yavsc/src/Yavsc/Services/FileSystemAuthManager.cs

using System;
using System.Linq;
using System.Security.Principal;
using System.Security.Claims;
using Yavsc.Models;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using System.IO;
using rules;
using Microsoft.Data.Entity;
using Microsoft.AspNet.FileProviders;

namespace Yavsc.Services
{
    public class FileSystemAuthManager : IFileSystemAuthManager
    {
        class BelongsToCircle : UserMatch
        {
            public override bool Match(string userId)
            {
                return true;
            }
        }
        class OutOfCircle : UserMatch
        {
            public override bool Match(string userId)
            {
                return false;
            }
        }
        UserMatch Out = new OutOfCircle();
        UserMatch In = new BelongsToCircle();

        readonly ApplicationDbContext _dbContext;
        readonly ILogger _logger;

        readonly SiteSettings SiteSettings;

        readonly string aclfileName;

        readonly RuleSetParser ruleSetParser;

        public FileSystemAuthManager(ApplicationDbContext dbContext, ILoggerFactory loggerFactory,
            IOptions<SiteSettings> sitesOptions)
        {
            _dbContext = dbContext;
            _logger = loggerFactory.CreateLogger<FileSystemAuthManager>();
            SiteSettings = sitesOptions.Value;
            aclfileName = SiteSettings.AccessListFileName;
            ruleSetParser = new RuleSetParser(false);
        }

        public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, IFileInfo file)
        {
            var parts = file.PhysicalPath.Split(Path.DirectorySeparatorChar);
            var cwd = Environment.CurrentDirectory.Split(Path.DirectorySeparatorChar).Length;

            
            // below 3 parts behind cwd, no file name.
            if (parts.Length < cwd + 3) return FileAccessRight.None;

            var fileDir = string.Join("/", parts.Take(parts.Length - 1));
            var fileName = parts[parts.Length - 1];

            var cusername = user.GetUserName();

            var funame = parts[cwd+1];
            if (funame == cusername)
            {
                return FileAccessRight.Read | FileAccessRight.Write;
            }

            if (aclfileName == fileName)
                return FileAccessRight.None;

            ruleSetParser.Reset();
            var cuserid = user.GetUserId();

            var fuserid = _dbContext.Users.SingleOrDefault(u => u.UserName == funame).Id;

            if (string.IsNullOrEmpty(fuserid)) return FileAccessRight.None;

            var circles = _dbContext.Circle.Include(mb => mb.Members).Where(c => c.OwnerId == fuserid).ToArray();
            foreach (var circle in circles)
            {
                if (circle.Members.Any(m => m.MemberId == cuserid))
                    ruleSetParser.Definitions.Add(circle.Name, In);
                else ruleSetParser.Definitions.Add(circle.Name, Out);
            }

            for (int dirlevel = parts.Length - 1; dirlevel > cwd + 1; dirlevel--)
            {
                fileDir = string.Join(Path.DirectorySeparatorChar.ToString(), parts.Take(dirlevel));
                var aclfin = Path.Combine(fileDir, aclfileName);
                var aclfi = new FileInfo(aclfin);
                if (!aclfi.Exists) continue;
                ruleSetParser.ParseFile(aclfi.FullName);
            }

            if (ruleSetParser.Rules.Allow(cusername))
            {
                return FileAccessRight.Read;
            }
            return  FileAccessRight.None;
            // TODO default user scoped file access policy

        }

        public string NormalizePath(string path)
        {
            throw new NotImplementedException();
        }

        public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
        {
            throw new NotImplementedException();
        }
    }
}
file dl auth 6 years ago			`using System;`
			`using System.Linq;`
			`using System.Security.Principal;`
			`using System.Security.Claims;`
			`using Yavsc.Models;`
[WIP] user file auth 6 years ago			`using Microsoft.Extensions.Logging;`
code guidelines 5 years ago			`using Microsoft.Extensions.OptionsModel;`
			`using System.IO;`
			`using rules;`
implement predefined circles usage 5 years ago			`using Microsoft.Data.Entity;`
Not a final solution,dealing with 403 status codes ... 5 years ago			`using Microsoft.AspNet.FileProviders;`
file dl auth 6 years ago
			`namespace Yavsc.Services`
			`{`
			`public class FileSystemAuthManager : IFileSystemAuthManager`
			`{`
implement predefined circles usage 5 years ago			`class BelongsToCircle : UserMatch`
			`{`
			`public override bool Match(string userId)`
			`{`
			`return true;`
			`}`
			`}`
			`class OutOfCircle : UserMatch`
			`{`
			`public override bool Match(string userId)`
			`{`
			`return false;`
			`}`
			`}`
			`UserMatch Out = new OutOfCircle();`
			`UserMatch In = new BelongsToCircle();`

principalement du format de code 5 years ago			`readonly ApplicationDbContext _dbContext;`
			`readonly ILogger _logger;`
file dl auth 6 years ago
code guidelines 5 years ago			`readonly SiteSettings SiteSettings;`

