paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[WIP] user file auth

Browse Source
This commit is contained in:
Paul Schneider
2019-08-14 14:11:27 +01:00
parent ed3dece836
commit 2f096a4537
3 changed files with 25 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
src/Yavsc/Services/FileSystemAuthManager.cs
View File

@ -3,31 +3,46 @@ using System.Linq;
using System.Security.Principal;
using System.Security.Claims;
using Yavsc.Models;
using Microsoft.Extensions.Logging;
namespace Yavsc.Services
{
public class FileSystemAuthManager : IFileSystemAuthManager
{
ApplicationDbContext _dbContext;
ILogger _logger;
public FileSystemAuthManager(ApplicationDbContext dbContext)
public FileSystemAuthManager(ApplicationDbContext dbContext, ILoggerFactory loggerFactory)
{
_dbContext = dbContext;
_logger = loggerFactory.CreateLogger<FileSystemAuthManager>();
}
public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath)
{
// Assert (normalizedFullPath!=null)
var parts = normalizedFullPath.Split('/');
if (parts.Length<2) return FileAccessRight.None;
var funame = parts[0];
if (funame == user.GetUserName()) return FileAccessRight.Read | FileAccessRight.Write;
var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).ToArray();
if (parts.Length<4) return FileAccessRight.None;
var funame = parts[2];
var filePath = string.Join("/",parts.Skip(3));
if (_dbContext.CircleAuthorizationToFile.Any(
r => r.FullPath == normalizedFullPath && ucl.Contains(r.CircleId)
)) return FileAccessRight.Read;
_logger.LogInformation($"{normalizedFullPath} from {funame}");
if (funame == user?.GetUserName()) return FileAccessRight.Read | FileAccessRight.Write;
var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).Distinct().ToArray();
var uclString = string.Join(",", ucl);
_logger.LogInformation($"{uclString} ");
foreach (
var cid in ucl
) {
var ok = _dbContext.CircleAuthorizationToFile.Any(a => a.CircleId == cid && a.FullPath == filePath);
if (ok) return FileAccessRight.Read;
}
return FileAccessRight.None;
}