124 lines
3.2 KiB
C#
124 lines
3.2 KiB
C#
using Core.Enumerations;
|
|
using DataProviders.Buckets;
|
|
using DataProviders.Collections;
|
|
using DomainObjects.Documents.Users;
|
|
using FileSecurityService;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.Extensions.Options;
|
|
using WeatherForecast.Policies.Abstractions;
|
|
|
|
namespace WeatherForecast.Policies;
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public class ImageAuthorisationHandler : AuthorizationHandlerBase<ImageAuthorisationRequirement, List<BucketFile>> {
|
|
|
|
private readonly IFileSecurityService _fileSecurityService;
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="configuration"></param>
|
|
/// <param name="contextAccessor"></param>
|
|
/// <param name="siteDataProvider"></param>
|
|
/// <param name="userDataProvider"></param>
|
|
/// <param name="fileSecurityService"></param>
|
|
public ImageAuthorisationHandler(
|
|
IOptions<Configuration> configuration,
|
|
IHttpContextAccessor contextAccessor,
|
|
ISiteDataProvider siteDataProvider,
|
|
IUserDataProvider userDataProvider,
|
|
IFileSecurityService fileSecurityService
|
|
) : base(configuration, contextAccessor, siteDataProvider, userDataProvider) {
|
|
_fileSecurityService = fileSecurityService;
|
|
}
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="context"></param>
|
|
/// <param name="requirement"></param>
|
|
/// <param name="resource"></param>
|
|
/// <returns></returns>
|
|
/// <exception cref="NotImplementedException"></exception>
|
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ImageAuthorisationRequirement requirement, List<BucketFile> resource) {
|
|
|
|
var (site, user) = GetUser(context);
|
|
if (site == null || user == null)
|
|
return Task.CompletedTask;
|
|
|
|
var userRole = GetRole(site, user);
|
|
|
|
var req = requirement.Roles.SingleOrDefault(x => x.Role == userRole);
|
|
if (req == null)
|
|
return Task.CompletedTask;
|
|
|
|
foreach (var res in resource) {
|
|
var (fileCategory, signatureResult) = _fileSecurityService.CheckFileSignature(res.Name, res.Bytes, res.ContentType);
|
|
if (!signatureResult.IsSuccess || fileCategory == null)
|
|
return Task.CompletedTask;
|
|
|
|
if (req.OwnOnly && res.UserId != user.Id)
|
|
return Task.CompletedTask;
|
|
|
|
if (req.DenyPublished && res.Published != null)
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
context.Succeed(requirement);
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public class ImageRole {
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public Roles Role { get; private set; }
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public bool DenyPublished { get; init; } = false;
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public bool OwnOnly { get; init; } = false;
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="role"></param>
|
|
public ImageRole(Roles role) {
|
|
Role = role;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public class ImageAuthorisationRequirement : AuthorizationRequirementBase {
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public List<ImageRole> Roles { get; private set; }
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="action"></param>
|
|
/// <param name="roles"></param>
|
|
public ImageAuthorisationRequirement(CrudActions action, List<ImageRole> roles) : base(action) {
|
|
Roles = roles;
|
|
}
|
|
}
|
|
|