├── .gitattributes ├── .gitignore ├── DataAuthWebApp ├── Areas │ └── Identity │ │ └── Pages │ │ └── _ViewStart.cshtml ├── Controllers │ ├── HomeController.cs │ ├── PersonalController.cs │ ├── StockController.cs │ └── UsersController.cs ├── Data │ └── ApplicationDbContext.cs ├── DataAuthWebApp.csproj ├── DataCookieValidate.cs ├── DisplayCode │ ├── HomePageDto.cs │ ├── ListRoles.cs │ ├── ListUsers.cs │ ├── RolesListDto.cs │ └── UserListDto.cs ├── Models │ └── ErrorViewModel.cs ├── Program.cs ├── Properties │ └── launchSettings.json ├── Startup.cs ├── Views │ ├── Home │ │ ├── About.cshtml │ │ ├── Contact.cshtml │ │ ├── Index.cshtml │ │ └── Privacy.cshtml │ ├── Personal │ │ ├── Create.cshtml │ │ ├── Edit.cshtml │ │ └── Index.cshtml │ ├── Shared │ │ ├── Error.cshtml │ │ ├── _CookieConsentPartial.cshtml │ │ ├── _Layout.cshtml │ │ ├── _LoginPartial.cshtml │ │ └── _ValidationScriptsPartial.cshtml │ ├── Stock │ │ └── Index.cshtml │ ├── Users │ │ ├── Index.cshtml │ │ ├── List.cshtml │ │ ├── Permissions.cshtml │ │ └── Roles.cshtml │ ├── _ViewImports.cshtml │ └── _ViewStart.cshtml ├── appsettings.Development.json ├── appsettings.json └── wwwroot │ ├── SeedData │ ├── rolestopermissions.json │ └── userinfo.json │ ├── css │ ├── site.css │ └── site.min.css │ ├── favicon.ico │ ├── images │ ├── banner1.svg │ ├── banner2.svg │ └── banner3.svg │ ├── js │ ├── site.js │ └── site.min.js │ └── lib │ ├── bootstrap │ ├── .bower.json │ ├── LICENSE │ └── dist │ │ ├── css │ │ ├── bootstrap-theme.css │ │ ├── bootstrap-theme.css.map │ │ ├── bootstrap-theme.min.css │ │ ├── bootstrap-theme.min.css.map │ │ ├── bootstrap.css │ │ ├── bootstrap.css.map │ │ ├── bootstrap.min.css │ │ └── bootstrap.min.css.map │ │ ├── fonts │ │ ├── glyphicons-halflings-regular.eot │ │ ├── glyphicons-halflings-regular.svg │ │ ├── glyphicons-halflings-regular.ttf │ │ ├── glyphicons-halflings-regular.woff │ │ └── glyphicons-halflings-regular.woff2 │ │ └── js │ │ ├── bootstrap.js │ │ ├── bootstrap.min.js │ │ └── npm.js │ ├── jquery-validation-unobtrusive │ ├── .bower.json │ ├── LICENSE.txt │ ├── jquery.validate.unobtrusive.js │ └── jquery.validate.unobtrusive.min.js │ ├── jquery-validation │ ├── .bower.json │ ├── LICENSE.md │ └── dist │ │ ├── additional-methods.js │ │ ├── additional-methods.min.js │ │ ├── jquery.validate.js │ │ └── jquery.validate.min.js │ └── jquery │ ├── .bower.json │ ├── LICENSE.txt │ └── dist │ ├── jquery.js │ ├── jquery.min.js │ └── jquery.min.map ├── DataAuthorize ├── DataAuthorize.csproj ├── DummyClaimsFromUser.cs ├── GetClaimsFromUser.cs ├── IGetClaimsProvider.cs ├── IOwnedBy.cs ├── IShopKey.cs ├── OwnedByBase.cs └── OwnedByExtensions.cs ├── DataLayer ├── DataLayer.csproj ├── EfClasses │ ├── AuthClasses │ │ ├── ModulesForUser.cs │ │ └── RoleToPermissions.cs │ ├── BusinessClasses │ │ └── PersonalData.cs │ └── MultiTenantClasses │ │ ├── MultiTenantUser.cs │ │ ├── Shop.cs │ │ └── StockInfo.cs └── EfCode │ ├── ExtraAuthorizeDbContext.cs │ ├── MultiTenantDbContext.cs │ └── PersonalDbContext.cs ├── LICENSE ├── PermissionAccessControl.sln ├── PermissionAccessControlHomePage.png ├── PermissionParts ├── LinkedToModuleAttribute.cs ├── PaidForModules.cs ├── PermissionChecker.cs ├── PermissionDisplay.cs ├── PermissionPackers.cs ├── PermissionParts.csproj └── Permissions.cs ├── README.md ├── RolesToPermission ├── AuthorizationPolicyProvider.cs ├── CalcAllowedPermissions.cs ├── HasPermissionAttribute.cs ├── PermissionConstants.cs ├── PermissionExtensions.cs ├── PermissionHandler.cs ├── PermissionRequirement.cs └── RolesToPermission.csproj ├── StartupCode ├── StartupCode.csproj ├── StartupExtensions.cs └── UserInfoJson.cs ├── Test ├── Mocks │ └── MockGetClaimsProvider.cs ├── Test.csproj └── UnitTests │ ├── TestAuthorizationPolicyPerformance.cs │ └── TestMultiTenantDbContext.cs └── TestWebApp ├── AddPermissionsToUserClaims.cs ├── Areas └── Identity │ └── Pages │ └── _ViewStart.cshtml ├── AuthCookieValidate.cs ├── Controllers ├── ColorController.cs ├── ColorRoleController.cs ├── Feature1Controller.cs ├── HomeController.cs └── UsersController.cs ├── Data ├── ApplicationDbContext.cs └── Migrations │ ├── 00000000000000_CreateIdentitySchema.Designer.cs │ ├── 00000000000000_CreateIdentitySchema.cs │ └── ApplicationDbContextModelSnapshot.cs ├── DisplayCode ├── HomePageDto.cs ├── ListRoles.cs ├── ListUsers.cs ├── RolesListDto.cs └── UserListDto.cs ├── Models └── ErrorViewModel.cs ├── Program.cs ├── Properties └── launchSettings.json ├── Startup.cs ├── TestWebApp.csproj ├── Views ├── Color │ ├── Create.cshtml │ └── Index.cshtml ├── ColorRole │ ├── Create.cshtml │ └── Index.cshtml ├── Feature1 │ └── Index.cshtml ├── Home │ ├── About.cshtml │ ├── Contact.cshtml │ ├── Index.cshtml │ └── Privacy.cshtml ├── Shared │ ├── Error.cshtml │ ├── _CookieConsentPartial.cshtml │ ├── _Layout.cshtml │ ├── _LoginPartial.cshtml │ └── _ValidationScriptsPartial.cshtml ├── Users │ ├── Index.cshtml │ ├── List.cshtml │ ├── Permissions.cshtml │ └── Roles.cshtml ├── _ViewImports.cshtml └── _ViewStart.cshtml ├── appsettings.Development.json ├── appsettings.json └── wwwroot ├── SeedData ├── rolestopermissions.json └── userinfo.json ├── css ├── site.css └── site.min.css ├── favicon.ico ├── images ├── banner1.svg ├── banner2.svg └── banner3.svg ├── js ├── site.js └── site.min.js └── lib ├── bootstrap ├── .bower.json ├── LICENSE └── dist │ ├── css │ ├── bootstrap-theme.css │ ├── bootstrap-theme.css.map │ ├── bootstrap-theme.min.css │ ├── bootstrap-theme.min.css.map │ ├── bootstrap.css │ ├── bootstrap.css.map │ ├── bootstrap.min.css │ └── bootstrap.min.css.map │ ├── fonts │ ├── glyphicons-halflings-regular.eot │ ├── glyphicons-halflings-regular.svg │ ├── glyphicons-halflings-regular.ttf │ ├── glyphicons-halflings-regular.woff │ └── glyphicons-halflings-regular.woff2 │ └── js │ ├── bootstrap.js │ ├── bootstrap.min.js │ └── npm.js ├── jquery-validation-unobtrusive ├── .bower.json ├── LICENSE.txt ├── jquery.validate.unobtrusive.js └── jquery.validate.unobtrusive.min.js ├── jquery-validation ├── .bower.json ├── LICENSE.md └── dist │ ├── additional-methods.js │ ├── additional-methods.min.js │ ├── jquery.validate.js │ └── jquery.validate.min.js └── jquery ├── .bower.json ├── LICENSE.txt └── dist ├── jquery.js ├── jquery.min.js └── jquery.min.map /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | x64/ 19 | x86/ 20 | bld/ 21 | [Bb]in/ 22 | [Oo]bj/ 23 | [Ll]og/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | # Uncomment if you have tasks that create the project's static files in wwwroot 28 | #wwwroot/ 29 | 30 | # MSTest test Results 31 | [Tt]est[Rr]esult*/ 32 | [Bb]uild[Ll]og.* 33 | 34 | # NUNIT 35 | *.VisualState.xml 36 | TestResult.xml 37 | 38 | # Build Results of an ATL Project 39 | [Dd]ebugPS/ 40 | [Rr]eleasePS/ 41 | dlldata.c 42 | 43 | # DNX 44 | project.lock.json 45 | project.fragment.lock.json 46 | artifacts/ 47 | 48 | *_i.c 49 | *_p.c 50 | *_i.h 51 | *.ilk 52 | *.meta 53 | *.obj 54 | *.pch 55 | *.pdb 56 | *.pgc 57 | *.pgd 58 | *.rsp 59 | *.sbr 60 | *.tlb 61 | *.tli 62 | *.tlh 63 | *.tmp 64 | *.tmp_proj 65 | *.log 66 | *.vspscc 67 | *.vssscc 68 | .builds 69 | *.pidb 70 | *.svclog 71 | *.scc 72 | 73 | # Chutzpah Test files 74 | _Chutzpah* 75 | 76 | # Visual C++ cache files 77 | ipch/ 78 | *.aps 79 | *.ncb 80 | *.opendb 81 | *.opensdf 82 | *.sdf 83 | *.cachefile 84 | *.VC.db 85 | *.VC.VC.opendb 86 | 87 | # Visual Studio profiler 88 | *.psess 89 | *.vsp 90 | *.vspx 91 | *.sap 92 | 93 | # TFS 2012 Local Workspace 94 | $tf/ 95 | 96 | # Guidance Automation Toolkit 97 | *.gpState 98 | 99 | # ReSharper is a .NET coding add-in 100 | _ReSharper*/ 101 | *.[Rr]e[Ss]harper 102 | *.DotSettings.user 103 | 104 | # JustCode is a .NET coding add-in 105 | .JustCode 106 | 107 | # TeamCity is a build add-in 108 | _TeamCity* 109 | 110 | # DotCover is a Code Coverage Tool 111 | *.dotCover 112 | 113 | # NCrunch 114 | _NCrunch_* 115 | .*crunch*.local.xml 116 | nCrunchTemp_* 117 | 118 | # MightyMoose 119 | *.mm.* 120 | AutoTest.Net/ 121 | 122 | # Web workbench (sass) 123 | .sass-cache/ 124 | 125 | # Installshield output folder 126 | [Ee]xpress/ 127 | 128 | # DocProject is a documentation generator add-in 129 | DocProject/buildhelp/ 130 | DocProject/Help/*.HxT 131 | DocProject/Help/*.HxC 132 | DocProject/Help/*.hhc 133 | DocProject/Help/*.hhk 134 | DocProject/Help/*.hhp 135 | DocProject/Help/Html2 136 | DocProject/Help/html 137 | 138 | # Click-Once directory 139 | publish/ 140 | 141 | # Publish Web Output 142 | *.[Pp]ublish.xml 143 | *.azurePubxml 144 | # TODO: Comment the next line if you want to checkin your web deploy settings 145 | # but database connection strings (with potential passwords) will be unencrypted 146 | #*.pubxml 147 | *.publishproj 148 | 149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 150 | # checkin your Azure Web App publish settings, but sensitive information contained 151 | # in these scripts will be unencrypted 152 | PublishScripts/ 153 | 154 | # NuGet Packages 155 | *.nupkg 156 | # The packages folder can be ignored because of Package Restore 157 | **/packages/* 158 | # except build/, which is used as an MSBuild target. 