leon.hoppe/HopFrame
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Added documentation and improved permission validation

Browse Source
This commit is contained in:
Leon Hoppe
2024-08-18 12:01:17 +02:00
parent 893431536d
commit 4aaf126c9d
16 changed files with 202 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
HopFrame.Security/AdminPermissions.cs Normal file
View File

@@ -0,0 +1,15 @@
namespace HopFrame.Security;
public static class AdminPermissions {
public const string IsAdmin = "hopframe.admin";
public const string ViewUsers = "hopframe.admin.users.view";
public const string EditUser = "hopframe.admin.users.edit";
public const string DeleteUser = "hopframe.admin.users.delete";
public const string AddUser = "hopframe.admin.users.add";
public const string ViewGroups = "hopframe.admin.groups.view";
public const string EditGroup = "hopframe.admin.groups.edit";
public const string DeleteGroup = "hopframe.admin.groups.delete";
public const string AddGroup = "hopframe.admin.groups.add";
}

8
HopFrame.Security/Authorization/PermissionValidator.cs
View File

@@ -6,12 +6,16 @@ public static class PermissionValidator {
var permLow = permission.ToLower();
var permsLow = permissions.Select(perm => perm.ToLower()).ToArray();
if (permsLow.Any(perm => perm == permLow || perm == "*")) return true;
if (permsLow.Any(perm =>
perm == permLow ||
(perm.Length > permLow.Length && perm.StartsWith(permLow) && perm.ToCharArray()[permLow.Length] == '.') ||
perm == "*"))
return true;
foreach (var perm in permsLow) {
if (!perm.EndsWith(".*")) continue;
var permissionGroup = perm.Replace(".*", "");
var permissionGroup = perm.Substring(0, perm.Length - 1);
if (permLow.StartsWith(permissionGroup)) return true;
}

7
HopFrame.Security/Services/IPermissionService.cs
View File

@@ -2,6 +2,13 @@ using HopFrame.Database.Models;
namespace HopFrame.Security.Services;
/// <summary>
/// permission system:<br/>
/// - "*" -> all rights<br/>
/// - "group.[name]" -> group member<br/>
/// - "[namespace].[name]" -> single permission<br/>
/// - "[namespace].*" -> all permissions in the namespace
/// </summary>
public interface IPermissionService {
Task<bool> HasPermission(string permission, Guid user);