private bool HasPermission(
RegionPermission permission,
IEnumerable <RegionRoleEntity> regionRoles,
Func <RegionRoleEntity, RegionPermission> permissionsSelector)
{
return(regionRoles.Any(r => permissionsSelector(r).HasFlag(permission)));
}
private bool HasPermission(
RegionEntity resource,
RegionPermission permission,
AuthorizationHandlerContext context) =>
_regionPermissionResolver.HasPermission(
context.User,
resource,
permission,
_regionRolesAccessor.RegionRoles);
private int GetPermissionFlagCount(RegionPermission permissions)
{
var result = Enum.GetValues(typeof(RegionPermission))
.OfType <RegionPermission>()
.Where(p => permissions.HasFlag(p))
.Count();
return(result);
}
public bool HasPermission(
ClaimsPrincipal user,
RegionEntity region,
RegionPermission permission,
IEnumerable <RegionRoleEntity> regionRoles)
{
var regionRolesById = regionRoles.ToDictionary(r => r.Id);
var regionMembershipsByRegionId = user.GetRegionMembershipRoles().ToLookup(r => r.RegionId);
return(HasPermission(permission, region, regionRolesById, regionMembershipsByRegionId, isParentOfTargetRegion: false));
}
protected void AddRegionRole(
string roleId,
RegionPermission permissions,
RegionPermission parentPermissions = RegionPermission.None,
RegionPermission childPermissions = RegionPermission.None)
{
_regionRoleEntities.Add(new RegionRoleEntity()
{
Id = roleId,
Permissions = permissions,
ParentPermissions = parentPermissions,
ChildPermissions = childPermissions
});
}
private bool HasRegionPermission(
ClaimsPrincipal user,
RegionEntity region,
RegionPermission regionPermission,
IEnumerable <RegionRoleEntity> regionRoles)
{
if (!user.Identity.IsAuthenticated)
{
return(false);
}
return(_regionPermissionResolver.HasPermission(
user,
region,
regionPermission,
regionRoles));
}
public static bool HasPermission(
this IRegionPermissionResolver regionPermissionResolver,
ClaimsPrincipal user,
RegionEntity region,
RegionPermission permission,
IEnumerable <RegionRoleEntity> regionRoles)
{
if (!TryGetUserEmail(user, out string userEmail))
{
return(false);
}
return(regionPermissionResolver.HasPermission(
user,
region,
permission,
regionRoles));
}
private bool HasPermission(
RegionPermission permission,
RegionEntity region,
IDictionary <string, RegionRoleEntity> regionRolesById,
ILookup <string, ClaimsExtensions.RegionMembershipRoleClaimValue> regionMembershipsByRegionId,
bool isParentOfTargetRegion)
{
var regionRoles = regionMembershipsByRegionId[region.Id]
.DistinctBy(r => r.RegionRoleId)
.Select(r => regionRolesById[r.RegionRoleId]);
if (HasPermission(permission, regionRoles, r => r.Permissions) ||
(isParentOfTargetRegion && HasPermission(permission, regionRoles, r => r.ChildPermissions)))
{
return(true);
}
return(region.Id == Data.Constants.RootRegionId ?
false :
HasPermission(permission, region.Parent, regionRolesById, regionMembershipsByRegionId, isParentOfTargetRegion: true));
}
public static bool HasPermission(this RegionRoleEntity regionRole, RegionPermission permission) => regionRole.AnyPermissions(p => p.HasFlag(permission));
private static RegionPermissionRequirement CreateRequirement(RegionPermission permission) =>
new RegionPermissionRequirement()
{
Permission = permission
};
