public void RbacSegmentEquality_WithEquals_ReturnTrue_Test1() { var rbac1 = Rbac.Parse("*.*.*.123"); var rbac2 = Rbac.Parse("*.*.*.987"); Assert.True(rbac1.Action.Equals(rbac2.Action)); }
public void RbacEquality_WithEquals_ObjectSegmentsDifferent_ReturnFalse_Test() { var rbac1 = Rbac.Parse("*.*.*.123"); var rbac2 = Rbac.Parse("*.*.*.987"); Assert.False(rbac1.Equals(rbac2)); }
public void RbacSegmentEquality_WithOperator_ReturnTrue_Test2() { var rbac1 = Rbac.Parse("*.*.*.123"); var rbac2 = Rbac.Parse("*.*.*.123"); Assert.True(rbac1.Object == rbac2.Object); }
public void RbacEquality_WithOperator_ActionSegmentsDifferent_ReturnFalse_Test() { var rbac1 = Rbac.Parse("*.*.123.*"); var rbac2 = Rbac.Parse("*.*.987.*"); Assert.False(rbac1 == rbac2); }
public static bool?HasPermission(this Utilizer utilizer, Rbac rbac) { bool isPermittedFilter(string permission) { if (Ubac.TryParse(permission, out var userUbac)) { bool isResourcePermitted = userUbac.Resource.IsAll() || userUbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase); bool isActionPermitted = userUbac.Action.IsAll() || userUbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase); bool isObjectPermitted = userUbac.Object.IsAll() || userUbac.Object.Equals(rbac.Object); bool isPermitted = isResourcePermitted && isActionPermitted && isObjectPermitted; if (isPermitted) { return(true); } } return(false); } var matchedPermissions = utilizer.Permissions?.Where(isPermittedFilter) ?? new string[] {}; var matchedForbiddens = utilizer.Forbidden?.Where(isPermittedFilter) ?? new string[] {}; var permissions = matchedPermissions as string[] ?? matchedPermissions.ToArray(); var forbiddens = matchedForbiddens as string[] ?? matchedForbiddens.ToArray(); if (!permissions.Any() && !forbiddens.Any()) { return(null); } return(!forbiddens.Any() && permissions.Any()); }
public void GetSample(Rbac rbac) { string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, rbac.Name + "_sample_role.xml"); RbacRole.GetSample(rbac).Export(fileName); WriteColor(ConsoleColor.Green, fileName + " exported." + Environment.NewLine); }
public void RbacEquality_WithEquals_AllSegmentsSame_ReturnTrue_Test2() { var rbac1 = Rbac.Parse("*.users.read.*"); var rbac2 = Rbac.Parse("*.users.read.*"); Assert.True(rbac1.Equals(rbac2)); }
public void RbacEquality_WithOperator_AllSegmentsSame_ReturnTrue_Test1() { var rbac1 = Rbac.Parse("*.*.*.*"); var rbac2 = Rbac.Parse("*.*.*.*"); Assert.True(rbac1 == rbac2); }
public RbacEngineWebResponse Post([FromBody] RbacEngineWebRequest request) { RbacEngineWebResponse response = new RbacEngineWebResponse(); try { response.UserName = request.UserName; response.RoleName = request.RoleName; using (Rbac ctx = new Rbac(request.UserName, request.RbacName, request.RoleName)) { response.RbacName = request.RbacName; SqlQueryParser parser = new SqlQueryParser(ctx, request.SkipParsing); parser.Parse(request.Query); using (RbacSqlQueryEngine eng = new RbacSqlQueryEngine(parser, request.DebugMode)) { eng.SkipExecution = request.SkipExecution; eng.Execute(); response.SetResult(eng); } } } catch (Exception ex) { response.SetResult(ex.Message); } return(response); }
public RbacSqlQueryEngine TestOne(string query = null) { File.WriteAllText(Path.Combine(_rootDir, "Books", "test_parsed_query.txt"), string.Empty); RbacSqlQueryEngine engine = null; using (Rbac rbac = new Rbac("Lashawn")) { if (string.IsNullOrEmpty(query)) { query = File.ReadAllText(Path.Combine(_rootDir, "Books", "test.txt")); } engine = new RbacSqlQueryEngine(rbac, query); engine.Execute(); //if ((!engine.IsErrored) && (engine.SqlQueryParser.IsParsed) && (engine.SqlQueryParser.QueryType == RbacQueryTypes.Select)) // table = engine.Table; //--> gives you data table if it is a select query } if (!string.IsNullOrEmpty(engine.AllErrors)) { Console.WriteLine("Errors:{0}", engine.AllErrors); } if ((engine.Parser.QueryType == RbacQueryTypes.Select) && (engine.Table != null)) { Console.WriteLine("The query was a select query and returned {0} records", engine.Table.Rows.Count); } File.WriteAllText(Path.Combine(_rootDir, "Books", "test_parsed_query.txt"), engine.Parser.ParsedQuery); return(engine); }
