217 lines
8.2 KiB
C#
217 lines
8.2 KiB
C#
using EnumsNET;
|
|
using System.Collections.Generic;
|
|
using AyaNova.Biz;
|
|
|
|
|
|
namespace AyaNova.Api.ControllerHelpers
|
|
{
|
|
|
|
//AUTHORIZATION ROLES: NOTE - this is only 'stage1' of generally checking rights, individual objects can also have business rules that affect access exactly as these roles do
|
|
//Most objects won't need more than this but some specialized ones will have further checks depending on biz rules
|
|
|
|
internal static class Authorized
|
|
{
|
|
|
|
/// <summary>
|
|
/// User has any role limited or full
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="CheckRoles"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasAnyRole(currentUserRoles, CheckRoles);
|
|
}
|
|
|
|
/// <summary>
|
|
/// User has any role limited or full
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="CheckRoles"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
|
|
{
|
|
if (currentUserRoles.HasAnyFlags(CheckRoles))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
/// <summary>
|
|
/// any access at all?
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasAnyRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
/// <summary>
|
|
/// User has any access at all to this object?
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
var RoleSet = BizRoles.GetRoleSet(objectType);
|
|
var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change | RoleSet.Select;
|
|
return currentUserRoles.HasAnyFlags(AllowedRoles);
|
|
}
|
|
|
|
/// <summary>
|
|
/// READ FULL RECORD (not just name and id)
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasSelectRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasSelectRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
/// <summary>
|
|
/// SELECT BY NAME
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasSelectRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
//NOTE: this assumes that if you can change you can read
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
|
|
return true;
|
|
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
|
|
return true;
|
|
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Select))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// READ FULL RECORD (not just name and id)
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasReadFullRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasReadFullRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
/// <summary>
|
|
/// READ FULL RECORD (not just name and id)
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
//NOTE: this assumes that if you can change you can read
|
|
var RoleSet = BizRoles.GetRoleSet(objectType);
|
|
var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
|
|
return currentUserRoles.HasAnyFlags(AllowedRoles);
|
|
}
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// CREATE
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasCreateRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasCreateRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
/// <summary>
|
|
/// CREATE
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasCreateRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// MODIFY
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
|
|
/// <returns></returns>
|
|
internal static bool HasModifyRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
return HasModifyRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// MODIFY
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
internal static bool HasModifyRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// DELETE
|
|
/// </summary>
|
|
/// <param name="HttpContextItems"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
|
|
internal static bool HasDeleteRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
|
|
{
|
|
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
|
|
long currentUserId = UserIdFromContext.Id(HttpContextItems);
|
|
return HasDeleteRole(currentUserRoles, objectType);
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// DELETE
|
|
/// </summary>
|
|
/// <param name="currentUserRoles"></param>
|
|
/// <param name="objectType"></param>
|
|
/// <returns></returns>
|
|
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
|
|
internal static bool HasDeleteRole(AuthorizationRoles currentUserRoles, AyaType objectType)
|
|
{
|
|
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
|
|
return true;
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
}//eons |