-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPrivileges.cs
228 lines (199 loc) · 8.66 KB
/
Privileges.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#region Related components
using System;
using System.Linq;
using System.Dynamic;
using System.Collections.Generic;
using Newtonsoft.Json.Linq;
using net.vieapps.Components.Utility;
#endregion
namespace net.vieapps.Components.Security
{
/// <summary>
/// Presents a privilege to perform an action on a specified object of a specified service
/// </summary>
[Serializable]
public class Privilege
{
/// <summary>
/// Initializes the privilege
/// </summary>
public Privilege()
: this(null, null, null) { }
/// <summary>
/// Initializes the privilege
/// </summary>
/// <param name="serviceName">The name of the service</param>
/// <param name="objectName">The name of the service's object</param>
/// <param name="role">The privilege role (must matched with <see cref="PrivilegeRole">PrivilegeRole</see> enum)</param>
public Privilege(string serviceName, string objectName, string role)
: this(serviceName, objectName, null, role) { }
/// <summary>
/// Initializes the privilege
/// </summary>
/// <param name="serviceName">The name of the service</param>
/// <param name="objectName">The name of the service's object</param>
/// <param name="objectIdentity">The identity of the service's object</param>
/// <param name="role">The privilege role (must matched with <see cref="PrivilegeRole">PrivilegeRole</see> enum)</param>
public Privilege(string serviceName, string objectName, string objectIdentity, string role)
: this(serviceName, objectName, objectIdentity, PrivilegeRole.Viewer)
=> this.Role = Enum.TryParse(role, out PrivilegeRole privilegeRole)
? privilegeRole.ToString()
: PrivilegeRole.Viewer.ToString();
/// <summary>
/// Initializes the privilege
/// </summary>
/// <param name="serviceName">The name of the service</param>
/// <param name="objectName">The name of the service's object</param>
/// <param name="objectIdentity">The identity of the service's object</param>
/// <param name="role">The privilege role</param>
public Privilege(string serviceName, string objectName, string objectIdentity, PrivilegeRole role)
{
this.ServiceName = serviceName ?? "";
this.ObjectName = objectName ?? "";
this.ObjectIdentity = objectIdentity ?? "";
this.Role = role.ToString();
this.Actions = new List<string>();
}
#region Properties
/// <summary>
/// Gets or sets the name of service
/// </summary>
public string ServiceName { get; set; }
/// <summary>
/// Gets or sets the name of service's object
/// </summary>
public string ObjectName { get; set; }
/// <summary>
/// Gets or sets the identity of service's object
/// </summary>
public string ObjectIdentity { get; set; }
/// <summary>
/// Gets or sets the working role (must matched with <see cref="PrivilegeRole">PrivilegeRole</see>, if no role was provided then the actions are use to considering the privilege)
/// </summary>
public string Role { get; set; }
/// <summary>
/// Gets or sets the working actions can perform
/// </summary>
public List<string> Actions { get; set; }
#endregion
/// <summary>
/// Gets the JSON of this privilege object
/// </summary>
/// <returns></returns>
public JObject ToJson()
=> new JObject
{
{ "ServiceName", (this.ServiceName ?? "").Trim().ToLower() },
{ "ObjectName", (this.ObjectName ?? "").Trim().ToLower() },
{ "ObjectIdentity", (this.ObjectIdentity ?? "").Trim().ToLower() },
{ "Role", (this.Role ?? "").Trim() },
{ "Actions", (this.Actions ?? new List<string>()).ToJArray() }
};
}
// --------------------------------------------------------------------------------------------
/// <summary>
/// Presents the privileges (access permissions) of a specified service or service's object (means access permissions of a run-time entity)
/// </summary>
[Serializable]
public class Privileges
{
/// <summary>
/// Initializes the privileges
/// </summary>
public Privileges()
: this(false) { }
/// <summary>
/// Initializes the privileges
/// </summary>
/// <param name="anonymousCanView">true to allow anonymous can view by default</param>
public Privileges(bool anonymousCanView)
{
if (anonymousCanView)
this.ViewableRoles.Add(SystemRole.All.ToString());
}
/// <summary>
/// Initializes the privileges
/// </summary>
/// <param name="privileges">The object that contains the privileges</param>
public Privileges(JObject privileges)
{
if (privileges != null)
new[] { "Administrative", "Moderate", "Editable", "Contributive", "Viewable", "Downloadable" }.ForEach(name =>
{
var values = privileges.Get<JArray>($"{name}Roles");
if (values != null)
this.SetAttributeValue($"{name}Roles", new HashSet<string>(values.Select(value => value is JValue ? (value as JValue).Value as string : null).Where(value => value != null)));
values = privileges.Get<JArray>($"{name}Users");
if (values != null)
this.SetAttributeValue($"{name}Users", new HashSet<string>(values.Select(value => value is JValue ? (value as JValue).Value as string : null).Where(value => value != null)));
});
}
/// <summary>
/// Initializes the privileges
/// </summary>
/// <param name="privileges">The object that contains the privileges</param>
public Privileges(ExpandoObject privileges)
{
if (privileges != null)
new[] { "Administrative", "Moderate", "Editable", "Contributive", "Viewable", "Downloadable" }.ForEach(name =>
{
var values = privileges.Get<List<string>>($"{name}Roles");
if (values != null)
this.SetAttributeValue($"{name}Roles", new HashSet<string>(values.Where(value => !string.IsNullOrWhiteSpace(value))));
values = privileges.Get<List<string>>($"{name}Users");
if (values != null)
this.SetAttributeValue($"{name}Users", new HashSet<string>(values.Where(value => !string.IsNullOrWhiteSpace(value))));
});
}
#region Properties
/// <summary>
/// Gets or sets the collection of identity of working roles that able to manage (means full access)
/// </summary>
public HashSet<string> AdministrativeRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to manage (means full access)
/// </summary>
public HashSet<string> AdministrativeUsers { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of working roles that able to moderate (means moderate all kinds of resources)
/// </summary>
public HashSet<string> ModerateRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to moderate (means moderate all kinds of resources)
/// </summary>
public HashSet<string> ModerateUsers { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of working roles that able to edit (means create new and re-update the published resources)
/// </summary>
public HashSet<string> EditableRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to edit (means create new and re-update the published resources)
/// </summary>
public HashSet<string> EditableUsers { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of working roles that able to contribute (means create new and view the published/their own resources)
/// </summary>
public HashSet<string> ContributiveRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to contribute (means create new and view the published/their own resources)
/// </summary>
public HashSet<string> ContributiveUsers { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of working roles that able to view the details (means read-only on published resources)
/// </summary>
public HashSet<string> ViewableRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to view the details (means read-only on published resources)
/// </summary>
public HashSet<string> ViewableUsers { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of working roles that able to download files/attachments of the published resources
/// </summary>
public HashSet<string> DownloadableRoles { get; set; } = new HashSet<string>();
/// <summary>
/// Gets or sets the collection of identity of users that able to download files/attachments of the published resources
/// </summary>
public HashSet<string> DownloadableUsers { get; set; } = new HashSet<string>();
#endregion
}
}