private static Response RequiresAuthorization(NancyContext context, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get, StorePermissions post, StorePermissions delete)
{
var permissionRequired = StorePermissions.None;
switch (context.Request.Method.ToUpperInvariant())
{
case "GET":
case "HEAD":
permissionRequired = get;
break;
case "POST":
permissionRequired = post;
break;
case "DELETE":
permissionRequired = delete;
break;
}
if (permissionRequired == StorePermissions.None) return HttpStatusCode.Unauthorized;
var storeName = context.Parameters["storeName"];
if (!permissionsProvider.HasStorePermission(context.CurrentUser, storeName, permissionRequired))
{
return HttpStatusCode.Unauthorized;
}
return null;
}
private static Response RequiresAuthorization(NancyContext context, AbstractStorePermissionsProvider permissionsProvider, StorePermissions get, StorePermissions post, StorePermissions delete)
{
var permissionRequired = StorePermissions.None;
switch (context.Request.Method.ToUpperInvariant())
{
case "GET":
case "HEAD":
permissionRequired = get;
break;
case "POST":
permissionRequired = post;
break;
case "DELETE":
permissionRequired = delete;
break;
}
if (permissionRequired == StorePermissions.None)
{
return(HttpStatusCode.Unauthorized);
}
var storeName = context.Parameters["storeName"];
if (!permissionsProvider.HasStorePermission(context.CurrentUser, storeName, permissionRequired))
{
return(HttpStatusCode.Unauthorized);
}
return(null);
}
private void AssertPermission(StorePermissions permissionRequired)
{
var entry = Context.ViewBag["BrightstarStorePermissions"];
if (entry.HasValue)
{
if ((((StorePermissions)entry.Value) & permissionRequired) == permissionRequired)
{
return;
}
}
throw new UnauthorizedAccessException();
}
private void AssertPermissionRequired(JobRequestObject jobRequest, StorePermissions witheldPermission)
{
var brightstar = new Mock <IBrightstarService>();
var permissionsService = new Mock <AbstractStorePermissionsProvider>();
permissionsService.Setup(s => s.GetStorePermissions(null, "foo"))
.Returns(StorePermissions.All ^ witheldPermission)
.Verifiable();
var app = new Browser(new FakeNancyBootstrapper(brightstar.Object, permissionsService.Object));
// Execute
var response = app.Post("/foo/jobs", with =>
{
with.Accept(MediaRange.FromString("application/json"));
with.JsonBody(jobRequest);
});
// Assert
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
permissionsService.Verify();
}
public static bool TryGetStorePermissionsAttributeValue(XmlElement providerElement, string attrName, out StorePermissions storePermissions)
{
try
{
storePermissions = GetStorePermissionsAttributeValue(providerElement, attrName);
return(true);
}
catch (ConfigurationErrorsException)
{
storePermissions = StorePermissions.None;
return(false);
}
}
private void AssertPermission(StorePermissions permissionRequired)
{
var entry = Context.ViewBag["BrightstarStorePermissions"];
if (entry.HasValue)
{
if ((((StorePermissions)entry.Value) & permissionRequired) == permissionRequired)
{
return;
}
}
throw new UnauthorizedAccessException();
}
public static bool TryGetStorePermissionsAttributeValue(XmlElement providerElement, string attrName, out StorePermissions storePermissions)
{
try
{
storePermissions = GetStorePermissionsAttributeValue(providerElement, attrName);
return true;
}
catch (ConfigurationErrorsException)
{
storePermissions = StorePermissions.None;
return false;
}
}
private void AssertPermissionRequired(JobRequestObject jobRequest, StorePermissions witheldPermission)
{
var brightstar = new Mock<IBrightstarService>();
var permissionsService = new Mock<AbstractStorePermissionsProvider>();
permissionsService.Setup(s => s.GetStorePermissions(null, "foo"))
.Returns(StorePermissions.All ^ witheldPermission)
.Verifiable();
var app = new Browser(new FakeNancyBootstrapper(brightstar.Object, permissionsService.Object));
// Execute
var response = app.Post("/foo/jobs", with =>
{
with.Accept(MediaRange.FromString("application/json"));
with.JsonBody(jobRequest);
});
// Assert
Assert.That(response.StatusCode, Is.EqualTo(HttpStatusCode.Unauthorized));
permissionsService.Verify();
}
/// <summary>
/// Creates a provider with one fixed set of permissions for authenticated users
/// and a different fixed set of permissions for anonymous users
/// </summary>
/// <param name="authenticatedUserPermissions">The fallback store permissions to be
/// granted to authenticated users</param>
/// <param name="anonymousUserPermissions">The fallback store permissions to be granted
/// to anonymous users</param>
public FallbackStorePermissionsProvider(StorePermissions authenticatedUserPermissions,
StorePermissions anonymousUserPermissions)
{
_authenticatedUserPermissions = authenticatedUserPermissions;
_anonymousUserPermissions = anonymousUserPermissions;
}
/// <summary>
/// Creates a provider with one fixed set of permissions for authenticated users
/// and a different fixed set of permissions for anonymous users
/// </summary>
/// <param name="authenticatedUserPermissions">The fallback store permissions to be
/// granted to authenticated users</param>
/// <param name="anonymousUserPermissions">The fallback store permissions to be granted
/// to anonymous users</param>
public FallbackStorePermissionsProvider(StorePermissions authenticatedUserPermissions,
StorePermissions anonymousUserPermissions)
{
_authenticatedUserPermissions = authenticatedUserPermissions;
_anonymousUserPermissions = anonymousUserPermissions;
}
/// <summary>
/// Returns true if the specified user has the required permissions for the specified sotre
/// </summary><param name="userIdentity">The user identiy. This will be NULL for the anonymous user</param><param name="storeName">The name of the store on which permissions are requested</param><param name="permissionRequested">The requestd permissions</param><returns>True if the user has all of the requested permissions, false otherwise</returns>
public virtual bool HasStorePermission(IUserIdentity userIdentity, string storeName,
StorePermissions permissionRequested)
{
return (GetStorePermissions(userIdentity, storeName) & permissionRequested) == permissionRequested;
}
public static void RequiresBrightstarStorePermission(this NancyModule module,
AbstractStorePermissionsProvider permissionsProvider, StorePermissions get = StorePermissions.None, StorePermissions post = StorePermissions.None, StorePermissions delete = StorePermissions.None, StorePermissions put = StorePermissions.None)
{
module.Before.AddItemToEndOfPipeline(ctx => RequiresAuthorization(ctx, permissionsProvider, get, post, delete, put));
}
public static void RequiresBrightstarStorePermission(this NancyModule module,
AbstractStorePermissionsProvider permissionsProvider, StorePermissions get = StorePermissions.None, StorePermissions post = StorePermissions.None, StorePermissions delete = StorePermissions.None)
{
module.Before.AddItemToEndOfPipeline(ctx => RequiresAuthorization(ctx, permissionsProvider, get, post, delete));
}
/// <summary>
/// Returns true if the specified user has the required permissions for the specified sotre
/// </summary><param name="userIdentity">The user identiy. This will be NULL for the anonymous user</param><param name="storeName">The name of the store on which permissions are requested</param><param name="permissionRequested">The requestd permissions</param><returns>True if the user has all of the requested permissions, false otherwise</returns>
public virtual bool HasStorePermission(IUserIdentity userIdentity, string storeName,
StorePermissions permissionRequested)
{
return((GetStorePermissions(userIdentity, storeName) & permissionRequested) == permissionRequested);
}