159 | !**/packages/build/ 160 | # Uncomment if necessary however generally it will be regenerated when needed 161 | #!**/packages/repositories.config 162 | # NuGet v3's project.json files produces more ignoreable files 163 | *.nuget.props 164 | *.nuget.targets 165 | 166 | # Microsoft Azure Build Output 167 | csx/ 168 | *.build.csdef 169 | 170 | # Microsoft Azure Emulator 171 | ecf/ 172 | rcf/ 173 | 174 | # Windows Store app package directories and files 175 | AppPackages/ 176 | BundleArtifacts/ 177 | Package.StoreAssociation.xml 178 | _pkginfo.txt 179 | 180 | # Visual Studio cache files 181 | # files ending in .cache can be ignored 182 | *.[Cc]ache 183 | # but keep track of directories ending in .cache 184 | !*.[Cc]ache/ 185 | 186 | # Others 187 | ClientBin/ 188 | ~$* 189 | *~ 190 | *.dbmdl 191 | *.dbproj.schemaview 192 | *.jfm 193 | *.pfx 194 | *.publishsettings 195 | node_modules/ 196 | orleans.codegen.cs 197 | 198 | # Since there are multiple workflows, uncomment next line to ignore bower_components 199 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 200 | #bower_components/ 201 | 202 | # RIA/Silverlight projects 203 | Generated_Code/ 204 | 205 | # Backup & report files from converting an old project file 206 | # to a newer Visual Studio version. Backup files are not needed, 207 | # because we have git ;-) 208 | _UpgradeReport_Files/ 209 | Backup*/ 210 | UpgradeLog*.XML 211 | UpgradeLog*.htm 212 | 213 | # SQL Server files 214 | *.mdf 215 | *.ldf 216 | 217 | # Business Intelligence projects 218 | *.rdl.data 219 | *.bim.layout 220 | *.bim_*.settings 221 | 222 | # Microsoft Fakes 223 | FakesAssemblies/ 224 | 225 | # GhostDoc plugin setting file 226 | *.GhostDoc.xml 227 | 228 | # Node.js Tools for Visual Studio 229 | .ntvs_analysis.dat 230 | 231 | # Visual Studio 6 build log 232 | *.plg 233 | 234 | # Visual Studio 6 workspace options file 235 | *.opt 236 | 237 | # Visual Studio LightSwitch build output 238 | **/*.HTMLClient/GeneratedArtifacts 239 | **/*.DesktopClient/GeneratedArtifacts 240 | **/*.DesktopClient/ModelManifest.xml 241 | **/*.Server/GeneratedArtifacts 242 | **/*.Server/ModelManifest.xml 243 | _Pvt_Extensions 244 | 245 | # Paket dependency manager 246 | .paket/paket.exe 247 | paket-files/ 248 | 249 | # FAKE - F# Make 250 | .fake/ 251 | 252 | # JetBrains Rider 253 | .idea/ 254 | *.sln.iml 255 | 256 | # CodeRush 257 | .cr/ 258 | 259 | # Python Tools for Visual Studio (PTVS) 260 | __pycache__/ 261 | *.pyc -------------------------------------------------------------------------------- /DataAuthWebApp/Areas/Identity/Pages/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "/Views/Shared/_Layout.cshtml"; 3 | } 4 | -------------------------------------------------------------------------------- /DataAuthWebApp/Controllers/HomeController.cs: -------------------------------------------------------------------------------- 1 | using System.Diagnostics; 2 | using System.Linq; 3 | using DataAuthWebApp.Data; 4 | using DataAuthWebApp.DisplayCode; 5 | using Microsoft.AspNetCore.Mvc; 6 | using DataAuthWebApp.Models; 7 | using DataLayer.EfCode; 8 | 9 | namespace DataAuthWebApp.Controllers 10 | { 11 | public class HomeController : Controller 12 | { 13 | public IActionResult Index([FromServices]ApplicationDbContext applicationDbContext, 14 | [FromServices] MultiTenantDbContext extraAuthorizeDbContext) 15 | { 16 | var userLister = new ListUsers(applicationDbContext, extraAuthorizeDbContext); 17 | 18 | return View(userLister.ListUserWithRolesAndModules()); 19 | } 20 | 21 | public IActionResult About() 22 | { 23 | ViewData["Message"] = "Your application description page."; 24 | 25 | return View(); 26 | } 27 | 28 | public IActionResult Contact() 29 | { 30 | ViewData["Message"] = "Your contact page."; 31 | 32 | return View(); 33 | } 34 | 35 | public IActionResult Privacy() 36 | { 37 | return View(); 38 | } 39 | 40 | [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] 41 | public IActionResult Error() 42 | { 43 | return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /DataAuthWebApp/Controllers/PersonalController.cs: -------------------------------------------------------------------------------- 1 | using System.Linq; 2 | using DataLayer.EfClasses.BusinessClasses; 3 | using DataLayer.EfCode; 4 | using Microsoft.AspNetCore.Http; 5 | using Microsoft.AspNetCore.Mvc; 6 | 7 | namespace DataAuthWebApp.Controllers 8 | { 9 | public class PersonalController : Controller 10 | { 11 | private readonly PersonalDbContext _context; 12 | 13 | public PersonalController(PersonalDbContext context) 14 | { 15 | _context = context; 16 | } 17 | 18 | // GET: Personal 19 | public ActionResult Index() 20 | { 21 | return View(_context.PersonalDatas.FirstOrDefault()); 22 | } 23 | 24 | 25 | // GET: Personal/Create 26 | public ActionResult Create() 27 | { 28 | if (_context.PersonalDatas.FirstOrDefault() != null) 29 | return RedirectToAction(nameof(Edit)); 30 | 31 | return View(); 32 | } 33 | 34 | // POST: Personal/Create 35 | [HttpPost] 36 | [ValidateAntiForgeryToken] 37 | public ActionResult Create(IFormCollection collection) 38 | { 39 | try 40 | { 41 | var entity = new PersonalData {SecretToYou = collection[nameof(PersonalData.SecretToYou)]}; 42 | _context.Add(entity); 43 | _context.SaveChanges(); 44 | 45 | return RedirectToAction(nameof(Index)); 46 | } 47 | catch 48 | { 49 | return View(); 50 | } 51 | } 52 | 53 | // GET: Personal/Edit/5 54 | public ActionResult Edit() 55 | { 56 | var entity = _context.PersonalDatas.FirstOrDefault(); 57 | if (entity == null) 58 | return RedirectToAction(nameof(Create)); 59 | 60 | return View(entity); 61 | } 62 | 63 | // POST: Personal/Edit/5 64 | [HttpPost] 65 | [ValidateAntiForgeryToken] 66 | public ActionResult Edit(IFormCollection collection) 67 | { 68 | try 69 | { 70 | var entity = _context.PersonalDatas.First(); 71 | entity.SecretToYou = collection[nameof(PersonalData.SecretToYou)]; 72 | _context.SaveChanges(); 73 | 74 | return RedirectToAction(nameof(Index)); 75 | } 76 | catch 77 | { 78 | return View(); 79 | } 80 | } 81 | 82 | // GET: Personal/Delete/5 83 | public ActionResult Delete() 84 | { 85 | var entity = _context.PersonalDatas.FirstOrDefault(); 86 | if (entity != null) 87 | { 88 | _context.Remove(entity); 89 | _context.SaveChanges(); 90 | } 91 | 92 | return RedirectToAction(nameof(Index)); 93 | } 94 | 95 | 96 | } 97 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Controllers/StockController.cs: -------------------------------------------------------------------------------- 1 | using System.Linq; 2 | using DataLayer.EfCode; 3 | using Microsoft.AspNetCore.Mvc; 4 | using Microsoft.EntityFrameworkCore; 5 | 6 | namespace DataAuthWebApp.Controllers 7 | { 8 | public class StockController : Controller 9 | { 10 | private readonly MultiTenantDbContext _context; 11 | 12 | public StockController(MultiTenantDbContext context) 13 | {_context = context; 14 | } 15 | 16 | 17 | // GET: Stock 18 | public ActionResult Index() 19 | { 20 | var stock = _context.CurrentStock.Include(x => x.AtShop).ToList(); 21 | return View(stock); 22 | } 23 | 24 | //// GET: Stock/Details/5 25 | //public ActionResult Details(int id) 26 | //{ 27 | // return View(); 28 | //} 29 | 30 | //// GET: Stock/Create 31 | //public ActionResult Create() 32 | //{ 33 | // return View(); 34 | //} 35 | 36 | //// POST: Stock/Create 37 | //[HttpPost] 38 | //[ValidateAntiForgeryToken] 39 | //public ActionResult Create(IFormCollection collection) 40 | //{ 41 | // try 42 | // { 43 | // // TODO: Add insert logic here 44 | 45 | // return RedirectToAction(nameof(Index)); 46 | // } 47 | // catch 48 | // { 49 | // return View(); 50 | // } 51 | //} 52 | 53 | //// GET: Stock/Edit/5 54 | //public ActionResult Edit(int id) 55 | //{ 56 | // return View(); 57 | //} 58 | 59 | //// POST: Stock/Edit/5 60 | //[HttpPost] 61 | //[ValidateAntiForgeryToken] 62 | //public ActionResult Edit(int id, IFormCollection collection) 63 | //{ 64 | // try 65 | // { 66 | // // TODO: Add update logic here 67 | 68 | // return RedirectToAction(nameof(Index)); 69 | // } 70 | // catch 71 | // { 72 | // return View(); 73 | // } 74 | //} 75 | 76 | //// GET: Stock/Delete/5 77 | //public ActionResult Delete(int id) 78 | //{ 79 | // return View(); 80 | //} 81 | 82 | //// POST: Stock/Delete/5 83 | //[HttpPost] 84 | //[ValidateAntiForgeryToken] 85 | //public ActionResult Delete(int id, IFormCollection collection) 86 | //{ 87 | // try 88 | // { 89 | // // TODO: Add delete logic here 90 | 91 | // return RedirectToAction(nameof(Index)); 92 | // } 93 | // catch 94 | // { 95 | // return View(); 96 | // } 97 | //} 98 | } 99 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Controllers/UsersController.cs: -------------------------------------------------------------------------------- 1 | using System.Linq; 2 | using DataAuthWebApp.Data; 3 | using DataAuthWebApp.DisplayCode; 4 | using DataLayer.EfCode; 5 | using