Security.cs 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213
  1. using System;
  2. using System.Collections.Concurrent;
  3. using System.Collections.Generic;
  4. using System.Linq;
  5. using System.Reflection;
  6. using System.Threading.Tasks;
  7. using InABox.Clients;
  8. namespace InABox.Core
  9. {
  10. public static class Security
  11. {
  12. private static ConcurrentBag<ISecurityDescriptor>? _descriptors;
  13. private static GlobalSecurityToken[]? _globaltokens;
  14. private static SecurityToken[]? _grouptokens;
  15. private static UserSecurityToken[]? _usertokens;
  16. public static IEnumerable<ISecurityDescriptor> Descriptors
  17. {
  18. get
  19. {
  20. if (_descriptors == null)
  21. {
  22. _descriptors = new ConcurrentBag<ISecurityDescriptor>();
  23. var custom = Task.Run(() =>
  24. {
  25. var tokens = CoreUtils.TypeList(
  26. AppDomain.CurrentDomain.GetAssemblies(),
  27. x => !x.IsAbstract && !x.IsGenericType && x.GetInterfaces().Any(i => i == typeof(ISecurityDescriptor))
  28. );
  29. foreach (var _class in tokens)
  30. {
  31. var token = (Activator.CreateInstance(_class) as ISecurityDescriptor)!;
  32. _descriptors.Add(token);
  33. }
  34. });
  35. var auto = Task.Run(() =>
  36. {
  37. var tokens = CoreUtils.TypeList(
  38. AppDomain.CurrentDomain.GetAssemblies(),
  39. x => !x.IsAbstract && !x.IsGenericType && x.IsSubclassOf(typeof(Entity))
  40. );
  41. var view = Task.Run(() =>
  42. {
  43. foreach (var _class in tokens)
  44. CheckAutoToken(_class, typeof(CanView<>));
  45. });
  46. var edit = Task.Run(() =>
  47. {
  48. foreach (var _class in tokens.Where(x=>x.GetCustomAttribute<AutoEntity>() == null))
  49. CheckAutoToken(_class, typeof(CanEdit<>));
  50. });
  51. var delete = Task.Run(() =>
  52. {
  53. foreach (var _class in tokens.Where(x=>x.GetCustomAttribute<AutoEntity>() == null))
  54. CheckAutoToken(_class, typeof(CanDelete<>));
  55. });
  56. var issues = Task.Run(() =>
  57. {
  58. foreach (var _class in tokens.Where(x => x.GetInterfaces().Contains(typeof(IIssues))))
  59. CheckAutoToken(_class, typeof(CanManageIssues<>));
  60. });
  61. var exports = Task.Run(() =>
  62. {
  63. foreach (var _class in tokens.Where(x => x.GetInterfaces().Contains(typeof(IExportable))))
  64. CheckAutoToken(_class, typeof(CanExport<>));
  65. });
  66. var imports = Task.Run(() =>
  67. {
  68. foreach (var _class in tokens.Where(x => x.GetInterfaces().Contains(typeof(IImportable))))
  69. CheckAutoToken(_class, typeof(CanImport<>));
  70. });
  71. var merges = Task.Run(() =>
  72. {
  73. foreach (var _class in tokens.Where(x => x.GetInterfaces().Contains(typeof(IMergeable))))
  74. CheckAutoToken(_class, typeof(CanMerge<>));
  75. });
  76. Task.WaitAll(view, edit, delete, issues, exports, merges);
  77. });
  78. Task.WaitAll(custom, auto);
  79. }
  80. return _descriptors.OrderBy(x => x.Type).ThenBy(x => x.Code);
  81. }
  82. }
  83. public static void Reset()
  84. {
  85. _globaltokens = null;
  86. _grouptokens = null;
  87. _usertokens = null;
  88. _descriptors = null;
  89. }
  90. private static void CheckAutoToken(Type _class, Type type)
  91. {
  92. var basetype = typeof(AutoSecurityDescriptor<,>);
  93. var actiontype = type.MakeGenericType(_class);
  94. var descriptortype = basetype.MakeGenericType(_class, actiontype);
  95. var descriptor = (Activator.CreateInstance(descriptortype) as ISecurityDescriptor)!;
  96. if (!_descriptors.Any(x => string.Equals(x.Code, descriptor.Code)))
  97. _descriptors.Add(descriptor);
  98. }
  99. public static bool IsAllowed(Type T, Guid userGuid, Guid securityId)
  100. {
  101. var descriptor = (Activator.CreateInstance(T) as ISecurityDescriptor)!;
  102. try
  103. {
  104. // If you're not logged in, you can't do jack!
