admin/sockeye
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2022-12-16 06:01:23 +00:00
parent 26c2ae5cc9
commit effd96143f
310 changed files with 48715 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

228
server/ControllerHelpers/Authorized.cs Normal file
View File

@@ -0,0 +1,228 @@
using EnumsNET;
using System.Collections.Generic;
using Sockeye.Biz;
namespace Sockeye.Api.ControllerHelpers
{
//AUTHORIZATION ROLES: NOTE - this is only 'stage1' of generally checking rights, individual objects can also have business rules that affect access exactly as these roles do
//Most objects won't need more than this but some specialized ones will have further checks depending on biz rules
internal static class Authorized
{
/// <summary>
/// User has any role restricted or full
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="CheckRoles"></param>
/// <returns></returns>
internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, AuthorizationRoles CheckRoles)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasAnyRole(currentUserRoles, CheckRoles);
}
/// <summary>
/// User has any role restricted or full
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="CheckRoles"></param>
/// <returns></returns>
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AuthorizationRoles CheckRoles)
{
if (currentUserRoles.HasAnyFlags(CheckRoles))
return true;
return false;
}
/// <summary>
/// any access at all?
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasAnyRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasAnyRole(currentUserRoles, aType);
}
/// <summary>
/// User has any access at all to this object?
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, SockType aType)
{
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change | RoleSet.Select;
return currentUserRoles.HasAnyFlags(AllowedRoles);
}
/// <summary>
/// READ FULL RECORD (not just name and id)
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasSelectRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasSelectRole(currentUserRoles, aType);
}
/// <summary>
/// SELECT BY NAME
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasSelectRole(AuthorizationRoles currentUserRoles, SockType aType)
{
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
//NOTE: this assumes that if you can change you can read
if (currentUserRoles.HasAnyFlags(RoleSet.Change))
return true;
if (currentUserRoles.HasAnyFlags(RoleSet.ReadFullRecord))
return true;
if (currentUserRoles.HasAnyFlags(RoleSet.Select))
return true;
return false;
}
/// <summary>
/// READ FULL RECORD (not just name and id)
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasReadFullRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasReadFullRole(currentUserRoles, aType);
}
/// <summary>
/// READ FULL RECORD (not just name and id)
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, SockType aType)
{
//NOTE: this assumes that if you can change you can read
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change;
return currentUserRoles.HasAnyFlags(AllowedRoles);
}
/// <summary>
/// CREATE
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasCreateRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasCreateRole(currentUserRoles, aType);
}
/// <summary>
/// CREATE
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasCreateRole(AuthorizationRoles currentUserRoles, SockType aType)
{
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
if (currentUserRoles.HasAnyFlags(RoleSet.Change))
return true;
return false;
}
/// <summary>
/// MODIFY
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasModifyRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return HasModifyRole(currentUserRoles, aType);
}
/// <summary>
/// MODIFY
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
internal static bool HasModifyRole(AuthorizationRoles currentUserRoles, SockType aType)
{
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
if (currentUserRoles.HasAnyFlags(RoleSet.Change))
return true;
return false;
}
/// <summary>
/// DELETE
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="aType"></param>
/// <returns></returns>
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool HasDeleteRole(IDictionary<object, object> HttpContextItems, SockType aType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
return HasDeleteRole(currentUserRoles, aType);
}
/// <summary>
/// DELETE
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="aType"></param>
/// <returns></returns>
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool HasDeleteRole(AuthorizationRoles currentUserRoles, SockType aType)
{
var RoleSet = BizRoles.GetRoleSet(aType);
if (RoleSet == null) return false;
if (currentUserRoles.HasAnyFlags(RoleSet.Change))
return true;
return false;
}
}
}//eons