public async Task <IHttpActionResult> AddNew([FromBody] RbacRegisterUser user) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } RbacUser dbUser = new RbacUser(user.UserName); if (dbUser != null) { return(BadRequest(string.Format("User '{0}' already exists!", user.UserName))); } RbacRole role = new RbacRole(user.RoleId); if (role == null) { return(BadRequest(string.Format("Role id '{0}' not found!", user.RoleId))); } RbacUser newUser = Rbac.CreateUser(user.UserName, user.FullName, user.Email, user.Password, role); if ((newUser != null) && (newUser.UserId > 0)) { return(Ok()); } return(BadRequest("Cannot create user!")); }
public static bool HasOwnUpdatePermission(this Role role, Rbac rbac, IUtilizer utilizer) { if (rbac.Action.Slug != Rbac.GetSegment(Rbac.CrudActions.Update).Slug) { return(false); } if (rbac.Resource == "users" && utilizer.UtilizerType == Utilizer.UtilizerType.User) { if (rbac.Object == utilizer.Id) { return(true); } } if (rbac.Resource == "applications" && utilizer.UtilizerType == Utilizer.UtilizerType.Application) { if (rbac.Object == utilizer.Id) { return(true); } } return(false); }
public RbacEngineWeb Get(string name) { RbacEngineWeb rbac = new RbacEngineWeb(Rbac.GetRbac(name)); rbac.ConnectionString = string.Empty; return(rbac); }
public void RbacSegmentEquality_WithEquals_ReturnFalse_Test2() { var rbac1 = Rbac.Parse("*.*.*.123"); var rbac2 = Rbac.Parse("*.*.*.987"); Assert.False(rbac1.Object.Equals(rbac2.Object)); }
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context) { string rbacName = context.OwinContext.Get <string>("rbac"); if (string.IsNullOrEmpty(rbacName)) { RbacException.Raise("Parameter rbac was not passed in the request!", RbacExceptionCategories.Web); } Rbac rbac = new Rbac(context.UserName); //RbacUser user = rbac.Authenticate(context.UserName, context.Password); var claims = new List <Claim>(); claims.Add(new Claim(ClaimTypes.Name, rbac.User.UserName)); claims.Add(new Claim(ClaimTypes.Email, rbac.User.Email)); claims.Add(new Claim("rbac", rbacName)); var oAuthIdentity = new ClaimsIdentity(claims, DefaultAuthenticationTypes.ApplicationCookie); Dictionary <string, string> kvPair = new Dictionary <string, string>(); kvPair.Add("rbacid", rbac.RbacId.ToString()); kvPair.Add("fullname", rbac.User.FullName); var props = new AuthenticationProperties(kvPair); AuthenticationTicket ticket = new AuthenticationTicket(oAuthIdentity, props); context.Validated(ticket); context.Request.Context.Authentication.SignIn(oAuthIdentity); }
public RbacEngineWeb Get(int id) { RbacEngineWeb rbac = new RbacEngineWeb(Rbac.GetRbac(id)); rbac.ConnectionString = string.Empty; return(rbac); }
public async Task <IHttpActionResult> Register([FromBody] RbacRegisterUser user) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } if (user.RbacId == 0) { return(BadRequest("Rbac id cannot be zero!")); } Rbac rbac = new Rbac(user.RbacId, ""); if (rbac == null) { return(BadRequest(string.Format("Rbac instance with rbac id '{0}' not found!", user.RbacId))); } RbacRole role = new RbacRole(user.RoleId); if (role == null) { return(BadRequest(string.Format("Role id '{0}' not found!", user.RoleId))); } RbacUser newUser = rbac.CreateUser(user.UserName, user.FullName, user.Email, user.Password, role); if ((newUser != null) && (newUser.UserId > 0)) { return(Ok()); } return(BadRequest("Cannot create user!")); }
public static bool HasPermission(this Role role, Rbac rbac) { bool isPermittedFilter(string permission) { if (Rbac.TryParse(permission, out var userRbac)) { bool isSubjectPermitted = userRbac.Subject.IsAll() || userRbac.Subject.Equals(rbac.Subject); bool isResourcePermitted = userRbac.Resource.IsAll() || userRbac.Resource.Equals(rbac.Resource, StringComparison.CurrentCultureIgnoreCase); bool isActionPermitted = userRbac.Action.IsAll() || userRbac.Action.Equals(rbac.Action, StringComparison.CurrentCultureIgnoreCase); bool isObjectPermitted = userRbac.Object.IsAll() || userRbac.Object.Equals(rbac.Object); bool isPermitted = isSubjectPermitted && isResourcePermitted && isActionPermitted && isObjectPermitted; if (isPermitted) { return(true); } } return(false); } var matchedPermissions = role.Permissions?.Where(isPermittedFilter) ?? new string[] {}; var matchedForbiddens = role.Forbidden?.Where(isPermittedFilter) ?? new string[] {}; return(!matchedForbiddens.Any() && matchedPermissions.Any()); }
