/// <summary> /// The ChangePermissionsion /// </summary> /// <param name="client">The <see cref="RestClient"/></param> /// <param name="action">The <see cref="PermissionAction"/></param> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="resourceId">The <see cref="string"/></param> /// <param name="childType">The <see cref="PermissionResourceType"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> private static void ChangePermission(RestClient client, PermissionAction action, PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionResourceType childType, PermissionSubjectType subjectType, string subjectId) { var uri = string.Format("/perms/{0}/{1}/{2}/{3}/{4}/{5}", action.ToString().ToLower(), resourceType.ToString().ToLower(), resourceId, childType == PermissionResourceType.none ? string.Empty : childType.ToString(), subjectType.ToString().ToLower(), subjectId ); var permsManage = PermissionsToList(grants.Manage); //.Where(o=>o == "R" ||o=="U" || o == "D"); var permsAuthorize = PermissionsToList(grants.Authorize); //.Where(o=>o =="R" || o == "U" || o == "D" || o == "A"); var permsCreatedManage = PermissionsToList(grants.CreatedDocument.Manage); //.Where(o => o == "R" || o == "U" || o == "D"); var permsCreatedAuthorize = PermissionsToList(grants.CreatedDocument.Authorize); // .Where(o => o == "R" || o == "U" || o == "D" || o == "A"); object grantBody = new { }; if (!permsCreatedManage.Any() && !permsCreatedAuthorize.Any()) { grantBody = new { manage = permsManage, authorize = permsAuthorize }; } else { var created = new { manage = permsCreatedManage, authorize = permsCreatedAuthorize, }; grantBody = new { manage = permsManage, authorize = permsAuthorize, created_document = created }; } uri = uri.Replace("//", "/"); var request = new RestRequest(uri, Method.POST); #if DEBUG var bodyTxt = JsonConvert.SerializeObject(grantBody); #endif Rest.Execute <BasicResponse>(client, request, grantBody); }
public bool HasPermission(PermissionResourceType resource, ResourceAction action, int referenceId) { // skip checking permissions for dpl employees if (_authData.GetUserRole() == UserRole.DplEmployee) { return(true); } // TODO decide if this method should be sync or async // if async we can use the permissions in the distributed cache // they are already inserted individually var userId = _authData.GetUserId(); ImmutableHashSet <string> userPermissions; if (_permissionsCache.TryGetValue(userId, out userPermissions)) { var permissionsKey = GetPermissionKey(userId, resource, action, referenceId); var hasPermission = userPermissions.Contains(permissionsKey); return(hasPermission); } return(false); }
//private IEnumerable<Claim> GetClaimsForUserPermissions(CachedUser user) //{ // //The following ResourceTypes are added via GetClaimsForResourceTypeAndActions // var resourceTypesToExclude = new List<PermissionResourceType>() // { // PermissionResourceType.Organization, // PermissionResourceType.Customer, // PermissionResourceType.Division, // PermissionResourceType.PostingAccount // }; //TODO Get all applicable Resources // var permissionsList = user.Permissions; // return permissionsList.Select(p => new Claim(DynamicClaimTypes.Permissions, p.Resource + p.Action)); //} private IEnumerable <Claim> GetClaimsForRessourceTypeAndActions(CachedUser user, PermissionResourceType resourceType, ResourceAction[] actions, string claimType) { var ids = user.Permissions .Where(p => p.Resource == resourceType && actions.Contains(p.Action)) .Select(p => p.ReferenceId.ToString()) .ToArray(); return(ids .Select(id => new Claim(claimType, id)) .ToList()); }
private string GetPermissionKey(int userId, PermissionResourceType resource, ResourceAction action, int referenceId) { return($"{userId}|{resource}|{action}|{referenceId}"); }
// /// <summary> /// The Revoke /// </summary> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public void Revoke(PermissionSet grants, PermissionResourceType resourceType, PermissionSubjectType subjectType, string subjectId) { Revoke(grants, resourceType, string.Empty, subjectType, subjectId); }
/// <summary> /// The Grant /// </summary> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="resourceId">The <see cref="string"/></param> /// <param name="childType">The <see cref="PermissionResourceType"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public void Grant(PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionResourceType childType, PermissionSubjectType subjectType, string subjectId) { Permission.Grant(client, grants, resourceType, resourceId, childType, subjectType, subjectId); }
/// <summary> /// The Grant /// </summary> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="resourceId">The <see cref="string"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public void Grant(PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionSubjectType subjectType, string subjectId) { Grant(grants, resourceType, resourceId, PermissionResourceType.none, subjectType, subjectId); }
/// <summary> /// The Revoke /// </summary> /// <param name="client">The <see cref="RestClient"/></param> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="resourceId">The <see cref="string"/></param> /// <param name="childType">The <see cref="PermissionResourceType"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public static void Revoke(RestClient client, PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionResourceType childType, PermissionSubjectType subjectType, string subjectId) { ChangePermission(client, PermissionAction.revoke, grants, resourceType, resourceId, childType, subjectType, subjectId); }
/// <summary> /// The Revoke /// </summary> /// <param name="client">The <see cref="RestClient"/></param> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="resourceId">The <see cref="string"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public static void Revoke(RestClient client, PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionSubjectType subjectType, string subjectId) { Revoke(client, grants, resourceType, resourceId, PermissionResourceType.none, subjectType, subjectId); }
/// <summary> /// The Grant /// </summary> /// <param name="client">The <see cref="RestClient"/></param> /// <param name="grants">The <see cref="PermissionSet"/></param> /// <param name="resourceType">The <see cref="PermissionResourceType"/></param> /// <param name="subjectType">The <see cref="PermissionSubjectType"/></param> /// <param name="subjectId">The <see cref="string"/></param> public static void Grant(RestClient client, PermissionSet grants, PermissionResourceType resourceType, PermissionSubjectType subjectType, string subjectId) { Grant(client, grants, resourceType, string.Empty, subjectType, subjectId); }
internal static void AddActionRequirementHandlers <TRequirement>(this IServiceCollection services, PermissionResourceType resourceType) where TRequirement : ActionRequirement, IAuthorizationRequirement, new() { switch (resourceType) { case PermissionResourceType.Organization: services.AddSingleton <IAuthorizationHandler, OrganizationActionRequirementAuthorizationHandler <TRequirement, OrganizationPermissionResource> >(); break; case PermissionResourceType.Customer: services.AddSingleton <IAuthorizationHandler, CustomerActionRequirementAuthorizationHandler <TRequirement, CustomerPermissionResource> >(); break; case PermissionResourceType.Division: services.AddSingleton <IAuthorizationHandler, DivisionActionRequirementAuthorizationHandler <TRequirement, DivisionPermissionResource> >(); break; case PermissionResourceType.PostingAccount: services.AddSingleton <IAuthorizationHandler, PostingAccountActionRequirementAuthorizationHandler <TRequirement, PostingAccountPermissionResource> >(); break; default: throw new ArgumentOutOfRangeException(); } services.AddSingleton <IAuthorizationHandler, AttributeActionRequirementAuthorizationHandler <AttributeRequirement <TRequirement> > >(); }
public static string GetPermissionResourceType(PermissionResourceType type, string entityId) { return($"/{type.ToString()}/{entityId}"); }