/// <summary>
/// The ChangePermissionsion
/// </summary>
/// <param name="client">The <see cref="RestClient"/></param>
/// <param name="action">The <see cref="PermissionAction"/></param>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="resourceId">The <see cref="string"/></param>
/// <param name="childType">The <see cref="PermissionResourceType"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
private static void ChangePermission(RestClient client, PermissionAction action, PermissionSet grants,
PermissionResourceType resourceType, string resourceId, PermissionResourceType childType,
PermissionSubjectType subjectType, string subjectId)
{
var uri = string.Format("/perms/{0}/{1}/{2}/{3}/{4}/{5}",
action.ToString().ToLower(),
resourceType.ToString().ToLower(),
resourceId,
childType == PermissionResourceType.none ? string.Empty : childType.ToString(),
subjectType.ToString().ToLower(),
subjectId
);
var permsManage = PermissionsToList(grants.Manage); //.Where(o=>o == "R" ||o=="U" || o == "D");
var permsAuthorize = PermissionsToList(grants.Authorize); //.Where(o=>o =="R" || o == "U" || o == "D" || o == "A");
var permsCreatedManage = PermissionsToList(grants.CreatedDocument.Manage); //.Where(o => o == "R" || o == "U" || o == "D");
var permsCreatedAuthorize = PermissionsToList(grants.CreatedDocument.Authorize); // .Where(o => o == "R" || o == "U" || o == "D" || o == "A");
object grantBody = new { };
if (!permsCreatedManage.Any() && !permsCreatedAuthorize.Any())
{
grantBody = new
{
manage = permsManage,
authorize = permsAuthorize
};
}
else
{
var created = new
{
manage = permsCreatedManage,
authorize = permsCreatedAuthorize,
};
grantBody = new
{
manage = permsManage,
authorize = permsAuthorize,
created_document = created
};
}
uri = uri.Replace("//", "/");
var request = new RestRequest(uri, Method.POST);
#if DEBUG
var bodyTxt = JsonConvert.SerializeObject(grantBody);
#endif
Rest.Execute <BasicResponse>(client, request, grantBody);
}
public bool HasPermission(PermissionResourceType resource, ResourceAction action, int referenceId)
{
// skip checking permissions for dpl employees
if (_authData.GetUserRole() == UserRole.DplEmployee)
{
return(true);
}
// TODO decide if this method should be sync or async
// if async we can use the permissions in the distributed cache
// they are already inserted individually
var userId = _authData.GetUserId();
ImmutableHashSet <string> userPermissions;
if (_permissionsCache.TryGetValue(userId, out userPermissions))
{
var permissionsKey = GetPermissionKey(userId, resource, action, referenceId);
var hasPermission = userPermissions.Contains(permissionsKey);
return(hasPermission);
}
return(false);
}
//private IEnumerable<Claim> GetClaimsForUserPermissions(CachedUser user)
//{
// //The following ResourceTypes are added via GetClaimsForResourceTypeAndActions
// var resourceTypesToExclude = new List<PermissionResourceType>()
// {
// PermissionResourceType.Organization,
// PermissionResourceType.Customer,
// PermissionResourceType.Division,
// PermissionResourceType.PostingAccount
// }; //TODO Get all applicable Resources
// var permissionsList = user.Permissions;
// return permissionsList.Select(p => new Claim(DynamicClaimTypes.Permissions, p.Resource + p.Action));
//}
private IEnumerable <Claim> GetClaimsForRessourceTypeAndActions(CachedUser user, PermissionResourceType resourceType, ResourceAction[] actions, string claimType)
{
var ids = user.Permissions
.Where(p => p.Resource == resourceType && actions.Contains(p.Action))
.Select(p => p.ReferenceId.ToString())
.ToArray();
return(ids
.Select(id => new Claim(claimType, id))
.ToList());
}
private string GetPermissionKey(int userId, PermissionResourceType resource, ResourceAction action, int referenceId)
{
return($"{userId}|{resource}|{action}|{referenceId}");
}
//
/// <summary>
/// The Revoke
/// </summary>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public void Revoke(PermissionSet grants, PermissionResourceType resourceType, PermissionSubjectType subjectType, string subjectId)
{
