yavsc/src/Yavsc/Services/FileSystemAuthManager.cs

using System;
using System.Linq;
using System.Security.Principal;
using System.Security.Claims;
using Yavsc.Models;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.OptionsModel;
using System.IO;
using rules;
using Microsoft.Data.Entity;

namespace Yavsc.Services
{
    public class FileSystemAuthManager : IFileSystemAuthManager
    {
        class BelongsToCircle : UserMatch
        {
            public override bool Match(string userId)
            {
                return true;
            }
        }
        class OutOfCircle : UserMatch
        {
            public override bool Match(string userId)
            {
                return false;
            }
        }
        UserMatch Out = new OutOfCircle();
        UserMatch In = new BelongsToCircle();

        readonly ApplicationDbContext _dbContext;
        readonly ILogger _logger;

        readonly SiteSettings SiteSettings;

        readonly string aclfileName;

        readonly RuleSetParser ruleSetParser;

        public FileSystemAuthManager(ApplicationDbContext dbContext, ILoggerFactory loggerFactory,
            IOptions<SiteSettings> sitesOptions)
        {
            _dbContext = dbContext;
            _logger = loggerFactory.CreateLogger<FileSystemAuthManager>();
            SiteSettings = sitesOptions.Value;
            aclfileName = SiteSettings.AccessListFileName;
            ruleSetParser = new RuleSetParser(true);
        }

        public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath)
        {

            // Assert (normalizedFullPath!=null)
            var parts = normalizedFullPath.Split('/');

            // below 4 parts, no file name.
            if (parts.Length < 4) return FileAccessRight.None;

            var fileDir = string.Join("/", parts.Take(parts.Length - 1));
            var fileName = parts[parts.Length - 1];


            var firstFileNamePart = parts[3];
            if (firstFileNamePart == "pub" && aclfileName != fileName)
            {
                _logger.LogInformation("Serving public file.");
                return FileAccessRight.Read;
            }
            if (user == null) return FileAccessRight.None;

            var funame = parts[2];
            var cusername = user.GetUserName();
            if (funame == cusername)
            {
                _logger.LogInformation("Serving file to owner.");
                return FileAccessRight.Read | FileAccessRight.Write;
            }
            if (aclfileName == fileName) 
                return FileAccessRight.None;
                
            _logger.LogInformation($"Access to {normalizedFullPath} for {cusername}");

            ruleSetParser.Reset();
            var cuserid = user.GetUserId();
            var fuserid = _dbContext.Users.Single(u => u.UserName == funame).Id;
            var circles = _dbContext.Circle.Include(mb => mb.Members).Where(c => c.OwnerId == fuserid).ToArray();
            foreach (var circle in circles)
            {
                if (circle.Members.Any(m => m.MemberId == cuserid))
                    ruleSetParser.Definitions.Add(circle.Name, In);
                else ruleSetParser.Definitions.Add(circle.Name, Out);
            }

            // _dbContext.Circle.Select(c => c.OwnerId == )
            for (int dirlevel = parts.Length - 1; dirlevel>0; dirlevel--)
            {
                var aclfi = new FileInfo(Path.Combine(Environment.CurrentDirectory, fileDir, aclfileName));
                if (!aclfi.Exists) continue;
                ruleSetParser.ParseFile(aclfi.FullName);
            }
            // TODO default user scoped file access policy
           
            if (ruleSetParser.Rules.Allow(user.GetUserName()))
                return FileAccessRight.Read;

            var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).Distinct().ToArray();

            var uclString = string.Join(",", ucl);
            _logger.LogInformation($"{uclString} ");
            foreach (
                var cid in ucl
            )
            {
                var ok = _dbContext.CircleAuthorizationToFile.Any(a => a.CircleId == cid && a.FullPath == fileDir);
                if (ok) return FileAccessRight.Read;
            }

            return FileAccessRight.None;
        }

        public string NormalizePath(string path)
        {
            throw new NotImplementedException();
        }

        public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)
        {
            throw new NotImplementedException();
        }
    }
}
file dl auth 6 years ago			`using System;`
			`using System.Linq;`
			`using System.Security.Principal;`
			`using System.Security.Claims;`
			`using Yavsc.Models;`
[WIP] user file auth 6 years ago			`using Microsoft.Extensions.Logging;`
code guidelines 5 years ago			`using Microsoft.Extensions.OptionsModel;`
			`using System.IO;`
			`using rules;`
implement predefined circles usage 5 years ago			`using Microsoft.Data.Entity;`
file dl auth 6 years ago
			`namespace Yavsc.Services`
			`{`
			`public class FileSystemAuthManager : IFileSystemAuthManager`
			`{`
implement predefined circles usage 5 years ago			`class BelongsToCircle : UserMatch`
			`{`
			`public override bool Match(string userId)`
			`{`
			`return true;`
			`}`
			`}`
			`class OutOfCircle : UserMatch`
			`{`
			`public override bool Match(string userId)`
			`{`
			`return false;`
			`}`
			`}`
			`UserMatch Out = new OutOfCircle();`
			`UserMatch In = new BelongsToCircle();`

principalement du format de code 5 years ago			`readonly ApplicationDbContext _dbContext;`
			`readonly ILogger _logger;`
file dl auth 6 years ago
code guidelines 5 years ago			`readonly SiteSettings SiteSettings;`

