mirror of
https://github.com/zoriya/Kyoo.git
synced 2025-05-31 04:04:21 -04:00
172 lines
5.2 KiB
C#
172 lines
5.2 KiB
C#
using System;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.Extensions.DependencyInjection;
|
|
|
|
namespace Kyoo.Abstractions.Models.Permissions
|
|
{
|
|
/// <summary>
|
|
/// The kind of permission needed.
|
|
/// </summary>
|
|
public enum Kind
|
|
{
|
|
Read,
|
|
Write,
|
|
Create,
|
|
Delete
|
|
}
|
|
|
|
/// <summary>
|
|
/// The group of the permission.
|
|
/// </summary>
|
|
public enum Group
|
|
{
|
|
Overall,
|
|
Admin
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify permissions needed for the API.
|
|
/// </summary>
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
|
|
public class PermissionAttribute : Attribute, IFilterFactory
|
|
{
|
|
/// <summary>
|
|
/// The needed permission as string.
|
|
/// </summary>
|
|
public string Type { get; }
|
|
/// <summary>
|
|
/// The needed permission kind.
|
|
/// </summary>
|
|
public Kind Kind { get; }
|
|
/// <summary>
|
|
/// The group of this permission
|
|
/// </summary>
|
|
public Group Group { get; }
|
|
|
|
/// <summary>
|
|
/// Ask a permission to run an action.
|
|
/// </summary>
|
|
/// <param name="type">
|
|
/// The type of the action
|
|
/// (if the type ends with api, it will be removed. This allow you to use nameof(YourApi)).
|
|
/// </param>
|
|
/// <param name="permission">The kind of permission needed</param>
|
|
/// <param name="group">
|
|
/// The group of this permission (allow grouped permission like overall.read
|
|
/// for all read permissions of this group)
|
|
/// </param>
|
|
public PermissionAttribute(string type, Kind permission, Group group = Group.Overall)
|
|
{
|
|
if (type.EndsWith("API", StringComparison.OrdinalIgnoreCase))
|
|
type = type[..^3];
|
|
Type = type.ToLower();
|
|
Kind = permission;
|
|
Group = group;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public IFilterMetadata CreateInstance(IServiceProvider serviceProvider)
|
|
{
|
|
return serviceProvider.GetRequiredService<IPermissionValidator>().Create(this);
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public bool IsReusable => true;
|
|
|
|
/// <summary>
|
|
/// Return this permission attribute as a string
|
|
/// </summary>
|
|
/// <returns>The string representation.</returns>
|
|
public string AsPermissionString()
|
|
{
|
|
return Type;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
/// Specify one part of a permissions needed for the API (the kind or the type).
|
|
/// </summary>
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true)]
|
|
public class PartialPermissionAttribute : Attribute, IFilterFactory
|
|
{
|
|
/// <summary>
|
|
/// The needed permission type.
|
|
/// </summary>
|
|
public string Type { get; }
|
|
/// <summary>
|
|
/// The needed permission kind.
|
|
/// </summary>
|
|
public Kind Kind { get; }
|
|
|
|
/// <summary>
|
|
/// Ask a permission to run an action.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// With this attribute, you can only specify a type or a kind.
|
|
/// To have a valid permission attribute, you must specify the kind and the permission using two attributes.
|
|
/// Those attributes can be dispatched at different places (one on the class, one on the method for example).
|
|
/// If you don't put exactly two of those attributes, the permission attribute will be ill-formed and will
|
|
/// lead to unspecified behaviors.
|
|
/// </remarks>
|
|
/// <param name="type">
|
|
/// The type of the action
|
|
/// (if the type ends with api, it will be removed. This allow you to use nameof(YourApi)).
|
|
/// </param>
|
|
public PartialPermissionAttribute(string type)
|
|
{
|
|
if (type.EndsWith("API", StringComparison.OrdinalIgnoreCase))
|
|
type = type[..^3];
|
|
Type = type.ToLower();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Ask a permission to run an action.
|
|
/// </summary>
|
|
/// <remarks>
|
|
/// With this attribute, you can only specify a type or a kind.
|
|
/// To have a valid permission attribute, you must specify the kind and the permission using two attributes.
|
|
/// Those attributes can be dispatched at different places (one on the class, one on the method for example).
|
|
/// If you don't put exactly two of those attributes, the permission attribute will be ill-formed and will
|
|
/// lead to unspecified behaviors.
|
|
/// </remarks>
|
|
/// <param name="permission">The kind of permission needed</param>
|
|
public PartialPermissionAttribute(Kind permission)
|
|
{
|
|
Kind = permission;
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public IFilterMetadata CreateInstance(IServiceProvider serviceProvider)
|
|
{
|
|
return serviceProvider.GetRequiredService<IPermissionValidator>().Create(this);
|
|
}
|
|
|
|
/// <inheritdoc />
|
|
public bool IsReusable => true;
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// A service to validate permissions
|
|
/// </summary>
|
|
public interface IPermissionValidator
|
|
{
|
|
/// <summary>
|
|
/// Create an IAuthorizationFilter that will be used to validate permissions.
|
|
/// This can registered with any lifetime.
|
|
/// </summary>
|
|
/// <param name="attribute">The permission attribute to validate</param>
|
|
/// <returns>An authorization filter used to validate the permission</returns>
|
|
IFilterMetadata Create(PermissionAttribute attribute);
|
|
|
|
/// <summary>
|
|
/// Create an IAuthorizationFilter that will be used to validate permissions.
|
|
/// This can registered with any lifetime.
|
|
/// </summary>
|
|
/// <param name="attribute">
|
|
/// A partial attribute to validate. See <see cref="PartialPermissionAttribute"/>.
|
|
/// </param>
|
|
/// <returns>An authorization filter used to validate the permission</returns>
|
|
IFilterMetadata Create(PartialPermissionAttribute attribute);
|
|
}
|
|
} |