Microsoft.AspNetCore.Mvc; 6 | using PermissionParts; 7 | 8 | namespace DataAuthWebApp.Controllers 9 | { 10 | public class UsersController : Controller 11 | { 12 | private readonly ApplicationDbContext _applicationDbContext; 13 | private readonly ExtraAuthorizeDbContext _extraAuthorizeDbContext; 14 | private readonly MultiTenantDbContext _multiTenantDbContext; 15 | 16 | public UsersController(ApplicationDbContext applicationDbContext, ExtraAuthorizeDbContext extraAuthorizeDbContext, MultiTenantDbContext multiTenantDbContext) 17 | { 18 | _applicationDbContext = applicationDbContext; 19 | _extraAuthorizeDbContext = extraAuthorizeDbContext; 20 | _multiTenantDbContext = multiTenantDbContext; 21 | } 22 | 23 | public IActionResult Index() 24 | { 25 | return View(HttpContext.User); 26 | } 27 | 28 | public IActionResult List() 29 | { 30 | var lister = new ListUsers(_applicationDbContext, _multiTenantDbContext); 31 | 32 | return View(lister.ListUserWithRolesAndModules()); 33 | } 34 | 35 | 36 | public IActionResult Roles() 37 | { 38 | var roles = _extraAuthorizeDbContext.RolesToPermissions.ToList(); 39 | return View(roles); 40 | } 41 | 42 | public IActionResult Permissions() 43 | { 44 | return View(PermissionDisplay.GetPermissionsToDisplay(typeof(Permissions))); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /DataAuthWebApp/Data/ApplicationDbContext.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Text; 4 | using Microsoft.AspNetCore.Identity.EntityFrameworkCore; 5 | using Microsoft.EntityFrameworkCore; 6 | 7 | namespace DataAuthWebApp.Data 8 | { 9 | public class ApplicationDbContext : IdentityDbContext 10 | { 11 | public ApplicationDbContext(DbContextOptions options) 12 | : base(options) 13 | { 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /DataAuthWebApp/DataAuthWebApp.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | aspnet-DataAuthWebApp-A3E6499E-9E5B-49A3-9737-CE4F95D40FB9 6 | 7.1 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | $(IncludeRazorContentInPack) 26 | 27 | 28 | $(IncludeRazorContentInPack) 29 | 30 | 31 | $(IncludeRazorContentInPack) 32 | 33 | 34 | $(IncludeRazorContentInPack) 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /DataAuthWebApp/DataCookieValidate.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using System.Security.Claims; 8 | using System.Threading.Tasks; 9 | using DataAuthorize; 10 | using DataLayer.EfCode; 11 | using Microsoft.AspNetCore.Authentication.Cookies; 12 | using Microsoft.EntityFrameworkCore; 13 | using RolesToPermission; 14 | 15 | namespace DataAuthWebApp 16 | { 17 | public class DataCookieValidate 18 | { 19 | private readonly DbContextOptions _multiTenantOptions; 20 | 21 | public DataCookieValidate(DbContextOptions multiTenantOptions) 22 | { 23 | _multiTenantOptions = multiTenantOptions; 24 | } 25 | 26 | public async Task ValidateAsync(CookieValidatePrincipalContext context) 27 | { 28 | //NOTE: To make easier to see the data authorization code I have removed 29 | //all the feature authorization code described in the article 30 | //https://www.thereformedprogrammer.net/a-better-way-to-handle-authorization-in-asp-net-core/ 31 | //BUT in real life this method with have both the feature authorization and data authorization code in it 32 | 33 | 34 | if (context.Principal.Claims.Any(x => x.Type == GetClaimsFromUser.ShopKeyClaimName)) 35 | return; 36 | 37 | //No ShopKey in the claims, so we need to add it. This is only happens once after the user has logged in 38 | var claims = new List(); 39 | claims.AddRange(context.Principal.Claims); //Copy over existing claims 40 | 41 | //now we lookup the user to find what shop they are linked to 42 | using (var multiContext = new MultiTenantDbContext(_multiTenantOptions, new DummyClaimsFromUser())) 43 | { 44 | var userId = context.Principal.Claims.Single(x => x.Type == ClaimTypes.NameIdentifier).Value; 45 | var mTUser = await multiContext.MultiTenantUsers.IgnoreQueryFilters() 46 | .SingleOrDefaultAsync(x => x.UserId == userId); 47 | //This means unassigned users are given a ShopKey of zero, which means unassigned 48 | var shopKey = mTUser?.ShopKey ?? 