Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Scope permissions by SiteId to support entity level authorization as well as improve caching and performance. Optimize GetTenant to use existing cache.

Browse Source
This commit is contained in:
Shaun Walker
2022-11-07 18:16:32 -05:00
parent 2aa6eb90e2
commit 6182b96d16
19 changed files with 103 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Oqtane.Server/Security/UserPermissions.cs
View File

@ -3,15 +3,20 @@ using Oqtane.Models;
using System.Linq;
using System.Security.Claims;
using Oqtane.Repository;
using Oqtane.Extensions;
using System;
namespace Oqtane.Security
{
public interface IUserPermissions
{
bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName);
bool IsAuthorized(ClaimsPrincipal user, int siteId, string entityName, int entityId, string permissionName);
bool IsAuthorized(ClaimsPrincipal user, string permissionName, string permissions);
User GetUser(ClaimsPrincipal user);
User GetUser();
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName) instead.", false)]
bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName);
}
public class UserPermissions : IUserPermissions
@ -25,9 +30,9 @@ namespace Oqtane.Security
_accessor = accessor;
}
public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName)
public bool IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName)
{
return IsAuthorized(principal, permissionName, _permissions.GetPermissionString(entityName, entityId, permissionName));
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName)?.EncodePermissions());
}
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
@ -73,5 +78,11 @@ namespace Oqtane.Security
return null;
}
}
// deprecated
public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName)
{
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName)?.EncodePermissions());
}
}
}