Improvements to A&A classes
parent
48370c7564
commit
a47ced724c
|
|
@ -1,6 +1,4 @@
|
|||
using System.Collections.Generic;
|
||||
using System.Text;
|
||||
using ln.http.router;
|
||||
|
||||
namespace ln.http
|
||||
{
|
||||
|
|
@ -9,35 +7,30 @@ namespace ln.http
|
|||
public string UniqueId { get; set; }
|
||||
public string Username { get; set; }
|
||||
|
||||
public HttpPrincipal AuthenticatedPrincipal { get; set; }
|
||||
/**
|
||||
* If this principal is a delegated one, authenticated by another principal
|
||||
*/
|
||||
public HttpPrincipal AuthenticatedPrincipal { get; }
|
||||
|
||||
private Dictionary<string, HttpAccessRights> permissions = new Dictionary<string, HttpAccessRights>();
|
||||
public IEnumerable<KeyValuePair<string, HttpAccessRights>> Permissions => permissions;
|
||||
private HashSet<string> _roles = new HashSet<string>();
|
||||
public IReadOnlySet<string> Roles => _roles;
|
||||
|
||||
public void AddPermission(string roleName, HttpAccessRights accessRights)
|
||||
public bool HasRole(string role) => _roles.Contains(role);
|
||||
|
||||
public HttpPrincipal(string uniquedId, string username, string[] roles)
|
||||
{
|
||||
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags))
|
||||
{
|
||||
roleAccessFlags |= accessRights;
|
||||
permissions[roleName] = roleAccessFlags;
|
||||
}
|
||||
else
|
||||
{
|
||||
permissions.Add(roleName, accessRights);
|
||||
}
|
||||
UniqueId = uniquedId;
|
||||
Username = username;
|
||||
foreach (var role in roles)
|
||||
_roles.Add(role);
|
||||
}
|
||||
public void RemovePermission(string roleName, HttpAccessRights accessRights)
|
||||
{
|
||||
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags))
|
||||
{
|
||||
roleAccessFlags &= ~accessRights;
|
||||
permissions[roleName] = roleAccessFlags;
|
||||
}
|
||||
}
|
||||
public bool HasPermission(string roleName, HttpAccessRights accessRights) =>
|
||||
permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags) &&
|
||||
((roleAccessFlags & accessRights) == accessRights);
|
||||
|
||||
public HttpPrincipal(string uniquedId, string username, string[] roles, HttpPrincipal authenticatedPrincipal) :
|
||||
this(uniquedId, username, roles)
|
||||
{
|
||||
AuthenticatedPrincipal = authenticatedPrincipal;
|
||||
}
|
||||
|
||||
public override string ToString()
|
||||
{
|
||||
if (AuthenticatedPrincipal is null)
|
||||
|
|
|
|||
|
|
@ -162,7 +162,10 @@ namespace ln.http
|
|||
public bool Route(HttpContext httpContext)
|
||||
{
|
||||
if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null)
|
||||
return false;
|
||||
{
|
||||
httpContext.Response = HttpResponse.Unauthorized().Header("WWW-Authenticate", "Basic");
|
||||
return true;
|
||||
}
|
||||
|
||||
if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext)))
|
||||
return false;
|
||||
|
|
|
|||
|
|
@ -5,9 +5,9 @@ namespace ln.http
|
|||
{
|
||||
public static class RoleAuthorization
|
||||
{
|
||||
public static HttpAuthorizationDelegate Require(string roleName, HttpAccessRights accessRights)
|
||||
public static HttpAuthorizationDelegate Require(string roleName)
|
||||
{
|
||||
return context => context.AuthenticatedPrincipal?.HasPermission(roleName, accessRights) ?? false;
|
||||
return context => context.AuthenticatedPrincipal?.HasRole(roleName) ?? false;
|
||||
}
|
||||
|
||||
public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates)
|
||||
|
|
|
|||
Loading…
Reference in New Issue