			`readonly string aclfileName;`

			`readonly RuleSetParser ruleSetParser;`

			`public FileSystemAuthManager(ApplicationDbContext dbContext, ILoggerFactory loggerFactory,`
			`IOptions<SiteSettings> sitesOptions)`
file dl auth 6 years ago			`{`
			`_dbContext = dbContext;`
[WIP] user file auth 6 years ago			`_logger = loggerFactory.CreateLogger<FileSystemAuthManager>();`
code guidelines 5 years ago			`SiteSettings = sitesOptions.Value;`
			`aclfileName = SiteSettings.AccessListFileName;`
Not a final solution,dealing with 403 status codes ... 5 years ago			`ruleSetParser = new RuleSetParser(false);`
file dl auth 6 years ago			`}`

Not a final solution,dealing with 403 status codes ... 5 years ago			`public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, IFileInfo file)`
file dl auth 6 years ago			`{`
Not a final solution,dealing with 403 status codes ... 5 years ago			`var parts = file.PhysicalPath.Split(Path.DirectorySeparatorChar);`
			`var cwd = Environment.CurrentDirectory.Split(Path.DirectorySeparatorChar).Length;`
[WIP] user file auth 6 years ago
allow anonymous on user files root 5 years ago
			`// below 3 parts behind cwd, no file name.`
			`if (parts.Length < cwd + 3) return FileAccessRight.None;`
code guidelines 5 years ago
			`var fileDir = string.Join("/", parts.Take(parts.Length - 1));`
implement predefined circles usage 5 years ago			`var fileName = parts[parts.Length - 1];`

Not a final solution,dealing with 403 status codes ... 5 years ago			`var cusername = user.GetUserName();`
[WIP] user file auth 6 years ago
Not a final solution,dealing with 403 status codes ... 5 years ago			`var funame = parts[cwd+1];`
implement predefined circles usage 5 years ago			`if (funame == cusername)`
code guidelines 5 years ago			`{`
			`return FileAccessRight.Read \| FileAccessRight.Write;`
			`}`
Not a final solution,dealing with 403 status codes ... 5 years ago
			`if (aclfileName == fileName)`
implement predefined circles usage 5 years ago			`return FileAccessRight.None;`

code guidelines 5 years ago			`ruleSetParser.Reset();`
implement predefined circles usage 5 years ago			`var cuserid = user.GetUserId();`
Not a final solution,dealing with 403 status codes ... 5 years ago
			`var fuserid = _dbContext.Users.SingleOrDefault(u => u.UserName == funame).Id;`
allow anonymous on user files root 5 years ago
Not a final solution,dealing with 403 status codes ... 5 years ago			`if (string.IsNullOrEmpty(fuserid)) return FileAccessRight.None;`
allow anonymous on user files root 5 years ago
implement predefined circles usage 5 years ago			`var circles = _dbContext.Circle.Include(mb => mb.Members).Where(c => c.OwnerId == fuserid).ToArray();`
			`foreach (var circle in circles)`
			`{`
			`if (circle.Members.Any(m => m.MemberId == cuserid))`
			`ruleSetParser.Definitions.Add(circle.Name, In);`
			`else ruleSetParser.Definitions.Add(circle.Name, Out);`
			`}`

Not a final solution,dealing with 403 status codes ... 5 years ago			`for (int dirlevel = parts.Length - 1; dirlevel > cwd + 1; dirlevel--)`
parse all available .access in the path 5 years ago			`{`
Not a final solution,dealing with 403 status codes ... 5 years ago			`fileDir = string.Join(Path.DirectorySeparatorChar.ToString(), parts.Take(dirlevel));`
			`var aclfin = Path.Combine(fileDir, aclfileName);`
			`var aclfi = new FileInfo(aclfin);`
parse all available .access in the path 5 years ago			`if (!aclfi.Exists) continue;`
			`ruleSetParser.ParseFile(aclfi.FullName);`
			`}`
code guidelines 5 years ago
Not a final solution,dealing with 403 status codes ... 5 years ago			`if (ruleSetParser.Rules.Allow(cusername))`
code guidelines 5 years ago			`{`
Not a final solution,dealing with 403 status codes ... 5 years ago			`return FileAccessRight.Read;`
[WIP] user file auth 6 years ago			`}`
Not a final solution,dealing with 403 status codes ... 5 years ago			`return FileAccessRight.None;`
allow anonymous on user files root 5 years ago			`// TODO default user scoped file access policy`
code guidelines 5 years ago
file dl auth 6 years ago			`}`

			`public string NormalizePath(string path)`
			`{`
			`throw new NotImplementedException();`
			`}`

			`public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)`
			`{`
			`throw new NotImplementedException();`
			`}`
			`}`
principalement du format de code 5 years ago			`}`