0; 49 | claims.Add(new Claim(GetClaimsFromUser.ShopKeyClaimName, shopKey.ToString())); 50 | if (mTUser?.IsDistrictManager == true) 51 | claims.Add(new Claim(GetClaimsFromUser.DistrictManagerIdClaimName, mTUser.UserId)); 52 | } 53 | 54 | //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal 55 | var identity = new ClaimsIdentity(claims, "Cookie"); 56 | var newPrincipal = new ClaimsPrincipal(identity); 57 | context.ReplacePrincipal(newPrincipal); 58 | //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request 59 | context.ShouldRenew = true; 60 | } 61 | } 62 | } -------------------------------------------------------------------------------- /DataAuthWebApp/DisplayCode/HomePageDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | 7 | namespace DataAuthWebApp.DisplayCode 8 | { 9 | public class HomePageDto 10 | { 11 | public HomePageDto(List user, List roles) 12 | { 13 | User = user ?? throw new ArgumentNullException(nameof(user)); 14 | Roles = roles ?? throw new ArgumentNullException(nameof(roles)); 15 | } 16 | 17 | public List User { get; set; } 18 | public List Roles { get; set; } 19 | } 20 | } -------------------------------------------------------------------------------- /DataAuthWebApp/DisplayCode/ListRoles.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | using System.ComponentModel.DataAnnotations; 6 | using System.Linq; 7 | using System.Reflection; 8 | using DataLayer.EfCode; 9 | using PermissionParts; 10 | 11 | namespace DataAuthWebApp.DisplayCode 12 | { 13 | public class ListRoles 14 | { 15 | private readonly ExtraAuthorizeDbContext _extraAuthorizeDbContext; 16 | 17 | public ListRoles(ExtraAuthorizeDbContext extraAuthorizeDbContext) 18 | { 19 | _extraAuthorizeDbContext = extraAuthorizeDbContext; 20 | } 21 | 22 | public IEnumerable ListRolesWithPermissionsExplained() 23 | { 24 | foreach (var roleToPermissions in _extraAuthorizeDbContext.RolesToPermissions) 25 | { 26 | var permissionsWithDesc = 27 | from permission in roleToPermissions.PermissionsInRole 28 | let displayAttr = typeof(Permissions).GetMember(permission.ToString())[0] 29 | .GetCustomAttribute() 30 | let moduleAttr = typeof(Permissions).GetMember(permission.ToString())[0] 31 | .GetCustomAttribute() 32 | select new PermissionWithDesc(permission.ToString(), displayAttr?.Description, moduleAttr?.PaidForModule.ToString()); 33 | yield return new RolesListDto(roleToPermissions.RoleName, permissionsWithDesc.ToList()); 34 | } 35 | } 36 | 37 | } 38 | } -------------------------------------------------------------------------------- /DataAuthWebApp/DisplayCode/ListUsers.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using DataAuthWebApp.Data; 8 | using DataLayer.EfClasses.MultiTenantClasses; 9 | using DataLayer.EfCode; 10 | using Microsoft.EntityFrameworkCore; 11 | using PermissionParts; 12 | 13 | namespace DataAuthWebApp.DisplayCode 14 | { 15 | 16 | public class ListUsers 17 | { 18 | private readonly ApplicationDbContext _applicationDbContext; 19 | private readonly MultiTenantDbContext _multiTenantDbContext; 20 | 21 | public ListUsers(ApplicationDbContext applicationDbContext, MultiTenantDbContext multiTenantDbContext) 22 | { 23 | _applicationDbContext = applicationDbContext ?? throw new ArgumentNullException(nameof(applicationDbContext)); 24 | _multiTenantDbContext = multiTenantDbContext ?? throw new ArgumentNullException(nameof(multiTenantDbContext)); 25 | } 26 | 27 | public List ListUserWithRolesAndModules() 28 | { 29 | var rolesWithUserIds = _applicationDbContext.UserRoles 30 | .Select(x => new { _applicationDbContext.Roles.Single(y => y.Id == x.RoleId).Name, x.UserId }).ToList(); 31 | 32 | var result = new List(); 33 | foreach (var user in _applicationDbContext.Users) 34 | { 35 | var mUser = _multiTenantDbContext.MultiTenantUsers.IgnoreQueryFilters() 36 | .Include(x => x.AccessTo) 37 | .SingleOrDefault(x => x.UserId == user.Id); 38 | if (mUser != null) 39 | { 40 | var shopNamesLinked = mUser.IsDistrictManager 41 | ? string.Join(", ", mUser.AccessTo.Select(x => x.Name)) 42 | : _multiTenantDbContext.Shops.IgnoreQueryFilters().Single(x => x.ShopKey == mUser.ShopKey).Name; 43 | result.Add(new UserListDto(user.UserName, 44 | string.Join(", ", rolesWithUserIds.Where(x => x.UserId == user.Id).Select(x => x.Name)), 45 | mUser.IsDistrictManager, shopNamesLinked)); 46 | } 47 | else 48 | { 49 | result.Add(new UserListDto(user.UserName, 50 | string.Join(", ", rolesWithUserIds.Where(x => x.UserId == user.Id).Select(x => x.Name)), 51 | false, "-- Unassigned --")); 52 | } 53 | } 54 | 55 | return result; 56 | } 57 | } 58 | } -------------------------------------------------------------------------------- /DataAuthWebApp/DisplayCode/RolesListDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | 7 | namespace DataAuthWebApp.DisplayCode 8 | { 9 | public class RolesListDto 10 | { 11 | public RolesListDto(string roleName, List