using System.Collections.Generic; using System.Linq; using System.Security.Claims; using zero.Core.Extensions; namespace zero.Core.Identity { public class Permission { /// /// Full key (stored in left part claim value) of the permission /// public string Key { get; set; } /// /// Normalized key with optionally removed prefix /// public string NormalizedKey { get; set; } /// /// Value of the permission (boolean, read/write, ...). Stored in right part of claim value /// public string Value { get; set; } /// /// Title of this permission for output /// public string Label { get; set; } /// /// Optional description text /// public string Description { get; set; } /// /// Datatype of the value /// public PermissionValueType ValueType { get; set; } /// /// Renders a custom component for this permission in the backoffice /// public string CustomComponentPath { get; set; } public Permission() { } public Permission(string key, string value, PermissionValueType valueType = PermissionValueType.CRUD) { Key = key; Value = value; ValueType = valueType; } public Permission(string key, string label, string description, PermissionValueType valueType = PermissionValueType.CRUD) { Key = key; Label = label; Description = description; ValueType = valueType; } /// /// Whether the value is read or write /// public bool CanRead => Value == PermissionsValue.Read || Value == PermissionsValue.Update; /// /// Whether the value is write /// public bool CanWrite => Value == PermissionsValue.Update; /// /// Whether the value is true /// public bool IsTrue => Value == PermissionsValue.True; /// /// Whether the value is false /// public bool IsFalse => Value == PermissionsValue.False; /// /// Whether a resource (with authorization based on the key) can be read by any of the given permisssions /// public static bool CanReadKey(IEnumerable permissions, string key, bool isNormalized = false) { Permission permission = permissions.FirstOrDefault(p => isNormalized ? p.NormalizedKey == key : p.Key == key); return permission?.CanRead ?? false; } /// /// Whether a resource (with authorization based on the key) can be written to by any of the given permisssions /// public static bool CanWriteKey(IEnumerable permissions, string key, bool isNormalized = false) { Permission permission = permissions.FirstOrDefault(p => isNormalized ? p.NormalizedKey == key : p.Key == key); return permission?.CanWrite ?? false; } /// /// Create a permission from a claim /// public static Permission FromClaim(Claim claim, string prefixToRemove = null) { if (claim == null) { return null; } return FromClaim(claim.Value, prefixToRemove); } /// /// Create a permission from a claim /// public static Permission FromClaim(string claimValue, string prefixToRemove = null) { Permission permission = new Permission(); string[] valueParts = claimValue.Split(':'); permission.Key = valueParts[0]; permission.NormalizedKey = permission.Key; permission.Value = valueParts.Length > 1 ? valueParts[1] : null; if (!prefixToRemove.IsNullOrEmpty()) { permission.NormalizedKey = valueParts[0].TrimStart(prefixToRemove); } return permission; } } }