public static void Configure() { var permissionProvider = new PermissionsProvider(MyPermissionsProvider.GetPermissions); //Initialization of Permission based Authorization library PermissionAuthorizationService.Initialize(permissionProvider); //Add authorization rules //Rules should be added in the order they will be processed. If a rule fails, then the user is not authorized for the resource //1. Do not authorize when the logged in user does not have specified permission PermissionAuthorizationService.AddRule(new AuthorizeWhenUserHasPermission()); //2. If user has VIEW OWN STUDENT PROFILE permission, and requesting to view a student resource. PermissionAuthorizationService.AddRule(new AuthorizationRuleFunctionForPermission(AppPermissions.VIEW_OWN_STUDENT_PROFILE, ResourceTypes.STUDENT) { RuleFunction = (userId, resourceId) => { InMemoryRepository repository = new InMemoryRepository(); var resource = repository.GetAll <Student>().Where(s => s.Id.ToString() == resourceId).FirstOrDefault(); return(resource != null && resource.User.Username == userId); //Logged in user can view only his/her student profile } }); //2. If user has VIEW OWN ADMIN PROFILE permission, and requesting to view an administrator resource. PermissionAuthorizationService.AddRule(new OwnAdminProfileRule(AppPermissions.VIEW_OWN_ADMIN_PROFILE, ResourceTypes.ADMINISTRATOR)); }
public static async Task <List <string> > GetPermissions(this IPrincipal principal) { var userId = principal.Identity.Name; if (string.IsNullOrWhiteSpace(userId)) { return(new List <string>()); } return(PermissionAuthorizationService.GetPermissions(userId)); }
public static bool HasPermissionIn(this IPrincipal principal, string[] permissions, string resourceType = null, string resourceId = null) { if (principal == null || principal.Identity == null) { return(false); } var userId = principal.Identity.Name; if (string.IsNullOrWhiteSpace(userId)) { return(false); } return(PermissionAuthorizationService.HasPermissionIn(userId, permissions.ToList(), resourceType, resourceId)); }
/// <summary> /// Required for removing cache of the user, if cache is enabled /// </summary> public static async void PermissionServiceLogout(this IPrincipal principal) { var userId = principal.Identity.Name; PermissionAuthorizationService.Logout(userId); }