolicyPermission {
PolicyId = policy_Id,
Name = "Permission_" + i.ToString(),
Description = "Description_" + i.ToString(),
});
}
permissions = (await clientStore.GetAsync(existsingClient.Id)).Policy.Permissions;
}
}).Wait();
Task.Run(async() => {
try {
//await permissionStore.RemoveAsync((clientId, permissionId));
} catch (Exception) { }
PolicyServer1.Models.PolicyRole newClientRole = new PolicyServer1.Models.PolicyRole {
PolicyId = policy_Id,
Name = RoleId,
Description = "Cecei un un desdcription",
IdentityRoles =
{
"id-role-01",
"id-role-02"
},
Subjects =
{
"Stella",
"Alice",
"Bob"
},
Permissions =
{
existsingPermission
}
};
role_Id = await roleStore.CreateAsync(newClientRole);
existsingRole = await roleStore.GetAsync((policy_Id, role_Id));
existsingRole.Description = "Le role de permission - 01";
existsingRole.IdentityRoles.Remove("id-role-01");
existsingRole.Subjects.Remove("Stella");
existsingRole.Permissions.Add(permissions.Skip(5).First());
existsingRole.Permissions.Add(permissions.Skip(6).First());
existsingRole.Permissions.Add(permissions.Skip(7).First());
existsingRole.Permissions.Add(permissions.Skip(8).First());
//existsingRole.Permissions.Add(permissions.Skip(7).First());
await roleStore.UpdateAsync((policy_Id, role_Id), existsingRole);
existsingRole.Permissions.RemoveAt(0);
await roleStore.UpdateAsync((policy_Id, role_Id), existsingRole);
existsingRole.Permissions.First().IsRevoked = true;
await roleStore.UpdateAsync((policy_Id, role_Id), existsingRole);
}).Wait();
Task.Run(async() => {
PolicyServer1.Models.PolicyRole newClientRole = new PolicyServer1.Models.PolicyRole {
PolicyId = policy_Id,
Name = "childRole01",
Description = "Cecei un un desdcription",
IdentityRoles =
{
"id-role-02"
},
Subjects =
{
"Bob"
},
Permissions =
{
permissions.Skip(10).First()
},
Parents =
{
existsingRole
}
};
newClientRole.Id = await roleStore.CreateAsync(newClientRole);
PolicyServer1.Models.PolicyRole newClientRole2 = new PolicyServer1.Models.PolicyRole {
PolicyId = policy_Id,
Name = "childRole02",
Description = "Cecei un un desdcription",
IdentityRoles =
{
"id-role-02"
},
Subjects =
{
"Bob"
},
Permissions =
{
permissions.Skip(10).First()
},
Parents =
{
newClientRole
}
};
newClientRole2.Id = await roleStore.CreateAsync(newClientRole2);
PolicyServer1.Models.PolicyRole testChildRole02 = await roleStore.GetAsync((policy_Id, newClientRole2.Id));
}).Wait();
Task.Run(async() => {
PolicyServer1.Models.PolicyRole test = await roleStore.GetAsync((policy_Id, existsingRole.Id + 1));
}).Wait();
}
}
protected PermissionValueProvider(IPermissionStore permissionStore)
{
PermissionStore = permissionStore;
}
public ContextController(IPermissionStore permissionStore)
{
m_permissionStore = permissionStore;
}
public ClientPermissionValueProvider(IPermissionStore permissionStore)
: base(permissionStore)
{
}
public PermissionInfoExtractor(IPermissionStore permissionStore, INameResolver nameResolver)
{
_permissionStore = permissionStore;
_nameResolver = nameResolver;
}
