Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add support for API permissions at the UI layer - including ability to delegate user, role, profile management

Browse Source
This commit is contained in:
Shaun Walker
2023-01-09 11:38:25 -05:00
parent 1616f94b86
commit e136972cd7
50 changed files with 628 additions and 799 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
Oqtane.Server/Security/AuthorizationPolicyProvider.cs
View File

@ -22,22 +22,15 @@ namespace Oqtane.Security
if (policy == null)
{
// policy names must be in the form of "EntityName:PermissionName:Roles" ie. "Module:Edit:Administrators" (roles are comma delimited)
// policy names must be in the form of "EntityName:PermissionName:Roles"
if (policyName.Contains(':'))
{
var policySegments = policyName.Split(':');
if (policySegments.Length >= 3)
var segments = policyName.Split(':');
if (segments.Length == 3)
{
// check for optional RequireEntityId segment
var requireEntityId = false;
if (policySegments.Length == 4 && policySegments[3] == Constants.RequireEntityId)
{
requireEntityId = true;
}
// create policy
var builder = new AuthorizationPolicyBuilder();
builder.AddRequirements(new PermissionRequirement(policySegments[0], policySegments[1], policySegments[2], requireEntityId));
builder.AddRequirements(new PermissionRequirement(segments[0], segments[1], segments[2]));
policy = builder.Build();
// add policy to the AuthorizationOptions
@ -59,8 +52,8 @@ namespace Oqtane.Security
private string GetPolicyName(string policyName)
{
// backward compatibility for legacy static policy names
if (policyName == PolicyNames.ViewModule) policyName = $"{EntityNames.Module}:{PermissionNames.View}:{RoleNames.Admin}:{Constants.RequireEntityId}";
if (policyName == PolicyNames.EditModule) policyName = $"{EntityNames.Module}:{PermissionNames.Edit}:{RoleNames.Admin}:{Constants.RequireEntityId}";
if (policyName == PolicyNames.ViewModule) policyName = $"{EntityNames.Module}:{PermissionNames.View}:{RoleNames.Admin}";
if (policyName == PolicyNames.EditModule) policyName = $"{EntityNames.Module}:{PermissionNames.Edit}:{RoleNames.Admin}";
return policyName;
}
}