126 lines
5.1 KiB
C#
126 lines
5.1 KiB
C#
using Microsoft.AspNetCore.Http;
|
|
using Oqtane.Models;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using Oqtane.Repository;
|
|
using Oqtane.Extensions;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Text.Json;
|
|
using Oqtane.Shared;
|
|
|
|
namespace Oqtane.Security
|
|
{
|
|
public interface IUserPermissions
|
|
{
|
|
bool IsAuthorized(ClaimsPrincipal user, int siteId, string entityName, int entityId, string permissionName, string roles);
|
|
bool IsAuthorized(ClaimsPrincipal user, int siteId, string entityName, int entityId, string permissionName);
|
|
bool IsAuthorized(ClaimsPrincipal user, string permissionName, List<Permission> permissions);
|
|
bool IsAuthorized(ClaimsPrincipal user, string permissionName, string permissions);
|
|
User GetUser(ClaimsPrincipal user);
|
|
User GetUser();
|
|
|
|
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName) instead.", false)]
|
|
bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName);
|
|
}
|
|
|
|
public class UserPermissions : IUserPermissions
|
|
{
|
|
private readonly IPermissionRepository _permissions;
|
|
private readonly IUserRoleRepository _userRoles;
|
|
private readonly IHttpContextAccessor _accessor;
|
|
|
|
public UserPermissions(IPermissionRepository permissions, IUserRoleRepository userRoles, IHttpContextAccessor accessor)
|
|
{
|
|
_permissions = permissions;
|
|
_userRoles = userRoles;
|
|
_accessor = accessor;
|
|
}
|
|
|
|
public bool IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName, string roles)
|
|
{
|
|
var permissions = _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList();
|
|
if (permissions != null && permissions.Count != 0)
|
|
{
|
|
return IsAuthorized(principal, permissionName, permissions.ToList());
|
|
}
|
|
else
|
|
{
|
|
return UserSecurity.IsAuthorized(GetUser(principal), roles);
|
|
}
|
|
}
|
|
|
|
public bool IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName)
|
|
{
|
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList());
|
|
}
|
|
|
|
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList)
|
|
{
|
|
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissionList);
|
|
}
|
|
|
|
public User GetUser(ClaimsPrincipal principal)
|
|
{
|
|
User user = new User();
|
|
user.IsAuthenticated = false;
|
|
user.Username = "";
|
|
user.UserId = -1;
|
|
user.Roles = "";
|
|
|
|
if (principal == null) return user;
|
|
|
|
user.IsAuthenticated = principal.Identity.IsAuthenticated;
|
|
if (user.IsAuthenticated)
|
|
{
|
|
user.Username = principal.Identity.Name;
|
|
user.UserId = principal.UserId();
|
|
|
|
// include roles
|
|
var userRoles = _userRoles.GetUserRoles(user.UserId, principal.SiteId()).ToList();
|
|
foreach (var roleName in principal.Roles())
|
|
{
|
|
var role = userRoles.FirstOrDefault(item => item.Role.Name == roleName);
|
|
if (role != null)
|
|
{
|
|
if (Utilities.IsEffectiveAndNotExpired(role.EffectiveDate,role.ExpiryDate))
|
|
{
|
|
user.Roles += roleName + ";";
|
|
}
|
|
}
|
|
else
|
|
{
|
|
user.Roles += roleName + ";";
|
|
}
|
|
}
|
|
if (user.Roles != "") user.Roles = ";" + user.Roles;
|
|
}
|
|
return user;
|
|
}
|
|
|
|
public User GetUser()
|
|
{
|
|
if (_accessor.HttpContext != null)
|
|
{
|
|
return GetUser(_accessor.HttpContext.User);
|
|
}
|
|
else
|
|
{
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// deprecated
|
|
public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName)
|
|
{
|
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList());
|
|
}
|
|
|
|
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList) instead", false)]
|
|
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
|
|
{
|
|
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
|
|
}
|
|
}
|
|
}
|