permissionsWithDesc) 12 | { 13 | RoleName = roleName ?? throw new ArgumentNullException(nameof(roleName)); 14 | PermissionsWithDesc = permissionsWithDesc ?? throw new ArgumentNullException(nameof(permissionsWithDesc)); 15 | } 16 | 17 | public string RoleName { get; set; } 18 | public List PermissionsWithDesc { get; set; } 19 | } 20 | 21 | public class PermissionWithDesc 22 | { 23 | public PermissionWithDesc(string permissionName, string description, string linkedToModule) 24 | { 25 | PermissionName = permissionName ?? throw new ArgumentNullException(nameof(permissionName)); 26 | Description = description ?? throw new ArgumentNullException(nameof(description)); 27 | LinkedToModule = linkedToModule; 28 | } 29 | 30 | public string PermissionName { get; set; } 31 | public string Description { get; set; } 32 | public string LinkedToModule { get; set; } 33 | } 34 | } -------------------------------------------------------------------------------- /DataAuthWebApp/DisplayCode/UserListDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | 6 | namespace DataAuthWebApp.DisplayCode 7 | { 8 | public class UserListDto 9 | { 10 | public UserListDto(string email, string roleNames, bool isDistrictManager, string shopNames) 11 | { 12 | Email = email ?? throw new ArgumentNullException(nameof(email)); 13 | RoleNames = roleNames ?? throw new ArgumentNullException(nameof(roleNames)); 14 | IsDistrictManager = isDistrictManager; 15 | ShopNames = shopNames ?? throw new ArgumentNullException(nameof(shopNames)); 16 | } 17 | 18 | public string Email { get; set; } 19 | public string RoleNames { get; set; } 20 | public bool IsDistrictManager { get; set; } 21 | public string ShopNames { get; set; } 22 | 23 | 24 | } 25 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Models/ErrorViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DataAuthWebApp.Models 4 | { 5 | public class ErrorViewModel 6 | { 7 | public string RequestId { get; set; } 8 | 9 | public bool ShowRequestId => !string.IsNullOrEmpty(RequestId); 10 | } 11 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Threading.Tasks; 6 | using DataAuthWebApp.Data; 7 | using DataLayer.EfCode; 8 | using Microsoft.AspNetCore; 9 | using Microsoft.AspNetCore.Hosting; 10 | using Microsoft.EntityFrameworkCore; 11 | using Microsoft.Extensions.Configuration; 12 | using Microsoft.Extensions.DependencyInjection; 13 | using Microsoft.Extensions.Logging; 14 | using StartupCode; 15 | 16 | namespace DataAuthWebApp 17 | { 18 | public class Program 19 | { 20 | public static async Task Main(string[] args) 21 | { 22 | (await BuildWebHostAsync(args)).Run(); 23 | } 24 | 25 | private static async Task BuildWebHostAsync(string[] args) 26 | { 27 | var webHost = WebHost.CreateDefaultBuilder(args) 28 | .UseStartup() 29 | .Build(); 30 | 31 | //Because I am using in-memory databases I need to make sure they are created 32 | //before my startup code tries to use them 33 | SetupDatabases(webHost); 34 | await webHost.Services.AddUsersAndExtraAuthAsync(); 35 | return webHost; 36 | } 37 | 38 | 39 | private static void SetupDatabases(IWebHost webHost) 40 | { 41 | using (var scope = webHost.Services.CreateScope()) 42 | { 43 | var services = scope.ServiceProvider; 44 | using (var context = services.GetRequiredService()) 45 | { 46 | context.Database.EnsureCreated(); 47 | } 48 | using (var context = services.GetRequiredService()) 49 | { 50 | context.Database.EnsureCreated(); 51 | } 52 | using (var context = services.GetRequiredService()) 53 | { 54 | context.Database.EnsureCreated(); 55 | } 56 | } 57 | } 58 | } 59 | } 60 | -------------------------------------------------------------------------------- /DataAuthWebApp/Properties/launchSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "iisSettings": { 3 | "windowsAuthentication": false, 4 | "anonymousAuthentication": true, 5 | "iisExpress": { 6 | "applicationUrl": "http://localhost:52658", 7 | "sslPort": 44342 8 | } 9 | }, 10 | "profiles": { 11 | "IIS Express": { 12 | "commandName": "IISExpress", 13 | "launchBrowser": true, 14 | "environmentVariables": { 15 | "ASPNETCORE_ENVIRONMENT": "Development" 16 | } 17 | }, 18 | "DataAuthWebApp": { 19 | "commandName": "Project", 20 | "launchBrowser": true, 21 | "applicationUrl": "https://localhost:5001;http://localhost:5000", 22 | "environmentVariables": { 23 | "ASPNETCORE_ENVIRONMENT": "Development" 24 | } 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Home/About.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "About"; 3 | } 4 |

