From c6183ccafb603b8de0d815e4382ac92e995139f6 Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Sun, 11 Oct 2020 01:45:45 +0100 Subject: [PATCH] parse all available .access in the path --- src/Yavsc/Services/FileSystemAuthManager.cs | 12 ++++++++---- src/Yavsc/Startup/Startup.OAuthHelpers.cs | 8 +++++--- 2 files changed, 13 insertions(+), 7 deletions(-) diff --git a/src/Yavsc/Services/FileSystemAuthManager.cs b/src/Yavsc/Services/FileSystemAuthManager.cs index 5c9b96a9..5d808736 100644 --- a/src/Yavsc/Services/FileSystemAuthManager.cs +++ b/src/Yavsc/Services/FileSystemAuthManager.cs @@ -57,11 +57,15 @@ namespace Yavsc.Services _logger.LogInformation("Serving file to owner."); return FileAccessRight.Read | FileAccessRight.Write; } - var aclfi = new FileInfo(Path.Combine(Environment.CurrentDirectory, fileDir, aclfileName)); - // TODO default user scoped file access policy - if (!aclfi.Exists) return FileAccessRight.Read; ruleSetParser.Reset(); - ruleSetParser.ParseFile(aclfi.FullName); + for (int dirlevel = parts.Length - 1; dirlevel>0; dirlevel--) + { + var aclfi = new FileInfo(Path.Combine(Environment.CurrentDirectory, fileDir, aclfileName)); + if (!aclfi.Exists) continue; + ruleSetParser.ParseFile(aclfi.FullName); + } + // TODO default user scoped file access policy + if (ruleSetParser.Rules.Allow(user.GetUserName())) return FileAccessRight.Read; diff --git a/src/Yavsc/Startup/Startup.OAuthHelpers.cs b/src/Yavsc/Startup/Startup.OAuthHelpers.cs index ef9ad67b..af1cdd42 100644 --- a/src/Yavsc/Startup/Startup.OAuthHelpers.cs +++ b/src/Yavsc/Startup/Startup.OAuthHelpers.cs @@ -105,9 +105,11 @@ namespace Yavsc var claims = new List( context.Scope.Select(x => new Claim("urn:oauth:scope", x)) - ); - claims.Add(new Claim(ClaimTypes.NameIdentifier, user.Id)); - claims.Add(new Claim(ClaimTypes.Email, user.Email)); + ) + { + new Claim(ClaimTypes.NameIdentifier, user.Id), + new Claim(ClaimTypes.Email, user.Email) + }; claims.AddRange((await _usermanager.GetRolesAsync(user)).Select( r => new Claim(ClaimTypes.Role, r) ));