admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-09-20 19:07:33 +00:00
parent 5c01bbfe0f
commit e6637e6f16
2 changed files with 87 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
server/AyaNova/ControllerHelpers/Authorized.cs
View File

@@ -11,7 +11,7 @@ namespace AyaNova.Api.ControllerHelpers
{ {
/// <summary> /// <summary>
/// User has any ops role limited or full /// User has any role limited or full
/// </summary> /// </summary>
/// <param name="HttpContextItems"></param> /// <param name="HttpContextItems"></param>
/// <param name="CheckRoles"></param> /// <param name="CheckRoles"></param>
@@ -19,6 +19,17 @@ namespace AyaNova.Api.ControllerHelpers
internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles) internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles)
{ {
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasAnyRole(currentUserRoles, CheckRoles);
}
/// <summary>
/// User has any role limited or full
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="CheckRoles"></param>
/// <returns></returns>
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
{
if (currentUserRoles.HasAnyFlags(CheckRoles)) if (currentUserRoles.HasAnyFlags(CheckRoles))
return true; return true;
return false; return false;
@@ -35,7 +46,17 @@ namespace AyaNova.Api.ControllerHelpers
internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType) internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType)
{ {
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToReadFullRecord(currentUserRoles, objectType);
}
/// <summary>
/// READ FULL RECORD (not just name and id)
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToReadFullRecord(AuthorizationRoles currentUserRoles, AyaType objectType)
{
//NOTE: this assumes that if you can change you can read //NOTE: this assumes that if you can change you can read
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change)) if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true; return true;
@@ -44,10 +65,10 @@ namespace AyaNova.Api.ControllerHelpers
return true; return true;
return false; return false;
} }
/// <summary> /// <summary>
/// CREATE /// CREATE
/// </summary> /// </summary>
@@ -57,6 +78,17 @@ namespace AyaNova.Api.ControllerHelpers
internal static bool IsAuthorizedToCreate(IDictionary<object, object> HttpContextItems, AyaType objectType) internal static bool IsAuthorizedToCreate(IDictionary<object, object> HttpContextItems, AyaType objectType)
{ {
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToCreate(currentUserRoles, objectType);
}
/// <summary>
/// CREATE
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToCreate(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change)) if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true; return true;
@@ -67,6 +99,9 @@ namespace AyaNova.Api.ControllerHelpers
} }
/// <summary> /// <summary>
/// MODIFY /// MODIFY
/// </summary> /// </summary>
@@ -78,9 +113,23 @@ namespace AyaNova.Api.ControllerHelpers
{ {
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems); long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToModify(currentUserRoles, currentUserId, objectType, ownerId);
}
/// <summary>
/// MODIFY
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="currentUserId"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <returns></returns>
internal static bool IsAuthorizedToModify(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = -1)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change)) if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true; return true;
if (ownerId != -1) if (ownerId != -1)
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId) if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
return true; return true;
@@ -103,7 +152,21 @@ namespace AyaNova.Api.ControllerHelpers
{ {
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems); long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToDelete(currentUserRoles, currentUserId, objectType, ownerId);
}
/// <summary>
/// DELETE
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="currentUserId"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <returns></returns>
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool IsAuthorizedToDelete(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = 1)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change)) if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true; return true;

24
server/AyaNova/biz/Search.cs
View File

@@ -98,7 +98,7 @@ namespace AyaNova.Biz
} }
//Class to hold search result //Class to hold search result returned to client
public class SearchResult public class SearchResult
{ {
public string Name { get; set; } public string Name { get; set; }
@@ -106,10 +106,19 @@ namespace AyaNova.Biz
public long Id { get; set; } public long Id { get; set; }
} }
// //Class to hold temporary matches during processing
// public class MatchingObject
// {
// public bool NameMatch { get; set; }
// public bool TagMatch { get; set; }
// public AyaTypeId TypeAndId { get; set; }
// }
public static async Task<List<SearchResult>> DoSearch(AyContext ct, long localeId, SearchRequestParameters searchParameters)
public static async Task<List<SearchResult>> DoSearch(AyContext ct, long localeId, AuthorizationRoles currentUserRoles, SearchRequestParameters searchParameters)
{ {
List<SearchResult> ResultList = new List<SearchResult>(); List<SearchResult> ResultList = new List<SearchResult>();
@@ -289,9 +298,18 @@ namespace AyaNova.Biz
} }
//REMOVE ANY ITEMS THAT USER IS NOT PERMITTED TO READ //REMOVE ANY ITEMS THAT USER IS NOT PERMITTED TO READ
foreach (AyaTypeId t in MatchingObjects) //If it's a name only search then all is allowed
//If it's not a name only search then rights need to be checked for full read because even if it's just a tags search that's part of the full record of the object
if (!searchParameters.NameOnly)
{ {
foreach (AyaTypeId t in MatchingObjects)
{
if (AyaNova.Api.ControllerHelpers.Authorized.IsAuthorizedToReadFullRecord(currentUserRoles, t.ObjectType))
{
}
}
} }