eegov/DepartmentProject
1
1
Fork 0
Code Issues 4 Pull Requests Packages Projects Releases Wiki Activity
525add0260
DepartmentProject/DepartmentPortal/Common/DatabaseCore/SecurityManager.cs
kotcheshir73 1e1896c68d 1. проверка целосности данных для админа 
2. смена типов доступа
3. вывод текстом типа доступа
2021-03-28 00:15:01 +04:00

125 lines
3.7 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using DatabaseCore.Models.Security;
using ModelTools.Enums;
using ModelTools.Interfaces;
using ModelTools.Models;
using SecurityBusinessLogic.BusinessLogics;
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace DatabaseCore
{
public class SecurityManager : ISecurityManager
{
public string ErrorMessage { get; set; }
public bool CheckAccess(SecurityManagerCheckAccessModel model)
{
using var context = DatabaseManager.GetContext;
Access access;
if (model != null)
{
// простой просмотр возможен
if (model.Model.SkipCheck && model.Type == AccessType.SimpleView)
{
return true;
}
// если не указан идентификатор пользователя, то смотрим, может он авторизован
if (!model.Model.UserId.HasValue && UserManager.GetInstance.User != null)
{
model.Model.UserId = UserManager.GetInstance.UserId;
}
var roles = context.UserRoles.Where(x => x.UserId == model.Model.UserId).Select(x => x.Role).OrderByDescending(x => x.RolePriority).ToList();
if (roles == null)
{
ErrorMessage = $"Не верный пользователь";
return false;
}
access = context.Accesses.FirstOrDefault(a => a.AccessOperation == model.Operation && roles.Contains(a.Role));
}
else
{
access = context.Accesses.FirstOrDefault(a => a.AccessOperation == model.Operation && UserManager.GetInstance.Roles.Contains(a.RoleId));
}
if (access != null)
{
if (access.AccessType >= model.Type) return true;
}
switch (model.Type)
{
case AccessType.FullView:
ErrorMessage = $"Нет доступа на чтение данных по сущности '{model.Entity}'";
return false;
case AccessType.Change:
ErrorMessage = $"Нет доступа на изменение данных по сущности '{model.Entity}'";
return false;
case AccessType.Delete:
ErrorMessage = $"Нет доступа на удаление данных по сущности '{model.Entity}'";
return false;
default:
ErrorMessage = $"Нет доступа по сущности '{model.Entity}'";
return false;
}
}
public void CheckStartDataSource()
{
using var context = DatabaseManager.GetContext;
using var transaction = context.Database.BeginTransaction();
var role = context.Roles.FirstOrDefault(x => x.RoleName == "Администратор");
if (role == null)
{
role = new Role
{
RoleName = "Администратор",
RolePriority = 100
};
context.Roles.Add(role);
context.SaveChanges();
}
var accesses = context.Accesses.Where(x => x.RoleId == role.Id);
foreach (AccessOperation operation in Enum.GetValues(typeof(AccessOperation)))
{
if (!accesses.Any(x => x.AccessOperation == operation && x.AccessType == AccessType.Delete))
{
context.Accesses.Add(new Access
{
AccessOperation = operation,
AccessType = AccessType.Delete,
RoleId = role.Id
});
}
}
context.SaveChanges();
var md5 = new MD5CryptoServiceProvider();
var user = context.Users.FirstOrDefault(x => x.UserName == "admin");
if (user == null)
{
user = new User
{
UserName = "admin",
PasswordHash = Encoding.ASCII.GetString(md5.ComputeHash(Encoding.ASCII.GetBytes("qwerty"))),
CountAttempt = 0
};
context.Users.Add(user);
context.SaveChanges();
}
var link = context.UserRoles.FirstOrDefault(x => x.RoleId == role.Id && x.UserId == user.Id);
if (link == null)
{
context.UserRoles.Add(new UserRole
{
RoleId = role.Id,
UserId = user.Id
});
context.SaveChanges();
}
transaction.Commit();
}
}
}
Reference in New Issue View Git Blame Copy Permalink