public void CreateNew(Options options) { bool errored = false; if (string.IsNullOrEmpty(options.Name)) { WriteErrorLine("Rbac name is required"); errored = true; } if (string.IsNullOrEmpty(options.AppCs)) { WriteErrorLine("Application connection string is required"); errored = true; } if (errored) { return; } Rbac rbac = new Rbac(); rbac.Callback += Rbac_Callback; Rbac newRbac = rbac.CreateNew(options.Name, options.Description, options.AppCs, string.Empty); rbac.ChangePassword(options.Password); WriteColor(ConsoleColor.Green, "Done!" + Environment.NewLine); Console.WriteLine(); Console.Write("Rbac '{0}' was created with id '{1}. Now it's time to configure some roles & users in the RBAC website.", options.Name, newRbac.RbacId); Console.WriteLine(); }
private void btnSaveInstance_Click(object sender, EventArgs e) { if (propInstance != null) { RbacEngineWeb rbac = propInstance.SelectedObject as RbacEngineWeb; Rbac.Save(rbac); } }
public void RbacEqualityTest() { var rbac1 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object")); var rbac2 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object")); var rbac3 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("other")); Assert.AreEqual(rbac1, rbac2); Assert.AreNotEqual(rbac1, rbac3); }
public void CreateNew(Rbac rbac, Options options) { string fileName = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, options.FileName); RbacRole role = rbac.ImportRole(fileName); Console.WriteLine(); WriteColor(ConsoleColor.Green, "Role from " + fileName + " imported into " + rbac.Name + ". The role id is:" + role.RoleId + "." + Environment.NewLine); }
protected override bool ValidateModel(Role model, out IEnumerable <string> errors) { var errorList = new List <string>(); if (string.IsNullOrEmpty(model.Name)) { errorList.Add("name is a required field"); } if (string.IsNullOrEmpty(model.MembershipId)) { errorList.Add("membership_id is a required field"); } try { var permissionList = new List <Rbac>(); if (model.Permissions != null) { foreach (var permission in model.Permissions) { var rbac = Rbac.Parse(permission); permissionList.Add(rbac); } } var forbiddenList = new List <Rbac>(); if (model.Forbidden != null) { foreach (var forbidden in model.Forbidden) { var rbac = Rbac.Parse(forbidden); forbiddenList.Add(rbac); } } // Is there any conflict? foreach (var permissionRbac in permissionList) { foreach (var forbiddenRbac in forbiddenList) { if (permissionRbac == forbiddenRbac) { errorList.Add($"Permitted and forbidden sets are conflicted. The same permission is there in the both set. ('{permissionRbac}')"); } } } } catch (Exception ex) { errorList.Add(ex.Message); } errors = errorList; return(!errors.Any()); }
private void IsAllowedToInsertOrUpdateOrDelete(string query = null) { using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context { using (SqlQueryParser parser = new SqlQueryParser(rbac)) { parser.Parse(query); //<-- this will throw error if not permitted and silent is false } } }
public void RbacNullValuesEqualityTest() { var rbac1 = new Rbac(new RbacSegment("subject"), new RbacSegment("resource"), new RbacSegment("action"), new RbacSegment("object")); Rbac rbac2 = null; Rbac rbac3 = null; Assert.AreNotEqual(rbac1, rbac2); Assert.AreEqual(rbac2, rbac3); }
private void cbInstances_SelectedIndexChanged(object sender, EventArgs e) { if (cbInstances.SelectedIndex > -1) { propInstance.SelectedObject = new RbacEngineWeb(Rbac.GetRbac(((Rbac)cbInstances.SelectedItem).Name)); tabPage2.Text = ((RbacEngineWeb)propInstance.SelectedObject).Name; ParseInline(); } }
private void LoadAssemblies() { //this will load the assembly into memory, so that 2nd call is more efficient try { Rbac rbac = new Rbac("Lashawn", "Books", "role_city_mgr"); SqlQueryParser parser = new SqlQueryParser(rbac); parser.Parse("select * from Author"); } catch { } }
public RbacRoleWeb Get(string name) { RbacRole role = Rbac.GetRole(name); if (role != null) { role.ParseMetaData(); return(new RbacRoleWeb(role)); } return(null); }
public RbacRoleWeb Get(int id) { RbacRole role = Rbac.GetRole(id); if (role != null) { role.ParseMetaData(); return(new RbacRoleWeb(role)); } return(null); }
private void IsAllowedToInsertOrUpdateOrDelete(string query = null) { using (Rbac rbac = new Rbac("essie")) //<-- you should pass the logged in user name from the context { using (SqlQueryParser parser = new SqlQueryParser(rbac)) { parser.Parse(query); //<-- this will throw exception if not permitted //<-- if you are here, you are goood. Just perform basic insert/update/delete } } }