store and get current app id (draft)
This commit is contained in:
@@ -0,0 +1,39 @@
|
||||
//using Microsoft.AspNetCore.Http;
|
||||
//using Microsoft.AspNetCore.Identity;
|
||||
//using System;
|
||||
//using System.Collections.Generic;
|
||||
//using System.Linq;
|
||||
//using System.Security.Claims;
|
||||
//using System.Text;
|
||||
//using zero.Core.Entities;
|
||||
|
||||
//namespace zero.Core.Api
|
||||
//{
|
||||
// public class AppIdService
|
||||
// {
|
||||
// protected UserManager<User> UserManager { get; private set; }
|
||||
|
||||
// protected IHttpContextAccessor HttpContextAccessor { get; set; }
|
||||
|
||||
// protected ClaimsPrincipal Principal => HttpContextAccessor.HttpContext?.User;
|
||||
|
||||
|
||||
// public AppIdService(UserManager<User> userManager, IHttpContextAccessor httpContextAccessor)
|
||||
// {
|
||||
// UserManager = userManager;
|
||||
// HttpContextAccessor = httpContextAccessor;
|
||||
// }
|
||||
|
||||
|
||||
// /// <inheritdoc />
|
||||
// public string[] GetAllowedAppIds()
|
||||
// {
|
||||
// return Principal.Claims
|
||||
// .Where(claim => claim.Type == Constants.Auth.Claims.Permission && (prefix == null || claim.Value.StartsWith(prefix)))
|
||||
// .Select(claim => Permission.FromClaim(claim, prefix))
|
||||
// .ToList();
|
||||
|
||||
// //return GetPermissions(Permissions.Applications).Where(x => x.CanRead).Select(x => x.NormalizedKey).ToArray();
|
||||
// }
|
||||
// }
|
||||
//}
|
||||
@@ -1,11 +1,13 @@
|
||||
using FluentValidation;
|
||||
using FluentValidation.Results;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
using Raven.Client.Documents;
|
||||
using Raven.Client.Documents.Linq;
|
||||
using Raven.Client.Documents.Session;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using zero.Core.Attributes;
|
||||
using zero.Core.Entities;
|
||||
@@ -237,9 +239,10 @@ namespace zero.Core.Api
|
||||
|
||||
public class AppAwareBackofficeStore : BackofficeStore, IAppAwareBackofficeStore
|
||||
{
|
||||
public AppAwareBackofficeStore(IDocumentStore raven, IMediaUpload media) : base(raven, media)
|
||||
public AppAwareBackofficeStore(IDocumentStore raven, IMediaUpload media, IHttpContextAccessor httpContextAccessor) : base(raven, media)
|
||||
{
|
||||
AppId = "zero.applications.1-A"; // TODO
|
||||
Claim appIdClaim = httpContextAccessor.HttpContext?.User.Claims.FirstOrDefault(x => x.Type == Constants.Auth.Claims.CurrentAppId);
|
||||
AppId = appIdClaim.Value;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -249,7 +249,7 @@ namespace zero.Core.Api
|
||||
IsActive = true,
|
||||
Claims = new List<IUserClaim>()
|
||||
{
|
||||
new UserClaim(type, Permissions.Applications, PermissionsValue.Write),
|
||||
//new UserClaim(type, Permissions.Applications, PermissionsValue.Write),
|
||||
new UserClaim(type, Permissions.Sections.Dashboard, PermissionsValue.True),
|
||||
new UserClaim(type, Permissions.Sections.Spaces, PermissionsValue.True),
|
||||
new UserClaim(type, Permissions.Sections.Pages, PermissionsValue.True),
|
||||
|
||||
@@ -23,6 +23,8 @@
|
||||
public const string Role = "zero.claim.rolealias";
|
||||
public const string SecurityStamp = "zero.claim.securitystamp";
|
||||
public const string Permission = "zero.claim.permission";
|
||||
public const string DefaultAppId = "zero.claim.defaultAppId";
|
||||
public const string CurrentAppId = "zero.claim.currentAppId";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -8,6 +8,9 @@ namespace zero.Core.Entities
|
||||
/// <inheritdoc />
|
||||
public string AppId { get; set; }
|
||||
|
||||
/// <inheritdoc />
|
||||
public string CurrentAppId { get; set; }
|
||||
|
||||
/// <inheritdoc/>
|
||||
public bool IsSuper { get; set; }
|
||||
|
||||
@@ -72,6 +75,11 @@ namespace zero.Core.Entities
|
||||
|
||||
public interface IUser : IZeroEntity, IAppAwareEntity, IZeroDbConventions
|
||||
{
|
||||
/// <summary>
|
||||
/// Currently selected app id for the backoffice
|
||||
/// </summary>
|
||||
public string CurrentAppId { get; set; }
|
||||
|
||||
/// <summary>
|
||||
/// sudo.
