Created
March 18, 2016 19:22
-
-
Save portal7/1ca492237b7cd5cc7a59 to your computer and use it in GitHub Desktop.
Granular permissions with certain requirements for an MVC site
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class ApplicationUser : IPrincipal | |
| { | |
| private readonly RoleSet roles; | |
| public ApplicationUser(RoleSet roles) | |
| { | |
| this.roles = roles; | |
| } | |
| public bool IsInRole(string role) | |
| { | |
| return roles.Includes(role); | |
| } | |
| public IIdentity Identity | |
| { | |
| get { return new GenericIdentity("User"); } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class CompositeRoleSet | |
| { | |
| public static CompositeRoleSet CreateDefault() | |
| { | |
| var set = new CompositeRoleSet(); | |
| set.Register(Role.ReadWrite, Role.Read, Role.Write); | |
| return set; | |
| } | |
| private readonly Dictionary<Role, Role[]> compositeRoles = new Dictionary<Role, Role[]>(); | |
| private void Register(Role composite, params Role[] contains) | |
| { | |
| compositeRoles.Add(composite, contains); | |
| } | |
| public RoleSet Resolve(params Role[] roles) | |
| { | |
| return new RoleSet(roles.SelectMany(Resolve)); | |
| } | |
| private IEnumerable<Role> Resolve(Role role) | |
| { | |
| Role[] roles; | |
| if (compositeRoles.TryGetValue(role, out roles) == false) | |
| { | |
| roles = new[] {role}; | |
| } | |
| return roles; | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public MvcApplication() | |
| { | |
| AuthenticateRequest += OnAuthenticateRequest; | |
| } | |
| private void OnAuthenticateRequest(object sender, EventArgs eventArgs) | |
| { | |
| var allRoles = CompositeRoleSet.CreateDefault(); | |
| var roles = allRoles.Resolve(Role.ReadWrite); | |
| Context.User = new ApplicationUser(roles); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class HomeController : Controller | |
| { | |
| [AuthorizeRoles(Role.Read)] | |
| public ActionResult Index() | |
| { | |
| ViewData["Message"] = "Welcome to ASP.NET MVC!"; | |
| return View(); | |
| } | |
| [AuthorizeRoles(Role.Write)] | |
| public ActionResult About() | |
| { | |
| return View(); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public enum Role | |
| { | |
| Read, | |
| Write, | |
| ReadWrite | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| public class RoleSet | |
| { | |
| public RoleSet(IEnumerable<Role> roles) | |
| { | |
| Names = roles.Select(role => role.ToString()); | |
| } | |
| public bool Includes(IPrincipal user) | |
| { | |
| return Names.Any(user.IsInRole); | |
| } | |
| public bool Includes(string role) | |
| { | |
| return Names.Contains(role); | |
| } | |
| public IEnumerable<string> Names { get; private set; } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Obtained From http://stackoverflow.com/questions/4359661/granular-permissions-with-certain-requirements-for-an-mvc-site