Improvements to A&A classes
parent
48370c7564
commit
a47ced724c
|
@ -1,6 +1,4 @@
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Text;
|
|
||||||
using ln.http.router;
|
|
||||||
|
|
||||||
namespace ln.http
|
namespace ln.http
|
||||||
{
|
{
|
||||||
|
@ -9,35 +7,30 @@ namespace ln.http
|
||||||
public string UniqueId { get; set; }
|
public string UniqueId { get; set; }
|
||||||
public string Username { get; set; }
|
public string Username { get; set; }
|
||||||
|
|
||||||
public HttpPrincipal AuthenticatedPrincipal { get; set; }
|
/**
|
||||||
|
* If this principal is a delegated one, authenticated by another principal
|
||||||
|
*/
|
||||||
|
public HttpPrincipal AuthenticatedPrincipal { get; }
|
||||||
|
|
||||||
private Dictionary<string, HttpAccessRights> permissions = new Dictionary<string, HttpAccessRights>();
|
private HashSet<string> _roles = new HashSet<string>();
|
||||||
public IEnumerable<KeyValuePair<string, HttpAccessRights>> Permissions => permissions;
|
public IReadOnlySet<string> Roles => _roles;
|
||||||
|
|
||||||
public void AddPermission(string roleName, HttpAccessRights accessRights)
|
public bool HasRole(string role) => _roles.Contains(role);
|
||||||
|
|
||||||
|
public HttpPrincipal(string uniquedId, string username, string[] roles)
|
||||||
{
|
{
|
||||||
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags))
|
UniqueId = uniquedId;
|
||||||
{
|
Username = username;
|
||||||
roleAccessFlags |= accessRights;
|
foreach (var role in roles)
|
||||||
permissions[roleName] = roleAccessFlags;
|
_roles.Add(role);
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
permissions.Add(roleName, accessRights);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
public void RemovePermission(string roleName, HttpAccessRights accessRights)
|
|
||||||
{
|
|
||||||
if (permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags))
|
|
||||||
{
|
|
||||||
roleAccessFlags &= ~accessRights;
|
|
||||||
permissions[roleName] = roleAccessFlags;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
public bool HasPermission(string roleName, HttpAccessRights accessRights) =>
|
|
||||||
permissions.TryGetValue(roleName, out HttpAccessRights roleAccessFlags) &&
|
|
||||||
((roleAccessFlags & accessRights) == accessRights);
|
|
||||||
|
|
||||||
|
public HttpPrincipal(string uniquedId, string username, string[] roles, HttpPrincipal authenticatedPrincipal) :
|
||||||
|
this(uniquedId, username, roles)
|
||||||
|
{
|
||||||
|
AuthenticatedPrincipal = authenticatedPrincipal;
|
||||||
|
}
|
||||||
|
|
||||||
public override string ToString()
|
public override string ToString()
|
||||||
{
|
{
|
||||||
if (AuthenticatedPrincipal is null)
|
if (AuthenticatedPrincipal is null)
|
||||||
|
|
|
@ -162,7 +162,10 @@ namespace ln.http
|
||||||
public bool Route(HttpContext httpContext)
|
public bool Route(HttpContext httpContext)
|
||||||
{
|
{
|
||||||
if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null)
|
if (AuthenticationRequired && httpContext.AuthenticatedPrincipal is null)
|
||||||
return false;
|
{
|
||||||
|
httpContext.Response = HttpResponse.Unauthorized().Header("WWW-Authenticate", "Basic");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext)))
|
if ((AuthorizationDelegate is not null) && (!AuthorizationDelegate(httpContext)))
|
||||||
return false;
|
return false;
|
||||||
|
|
|
@ -5,9 +5,9 @@ namespace ln.http
|
||||||
{
|
{
|
||||||
public static class RoleAuthorization
|
public static class RoleAuthorization
|
||||||
{
|
{
|
||||||
public static HttpAuthorizationDelegate Require(string roleName, HttpAccessRights accessRights)
|
public static HttpAuthorizationDelegate Require(string roleName)
|
||||||
{
|
{
|
||||||
return context => context.AuthenticatedPrincipal?.HasPermission(roleName, accessRights) ?? false;
|
return context => context.AuthenticatedPrincipal?.HasRole(roleName) ?? false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates)
|
public static HttpAuthorizationDelegate RequireAll(params HttpAuthorizationDelegate[] authorizationDelegates)
|
||||||
|
|
Loading…
Reference in New Issue