  105. if (userGuid == Guid.Empty)
  106. return false;
  107. // First Check for a matching User Token (override)
  108. _usertokens ??= new Client<UserSecurityToken>().Load(new Filter<UserSecurityToken>(x => x.User.ID).IsEqualTo(userGuid));
  109. var usertoken = _usertokens.FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
  110. if (usertoken != null)
  111. return usertoken.Enabled;
  112. // If not found, fall back to the Group Token
  113. _grouptokens ??= new Client<SecurityToken>().Load(new Filter<SecurityToken>(x => x.Group.ID).IsEqualTo(securityId));
  114. var grouptoken = _grouptokens.FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
  115. if (grouptoken != null)
  116. return grouptoken.Enabled;
  117. // Still not found? fall back to the Global Token
  118. _globaltokens ??= new Client<GlobalSecurityToken>().Load();
  119. var globaltoken = _globaltokens.FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
  120. if (globaltoken != null)
  121. return globaltoken.Enabled;
  122. }
  123. catch (Exception e)
  124. {
  125. Logger.Send(LogType.Error, "", string.Format("*** Unknown Error: {0}\n{1}", e.Message, e.StackTrace));
  126. }
  127. // Aaand finally, just return the default for the descriptor
  128. return descriptor.Value;
  129. }
  130. public static bool IsAllowed<T>(Guid userGuid, Guid securityId) where T : ISecurityDescriptor, new()
  131. => IsAllowed(typeof(T), userGuid, securityId);
  132. public static bool IsAllowed<T>() where T : ISecurityDescriptor, new()
  133. => IsAllowed<T>(ClientFactory.UserGuid, ClientFactory.UserSecurityID);
  134. public static bool IsAllowed(Type T)
  135. => IsAllowed(T, ClientFactory.UserGuid, ClientFactory.UserSecurityID);
  136. public static bool CanView<TEntity>(Guid userGuid, Guid securityId) where TEntity : Entity, new()
  137. {
  138. return ClientFactory.IsSupported<TEntity>()
  139. && IsAllowed<AutoSecurityDescriptor<TEntity, CanView<TEntity>>>(userGuid, securityId);
  140. }
  141. public static bool CanView(Type TEntity)
  142. {
  143. return ClientFactory.IsSupported(TEntity) &&
  144. IsAllowed(typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, typeof(CanView<>).MakeGenericType(TEntity)));
  145. }
  146. public static bool CanView<TEntity>() where TEntity : Entity, new()
  147. {
  148. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanView<TEntity>>>();
  149. }
  150. public static bool CanEdit(Type TEntity, Guid userGuid, Guid securityId)
  151. {
  152. return ClientFactory.IsSupported(TEntity) &&
  153. IsAllowed(typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, typeof(CanEdit<>).MakeGenericType(TEntity)), userGuid, securityId);
  154. }
  155. public static bool CanEdit<TEntity>(Guid userGuid, Guid securityId) where TEntity : Entity, new()
  156. {
  157. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanEdit<TEntity>>>(userGuid, securityId);
  158. }
  159. public static bool CanEdit(Type TEntity)
  160. {
  161. return ClientFactory.IsSupported(TEntity) &&
  162. IsAllowed(typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, typeof(CanEdit<>).MakeGenericType(TEntity)));
  163. }
  164. public static bool CanEdit<TEntity>() where TEntity : Entity, new()
  165. {
  166. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanEdit<TEntity>>>();
  167. }
  168. public static bool CanImport<TEntity>() where TEntity : Entity, new()
  169. {
  170. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanImport<TEntity>>>();
  171. }
  172. public static bool CanExport<TEntity>() where TEntity : Entity, new()
  173. {
  174. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanExport<TEntity>>>();
  175. }
  176. public static bool CanMerge<TEntity>() where TEntity : Entity, new()
  177. {
  178. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanMerge<TEntity>>>();
  179. }
  180. public static bool CanDelete<TEntity>() where TEntity : Entity, new()
  181. {
  182. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanDelete<TEntity>>>();
  183. }
  184. public static bool CanManageIssues<TEntity>() where TEntity : Entity, IIssues, new()
  185. {
  186. return ClientFactory.IsSupported<TEntity>() && IsAllowed<AutoSecurityDescriptor<TEntity, CanManageIssues<TEntity>>>();
  187. }
  188. }
  189. }