|
||||
/// The user who created the instance.
|
||||
|
||||
@@ -0,0 +1,41 @@
|
||||
//using Microsoft.AspNetCore.Http;
|
||||
//using Microsoft.AspNetCore.Identity;
|
||||
//using Raven.Client.Documents;
|
||||
//using Raven.Client.Documents.Linq;
|
||||
//using Raven.Client.Documents.Session;
|
||||
//using System;
|
||||
//using System.Collections.Generic;
|
||||
//using System.Linq;
|
||||
//using System.Security.Claims;
|
||||
//using System.Threading.Tasks;
|
||||
//using zero.Core.Entities;
|
||||
//using zero.Core.Identity;
|
||||
|
||||
//namespace zero.Core.Extensions
|
||||
//{
|
||||
// public static class HttpContextExtensions
|
||||
// {
|
||||
// public static string GetCurrentAppId(this HttpContext context)
|
||||
// {
|
||||
// ClaimsPrincipal user = context.User;
|
||||
|
||||
// var permissions = user.Claims.Where(x => x.Type == Constants.Auth.Claims.Permission && );
|
||||
|
||||
// user.HasClaim(Constants.Auth.Claims.Permission, Permissions.Applications + ":" + PermissionsValue.Write)
|
||||
|
||||
// // this is not the final decision,
|
||||
// // as we need to check permissions too
|
||||
// string currentAppId = user.CurrentAppId;
|
||||
|
||||
// // set to default app id when nothing selected yet
|
||||
// if (currentAppId.IsNullOrEmpty())
|
||||
// {
|
||||
// currentAppId = user.AppId;
|
||||
// }
|
||||
|
||||
// UserManager<User> manager;
|
||||
|
||||
// manager.cla
|
||||
// }
|
||||
// }
|
||||
//}
|
||||
@@ -6,7 +6,7 @@
|
||||
/// Ability to switch zero applications and read/write other applications out of the user appId
|
||||
/// If PermissionsValue.Write is set for this permission, the user will be limited to his/her claims in other applications too
|
||||
/// </summary>
|
||||
public const string Applications = "applications";
|
||||
public const string Applications = "applications.";
|
||||
|
||||
|
||||
public struct Settings
|
||||
|
||||
@@ -1,5 +1,7 @@
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Extensions.Options;
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Security.Claims;
|
||||
using System.Threading.Tasks;
|
||||
using zero.Core;
|
||||
@@ -27,6 +29,22 @@ namespace zero.Web
|
||||
identity.AddClaim(new Claim(Constants.Auth.Claims.IsSuper, PermissionsValue.True));
|
||||
}
|
||||
|
||||
// get all allowed app ids
|
||||
IEnumerable<Permission> permissions = identity.Claims
|
||||
.Where(claim => claim.Type == Constants.Auth.Claims.Permission && claim.Value.StartsWith(Permissions.Applications))
|
||||
.Select(x => Permission.FromClaim(x, Permissions.Applications));
|
||||
|
||||
string[] appIds = permissions.Where(x => x.IsTrue).Select(x => x.NormalizedKey).ToArray();
|
||||
|
||||
string currentAppId = user.CurrentAppId ?? user.AppId;
|
||||
|
||||
if (!user.IsSuper && !appIds.Contains(currentAppId))
|
||||
{
|
||||
currentAppId = user.AppId;
|
||||
}
|
||||
|
||||
identity.AddClaim(new Claim(Constants.Auth.Claims.CurrentAppId, currentAppId));
|
||||
|
||||
return principal;
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user