using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Raven.Client.Documents; using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Threading.Tasks; using zero.Core.Database; using zero.Core.Entities; using zero.Core.Identity; namespace zero.Core.Api { public class AuthorizationApi : IAuthorizationApi { protected IHttpContextAccessor HttpContextAccessor { get; set; } protected SignInManager SignInManager { get; private set; } protected ClaimsPrincipal Principal => HttpContextAccessor.HttpContext?.User; public AuthorizationApi(IHttpContextAccessor httpContextAccessor, SignInManager signInManager) { HttpContextAccessor = httpContextAccessor; SignInManager = signInManager; } /// public bool IsLoggedIn() { ClaimsPrincipal principal = HttpContextAccessor.HttpContext.User; bool isAuthenticated = principal.Identity.IsAuthenticated; bool isZeroUser = principal.HasClaim(Constants.Auth.Claims.IsZero, PermissionsValue.True); bool isSignedIn = SignInManager.IsSignedIn(principal); return isAuthenticated && isZeroUser && isSignedIn; } /// public bool IsSuper() { return Principal.HasClaim(Constants.Auth.Claims.IsSuper, PermissionsValue.True); } /// public bool IsAdmin() { return Principal.HasClaim(Constants.Auth.Claims.Role, "administrator"); // TODO use constant (in setup as well) } /// public IList GetPermissions(string prefix = null) { return Principal.Claims .Where(claim => claim.Type == Constants.Auth.Claims.Permission && (prefix == null || claim.Value.StartsWith(prefix))) .Select(claim => Permission.FromClaim(claim, prefix)) .ToList(); } /// public Permission GetPermission(string key = null) { Claim claim = Principal.Claims.FirstOrDefault(claim => claim.Type == Constants.Auth.Claims.Permission && claim.Value.StartsWith(key + ":")); return Permission.FromClaim(claim); } public EntityPermission GetPermissionForEntity(T model, string permissionKey) where T : IZeroEntity { EntityPermission result = new EntityPermission(); if (!IsLoggedIn()) { return result; } Type type = typeof(T); bool isSuperUser = Principal.HasClaim(Constants.Auth.Claims.IsSuper, PermissionsValue.True); //result.IsAppAware = AppAwareType.IsAssignableFrom(type); // TODO appx //result.IsShareable = result.IsAppAware && AppAwareShareableType.IsAssignableFrom(type); if (isSuperUser) { result.CanCreate = true; result.CanCreateShared = result.CanCreate && result.IsShareable; result.CanEdit = true; result.CanRead = true; result.CanDelete = true; return result; } Permission permission = GetPermission(permissionKey); if (permission != null) { } return result; } } public interface IAuthorizationApi { /// /// Whether a user is currently logged-in /// bool IsLoggedIn(); /// /// Whether the current user is the super user who created the zero instance /// bool IsSuper(); /// /// Whether the current user belongs to the administrator role (will always return false if this role gets deleted) /// bool IsAdmin(); /// /// Get all permissions for the current user with an optional prefix /// IList GetPermissions(string prefix = null); /// /// Get a single permissions by key /// public Permission GetPermission(string key = null); } }