Revoke(grants, resourceType, string.Empty, subjectType, subjectId);
}
/// <summary>
/// The Grant
/// </summary>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="resourceId">The <see cref="string"/></param>
/// <param name="childType">The <see cref="PermissionResourceType"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public void Grant(PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionResourceType childType, PermissionSubjectType subjectType, string subjectId)
{
Permission.Grant(client, grants, resourceType, resourceId, childType, subjectType, subjectId);
}
/// <summary>
/// The Grant
/// </summary>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="resourceId">The <see cref="string"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public void Grant(PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionSubjectType subjectType, string subjectId)
{
Grant(grants, resourceType, resourceId, PermissionResourceType.none, subjectType, subjectId);
}
/// <summary>
/// The Revoke
/// </summary>
/// <param name="client">The <see cref="RestClient"/></param>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="resourceId">The <see cref="string"/></param>
/// <param name="childType">The <see cref="PermissionResourceType"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public static void Revoke(RestClient client, PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionResourceType childType, PermissionSubjectType subjectType, string subjectId)
{
ChangePermission(client, PermissionAction.revoke, grants, resourceType, resourceId, childType, subjectType, subjectId);
}
/// <summary>
/// The Revoke
/// </summary>
/// <param name="client">The <see cref="RestClient"/></param>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="resourceId">The <see cref="string"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public static void Revoke(RestClient client, PermissionSet grants, PermissionResourceType resourceType, string resourceId, PermissionSubjectType subjectType, string subjectId)
{
Revoke(client, grants, resourceType, resourceId, PermissionResourceType.none, subjectType, subjectId);
}
/// <summary>
/// The Grant
/// </summary>
/// <param name="client">The <see cref="RestClient"/></param>
/// <param name="grants">The <see cref="PermissionSet"/></param>
/// <param name="resourceType">The <see cref="PermissionResourceType"/></param>
/// <param name="subjectType">The <see cref="PermissionSubjectType"/></param>
/// <param name="subjectId">The <see cref="string"/></param>
public static void Grant(RestClient client, PermissionSet grants, PermissionResourceType resourceType, PermissionSubjectType subjectType, string subjectId)
{
Grant(client, grants, resourceType, string.Empty, subjectType, subjectId);
}
internal static void AddActionRequirementHandlers <TRequirement>(this IServiceCollection services, PermissionResourceType resourceType)
where TRequirement : ActionRequirement, IAuthorizationRequirement, new()
{
switch (resourceType)
{
case PermissionResourceType.Organization:
services.AddSingleton <IAuthorizationHandler, OrganizationActionRequirementAuthorizationHandler <TRequirement, OrganizationPermissionResource> >();
break;
case PermissionResourceType.Customer:
services.AddSingleton <IAuthorizationHandler, CustomerActionRequirementAuthorizationHandler <TRequirement, CustomerPermissionResource> >();
break;
case PermissionResourceType.Division:
services.AddSingleton <IAuthorizationHandler, DivisionActionRequirementAuthorizationHandler <TRequirement, DivisionPermissionResource> >();
break;
case PermissionResourceType.PostingAccount:
services.AddSingleton <IAuthorizationHandler, PostingAccountActionRequirementAuthorizationHandler <TRequirement, PostingAccountPermissionResource> >();
break;
default:
throw new ArgumentOutOfRangeException();
}
services.AddSingleton <IAuthorizationHandler, AttributeActionRequirementAuthorizationHandler <AttributeRequirement <TRequirement> > >();
}
public static string GetPermissionResourceType(PermissionResourceType type, string entityId)
{
return($"/{type.ToString()}/{entityId}");
}
