Added documentation and improved permission validation
This commit is contained in:
15
HopFrame.Security/AdminPermissions.cs
Normal file
15
HopFrame.Security/AdminPermissions.cs
Normal file
@@ -0,0 +1,15 @@
|
||||
namespace HopFrame.Security;
|
||||
|
||||
public static class AdminPermissions {
|
||||
public const string IsAdmin = "hopframe.admin";
|
||||
|
||||
public const string ViewUsers = "hopframe.admin.users.view";
|
||||
public const string EditUser = "hopframe.admin.users.edit";
|
||||
public const string DeleteUser = "hopframe.admin.users.delete";
|
||||
public const string AddUser = "hopframe.admin.users.add";
|
||||
|
||||
public const string ViewGroups = "hopframe.admin.groups.view";
|
||||
public const string EditGroup = "hopframe.admin.groups.edit";
|
||||
public const string DeleteGroup = "hopframe.admin.groups.delete";
|
||||
public const string AddGroup = "hopframe.admin.groups.add";
|
||||
}
|
||||
@@ -6,12 +6,16 @@ public static class PermissionValidator {
|
||||
var permLow = permission.ToLower();
|
||||
var permsLow = permissions.Select(perm => perm.ToLower()).ToArray();
|
||||
|
||||
if (permsLow.Any(perm => perm == permLow || perm == "*")) return true;
|
||||
if (permsLow.Any(perm =>
|
||||
perm == permLow ||
|
||||
(perm.Length > permLow.Length && perm.StartsWith(permLow) && perm.ToCharArray()[permLow.Length] == '.') ||
|
||||
perm == "*"))
|
||||
return true;
|
||||
|
||||
foreach (var perm in permsLow) {
|
||||
if (!perm.EndsWith(".*")) continue;
|
||||
|
||||
var permissionGroup = perm.Replace(".*", "");
|
||||
var permissionGroup = perm.Substring(0, perm.Length - 1);
|
||||
if (permLow.StartsWith(permissionGroup)) return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -2,6 +2,13 @@ using HopFrame.Database.Models;
|
||||
|
||||
namespace HopFrame.Security.Services;
|
||||
|
||||
/// <summary>
|
||||
/// permission system:<br/>
|
||||
/// - "*" -> all rights<br/>
|
||||
/// - "group.[name]" -> group member<br/>
|
||||
/// - "[namespace].[name]" -> single permission<br/>
|
||||
/// - "[namespace].*" -> all permissions in the namespace
|
||||
/// </summary>
|
||||
public interface IPermissionService {
|
||||
|
||||
Task<bool> HasPermission(string permission, Guid user);
|
||||
|
||||
Reference in New Issue
Block a user