			`readonly string aclfileName;`

			`readonly RuleSetParser ruleSetParser;`

			`public FileSystemAuthManager(ApplicationDbContext dbContext, ILoggerFactory loggerFactory,`
			`IOptions<SiteSettings> sitesOptions)`
file dl auth 6 years ago			`{`
			`_dbContext = dbContext;`
[WIP] user file auth 6 years ago			`_logger = loggerFactory.CreateLogger<FileSystemAuthManager>();`
code guidelines 5 years ago			`SiteSettings = sitesOptions.Value;`
			`aclfileName = SiteSettings.AccessListFileName;`
			`ruleSetParser = new RuleSetParser(true);`
file dl auth 6 years ago			`}`

			`public FileAccessRight GetFilePathAccess(ClaimsPrincipal user, string normalizedFullPath)`
			`{`
[WIP] user file auth 6 years ago
file dl auth 6 years ago			`// Assert (normalizedFullPath!=null)`
			`var parts = normalizedFullPath.Split('/');`

publish those public files found under the first 'pub' subdir 6 years ago			`// below 4 parts, no file name.`
code guidelines 5 years ago			`if (parts.Length < 4) return FileAccessRight.None;`

			`var fileDir = string.Join("/", parts.Take(parts.Length - 1));`
implement predefined circles usage 5 years ago			`var fileName = parts[parts.Length - 1];`

[WIP] user file auth 6 years ago
publish those public files found under the first 'pub' subdir 6 years ago			`var firstFileNamePart = parts[3];`
implement predefined circles usage 5 years ago			`if (firstFileNamePart == "pub" && aclfileName != fileName)`
code guidelines 5 years ago			`{`
			`_logger.LogInformation("Serving public file.");`
			`return FileAccessRight.Read;`
			`}`
implement predefined circles usage 5 years ago			`if (user == null) return FileAccessRight.None;`
publish those public files found under the first 'pub' subdir 6 years ago
			`var funame = parts[2];`
implement predefined circles usage 5 years ago			`var cusername = user.GetUserName();`
			`if (funame == cusername)`
code guidelines 5 years ago			`{`
			`_logger.LogInformation("Serving file to owner.");`
			`return FileAccessRight.Read \| FileAccessRight.Write;`
			`}`
implement predefined circles usage 5 years ago			`if (aclfileName == fileName)`
			`return FileAccessRight.None;`

			`_logger.LogInformation($"Access to {normalizedFullPath} for {cusername}");`

code guidelines 5 years ago			`ruleSetParser.Reset();`
implement predefined circles usage 5 years ago			`var cuserid = user.GetUserId();`
			`var fuserid = _dbContext.Users.Single(u => u.UserName == funame).Id;`
			`var circles = _dbContext.Circle.Include(mb => mb.Members).Where(c => c.OwnerId == fuserid).ToArray();`
			`foreach (var circle in circles)`
			`{`
			`if (circle.Members.Any(m => m.MemberId == cuserid))`
			`ruleSetParser.Definitions.Add(circle.Name, In);`
			`else ruleSetParser.Definitions.Add(circle.Name, Out);`
			`}`

			`// _dbContext.Circle.Select(c => c.OwnerId == )`
parse all available .access in the path 5 years ago			`for (int dirlevel = parts.Length - 1; dirlevel>0; dirlevel--)`
			`{`
			`var aclfi = new FileInfo(Path.Combine(Environment.CurrentDirectory, fileDir, aclfileName));`
			`if (!aclfi.Exists) continue;`
			`ruleSetParser.ParseFile(aclfi.FullName);`
			`}`
			`// TODO default user scoped file access policy`

code guidelines 5 years ago			`if (ruleSetParser.Rules.Allow(user.GetUserName()))`
			`return FileAccessRight.Read;`
file dl auth 6 years ago
[WIP] user file auth 6 years ago			`var ucl = user.Claims.Where(c => c.Type == YavscClaimTypes.CircleMembership).Select(c => long.Parse(c.Value)).Distinct().ToArray();`
code guidelines 5 years ago
[WIP] user file auth 6 years ago			`var uclString = string.Join(",", ucl);`
			`_logger.LogInformation($"{uclString} ");`
			`foreach (`
			`var cid in ucl`
code guidelines 5 years ago			`)`
			`{`
			`var ok = _dbContext.CircleAuthorizationToFile.Any(a => a.CircleId == cid && a.FullPath == fileDir);`
[WIP] user file auth 6 years ago			`if (ok) return FileAccessRight.Read;`
			`}`
code guidelines 5 years ago
file dl auth 6 years ago			`return FileAccessRight.None;`
			`}`

			`public string NormalizePath(string path)`
			`{`
			`throw new NotImplementedException();`
			`}`

			`public void SetAccess(long circleId, string normalizedFullPath, FileAccessRight access)`
			`{`
			`throw new NotImplementedException();`
			`}`
			`}`
principalement du format de code 5 years ago			`}`