using System; using System.IO; using System.Security.Claims; using Microsoft.AspNet.Authorization; using Yavsc.Models; using Yavsc.Models.Booking; using Yavsc.ViewModels.Auth; namespace Yavsc { public class FileSpotInfo : IAuthorizationRequirement { public DirectoryInfo PathInfo { get; private set; } public FileSpotInfo(string path, Blog b) { PathInfo = new DirectoryInfo(path); AuthorId = b.AuthorId; BlogEntryId = b.Id; } public string AuthorId { get; private set; } public long BlogEntryId { get; private set; } } public class ViewRequirement : IAuthorizationRequirement { public ViewRequirement() { } } public class BlogEditHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, EditRequirement requirement, Blog resource) { if (context.User.IsInRole(Constants.BlogModeratorGroupName)) context.Succeed(requirement); else if (context.User.Identity.IsAuthenticated) if (resource.AuthorId == context.User.GetUserId()) context.Succeed(requirement); } } public class PostUserFileHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, EditRequirement requirement, FileSpotInfo resource) { if (context.User.IsInRole(Constants.BlogModeratorGroupName) || context.User.IsInRole(Constants.AdminGroupName)) context.Succeed(requirement); if (!context.User.Identity.IsAuthenticated) context.Fail(); if (resource.AuthorId == context.User.GetUserId()) context.Succeed(requirement); else context.Fail(); } } public class ViewFileHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, ViewRequirement requirement, ViewFileContext fileContext) { // TODO file access rules if (fileContext.Path.StartsWith("/pub/")) context.Succeed(requirement); else { context.Succeed(requirement); } } } public class CommandViewHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, ViewRequirement requirement, BookQuery resource) { if (context.User.IsInRole("FrontOffice")) context.Succeed(requirement); else if (context.User.Identity.IsAuthenticated) if (resource.ClientId == context.User.GetUserId()) context.Succeed(requirement); else if (resource.PerformerId == context.User.GetUserId()) context.Succeed(requirement); } } public class CommandEditHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, EditRequirement requirement, BookQuery resource) { if (context.User.IsInRole("FrontOffice")) context.Succeed(requirement); else if (context.User.Identity.IsAuthenticated) if (resource.ClientId == context.User.GetUserId()) context.Succeed(requirement); } } public class HasTemporaryPassHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement) { if (!context.User.HasClaim(c => c.Type == "TemporaryBadgeExpiry" && c.Issuer == Startup.Authority)) { return; } var temporaryBadgeExpiry = Convert.ToDateTime(context.User.FindFirst( c => c.Type == "TemporaryBadgeExpiry" && c.Issuer == Startup.Authority).Value); if (temporaryBadgeExpiry > DateTime.Now) { context.Succeed(requirement); } } } public class HasBadgeHandler : AuthorizationHandler { protected override void Handle(AuthorizationContext context, PrivateChatEntryRequirement requirement) { if (!context.User.HasClaim(c => c.Type == "BadgeNumber" && c.Issuer == Startup.Authority)) { return; } context.Succeed(requirement); } } }