70 lines
1.8 KiB
C#
70 lines
1.8 KiB
C#
// Copyright Epic Games, Inc. All Rights Reserved.
|
|
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Threading.Tasks;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.Extensions.Options;
|
|
|
|
namespace Jupiter
|
|
{
|
|
public class GlobalAccessRequest
|
|
{
|
|
public JupiterAclAction[] Actions { get; init; } = Array.Empty<JupiterAclAction>();
|
|
}
|
|
|
|
/// <summary>
|
|
/// Verifies that you have access to acl actions that are not tied to a namespace
|
|
/// </summary>
|
|
public class GlobalAuthorizationHandler : AuthorizationHandler<GlobalAccessRequirement, GlobalAccessRequest>
|
|
{
|
|
private readonly IOptionsMonitor<AuthSettings> _authSettings;
|
|
|
|
public GlobalAuthorizationHandler(IOptionsMonitor<AuthSettings> authSettings)
|
|
{
|
|
_authSettings = authSettings;
|
|
}
|
|
|
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, GlobalAccessRequirement requirement,
|
|
GlobalAccessRequest accessRequest)
|
|
{
|
|
if (accessRequest.Actions.Length == 0)
|
|
{
|
|
throw new Exception("At least 1 AclAction has to be specified for the namespace access request");
|
|
}
|
|
|
|
if (!_authSettings.CurrentValue.Enabled)
|
|
{
|
|
context.Succeed(requirement);
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
List<JupiterAclAction> allowedActions = new List<JupiterAclAction>();
|
|
foreach (AclEntry acl in _authSettings.CurrentValue.Acls)
|
|
{
|
|
allowedActions.AddRange(acl.Resolve(context));
|
|
}
|
|
|
|
bool haveAccessToActions = true;
|
|
foreach (JupiterAclAction requiredAction in accessRequest.Actions)
|
|
{
|
|
if (!allowedActions.Contains(requiredAction))
|
|
{
|
|
haveAccessToActions = false;
|
|
}
|
|
}
|
|
if (haveAccessToActions)
|
|
{
|
|
context.Succeed(requirement);
|
|
}
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|
|
|
|
public class GlobalAccessRequirement : IAuthorizationRequirement
|
|
{
|
|
public const string Name = "GlobalAccess";
|
|
}
|
|
}
|