refactoring authorizations

2016-12-02 11:57:19 +01:00
parent 571bf2c715
commit 0e46342cb1
9 changed files with 71 additions and 57 deletions
--- a/Yavsc/ApiControllers/PdfEstimateController.cs
+++ b/Yavsc/ApiControllers/PdfEstimateController.cs
@ -3,7 +3,6 @@ using Microsoft.AspNet.Authorization;
 using Microsoft.AspNet.Mvc;
 using System.Web.Routing;
 using Microsoft.AspNet.Mvc.ViewComponents;
-using Microsoft.AspNet.Razor;

 namespace Yavsc.ApiControllers
 {
@ -14,13 +13,6 @@ namespace Yavsc.ApiControllers
    public class PdfEstimateController : Controller
    {
        ApplicationDbContext dbContext;
-        DefaultViewComponentHelper helper;
-        IViewComponentDescriptorCollectionProvider provider;
-        IViewComponentInvokerFactory factory;
-        RazorEngineHost host;
-        RazorTemplateEngine engine;
-        IViewComponentSelector selector;
-

        public PdfEstimateController(
            IViewComponentDescriptorCollectionProvider provider,
@ -29,30 +21,7 @@ namespace Yavsc.ApiControllers
         ApplicationDbContext context)
        {
            
-            this.selector = selector;
-            this.provider = provider;
-            this.factory = factory;
-            helper = new DefaultViewComponentHelper(provider, selector, factory);
            dbContext = context;
-
-            var language = new CSharpRazorCodeLanguage();
-            host = new RazorEngineHost(language)
-            {
-                DefaultBaseClass = "RazorPage",
-                DefaultClassName = "Estimate",
-                DefaultNamespace = "Yavsc",
-            };
-
-            // Everyone needs the System namespace, right?
-            host.NamespaceImports.Add("System");
-            engine = new RazorTemplateEngine(host);
-
-            
-            /*
-            GeneratorResults razorResult =
-   engine.GenerateCode(
-
-   ) */
        }


--- a/Yavsc/Controllers/BlogspotController.cs
+++ b/Yavsc/Controllers/BlogspotController.cs
@ -10,6 +10,7 @@ using Microsoft.AspNet.Authorization;
 using Microsoft.Data.Entity;
 using Microsoft.Extensions.OptionsModel;
 using Yavsc.Models;
+using Yavsc.ViewModels.Auth;

 // For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860

--- a/Yavsc/Startup/Startup.cs
+++ b/Yavsc/Startup/Startup.cs
@ -26,6 +26,7 @@ using Microsoft.Net.Http.Headers;
 using Yavsc.Formatters;
 using Yavsc.Models;
 using Yavsc.Services;
+using Yavsc.ViewModels.Auth;

 namespace Yavsc
 {
--- a/Yavsc/ViewModels/Auth/AuthorisationHandlers.cs
+++ b/Yavsc/ViewModels/Auth/AuthorisationHandlers.cs
@ -4,18 +4,9 @@ using System.Security.Claims;
 using Microsoft.AspNet.Authorization;
 using Yavsc.Models;
 using Yavsc.Models.Booking;
+using Yavsc.ViewModels.Auth;

 namespace Yavsc {
-    public class PrivateChatEntryRequirement : IAuthorizationRequirement
-    {
-    }
-
-    public class EditRequirement : IAuthorizationRequirement
-    {
-        public EditRequirement()
-        {
-        }
-    }

    public class FileSpotInfo : IAuthorizationRequirement
    {
@ -63,20 +54,7 @@ namespace Yavsc {

    }
    
-public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
-    {
-        protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
-        {
-            if (context.User.IsInRole("Moderator"))
-                context.Succeed(requirement);
-            else if (context.User.Identity.IsAuthenticated)
-            if (resource.AuthorId == context.User.GetUserId())
-                context.Succeed(requirement); 
-            else if (resource.Visible)
-            // TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
-                context.Succeed(requirement); 
-        }
-    }
+

    public class CommandViewHandler : AuthorizationHandler<ViewRequirement, BookQuery>
    {
--- a/Yavsc/ViewModels/Auth/BlogViewHandler.cs
+++ b/Yavsc/ViewModels/Auth/BlogViewHandler.cs
@ -0,0 +1,21 @@
+using System.Security.Claims;
+using Microsoft.AspNet.Authorization;
+using Yavsc.Models;
+
+namespace Yavsc.ViewModels.Auth
+{
+    public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
+    {
+        protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
+        {
+            if (context.User.IsInRole("Moderator"))
+                context.Succeed(requirement);
+            else if (context.User.Identity.IsAuthenticated)
+            if (resource.AuthorId == context.User.GetUserId())
+                context.Succeed(requirement); 
+            else if (resource.Visible)
+            // TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
+                context.Succeed(requirement); 
+        }
+    }
+}
--- a/Yavsc/ViewModels/Auth/EditRequirement.cs
+++ b/Yavsc/ViewModels/Auth/EditRequirement.cs
@ -0,0 +1,11 @@
+using Microsoft.AspNet.Authorization;
+
+namespace Yavsc.ViewModels.Auth
+{
+    public class EditRequirement : IAuthorizationRequirement
+    {
+        public EditRequirement()
+        {
+        }
+    }
+}
--- a/Yavsc/ViewModels/Auth/EstimateViewHandler.cs
+++ b/Yavsc/ViewModels/Auth/EstimateViewHandler.cs
@ -0,0 +1,26 @@
+using System.Security.Claims;
+using Microsoft.AspNet.Authorization;
+using Yavsc.Models.Billing;
+
+namespace Yavsc.ViewModels.Auth
+{
+    public class EstimateViewHandler : AuthorizationHandler<ViewRequirement, Estimate>
+    {
+         protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Estimate resource)
+        {
+            if (context.User.IsInRole("Moderator"))
+                context.Succeed(requirement);
+            else if (!context.User.Identity.IsAuthenticated)
+                context.Fail();
+            else {
+            var uid = context.User.GetUserId();
+            
+            if (resource.OwnerId == uid || resource.Query.ClientId == uid)
+                context.Succeed(requirement); 
+            else
+            // TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
+                context.Fail();
+            }
+        }
+    }
+}
--- a/Yavsc/ViewModels/Auth/PrivateChatEntryRequirement.cs
+++ b/Yavsc/ViewModels/Auth/PrivateChatEntryRequirement.cs
@ -0,0 +1,8 @@
+using Microsoft.AspNet.Authorization;
+
+namespace Yavsc.ViewModels.Auth
+{
+   public class PrivateChatEntryRequirement : IAuthorizationRequirement
+    {
+    }
+}
--- a/Yavsc/Views/Shared/_Layout.cshtml
+++ b/Yavsc/Views/Shared/_Layout.cshtml
@ -21,13 +21,12 @@
        <environment names="Staging,Production,yavsc,yavscpre,booking,lua">
            <script src="https://ajax.aspnetcdn.com/ajax/jquery/jquery-2.1.4.min.js"
                    asp-fallback-src="~/bower_components/jquery/dist/jquery.min.js"
-                    asp-fallback-test="window.jQuery">
+                    asp-fallback-test="window.jQuery" >
            </script>
            <script src="https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.5/bootstrap.min.js"
                    asp-fallback-src="~/bower_components/bootstrap/dist/js/bootstrap.min.js"
                    asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal">
            </script>
-            <script src="~/js/site.min.js" asp-append-version="true"></script>
        </environment>
        @RenderSection("header", required: false)
    </head>