@ViewData["Title"]

5 |

@ViewData["Message"]

6 | 7 |

Use this area to provide additional information.

8 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Home/Contact.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "Contact"; 3 | } 4 |

@ViewData["Title"]

5 |

@ViewData["Message"]

6 | 7 |
8 | One Microsoft Way
9 | Redmond, WA 98052-6399
10 | P: 11 | 425.555.0100 12 |
13 | 14 |
15 | Support: Support@example.com
16 | Marketing: Marketing@example.com 17 |
18 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Home/Index.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "Home Page"; 3 | } 4 | 5 | @model List 6 | @{ 7 | ViewData["Title"] = "Home Page"; 8 | } 9 | 10 |

Welcome to Permission Access Control example

11 | 12 |

13 | This is an example ASP.NET Core web application to show how you can implement per-row data protection. 14 | This application uses in-memory database to allow you to easily run the application (it seeds the database on startup) 15 |

16 |

17 | Please read the article 18 | Handling data authorization ASP.NET Core and Entity Framework Core 19 | for how this works. 20 |

21 | 22 | 23 |

List of users so you can log in

24 |

NOTE: The Email address is also the Password!

25 | 26 | 27 | 28 | 29 | 30 | 31 | @foreach (var user in @Model) 32 | { 33 | 34 | 35 | 36 | 37 | 38 | } 39 |
User EmailIsDistrictManager?Linked shops
@user.Email@user.IsDistrictManager@user.ShopNames
-------------------------------------------------------------------------------- /DataAuthWebApp/Views/Home/Privacy.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "Privacy Policy"; 3 | } 4 |

@ViewData["Title"]

5 | 6 |

Use this page to detail your site's privacy policy.

7 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Personal/Create.cshtml: -------------------------------------------------------------------------------- 1 | @model DataLayer.EfClasses.BusinessClasses.PersonalData 2 | 3 | @{ 4 | ViewData["Title"] = "Create"; 5 | } 6 | 7 |

Create

8 | 9 |

PersonalData

10 |
11 |
12 |
13 |
14 |
15 | 16 |
17 | 18 | 19 | 20 |
21 |
22 | 23 |
24 |
25 |
26 |
27 | 28 |
29 | Back to List 30 |
31 | 32 | @section Scripts { 33 | @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} 34 | } 35 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Personal/Edit.cshtml: -------------------------------------------------------------------------------- 1 | @model DataLayer.EfClasses.BusinessClasses.PersonalData 2 | 3 | @{ 4 | ViewData["Title"] = "Edit"; 5 | } 6 | 7 |

Edit

8 | 9 |

PersonalData

10 |
11 |
12 |
13 |
14 |
15 |
16 | 17 | 18 | 19 |
20 |
21 | 22 |
23 |
24 |
25 |
26 | 27 |
28 | Back to List 29 |
30 | 31 | @section Scripts { 32 | @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} 33 | } 34 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Personal/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model DataLayer.EfClasses.BusinessClasses.PersonalData 2 | 3 | @{ 4 | ViewData["Title"] = "Index"; 5 | } 6 | 7 |

Index

8 | 9 |
10 | @if (User.Identity.IsAuthenticated) 11 | { 12 | @Html.ActionLink("Create", "Create") 13 | } 14 | else 15 | { 16 |

You need to be logged in to access personal data

17 | return; 18 | } 19 | @if (@Model == null) 20 | { 21 |

You haven't created any personal data yet.

22 | } 23 | else 24 | { 25 |

PersonalData

26 |
27 |
28 |
29 | @Html.DisplayNameFor(model => model.PersonalDataId) 30 |
31 |
32 | @Html.DisplayFor(model => model.PersonalDataId) 33 |
34 |
35 | @Html.DisplayNameFor(model => model.SecretToYou) 36 |
37 |
38 | @Html.DisplayFor(model => model.SecretToYou) 39 |
40 |
41 | @Html.DisplayNameFor(model => model.OwnedBy) 42 |
43 |
44 | @Html.DisplayFor(model => model.OwnedBy) 45 |
46 |
47 | 48 |
49 | @Html.ActionLink("Edit", "Edit") | 50 | @Html.ActionLink("Delete", "Delete") | 51 | Back to Index 52 |
53 | } 54 |
55 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Shared/Error.cshtml: -------------------------------------------------------------------------------- 1 | @model ErrorViewModel 2 | @{ 3 | ViewData["Title"] = "Error"; 4 | } 5 | 6 |

Error.

7 |

An error occurred while processing your request.

8 | 9 | @if (Model.ShowRequestId) 10 | { 11 |

12 | Request ID: @Model.RequestId 13 |

14 | } 15 | 16 |

Development Mode

17 |

18 | Swapping to Development environment will display more detailed information about the error that occurred. 19 |

20 |

21 | Development environment should not be enabled in deployed applications, as it can result in sensitive information from exceptions being displayed to end users. For local debugging, development environment can be enabled by setting the ASPNETCORE_ENVIRONMENT environment variable to Development, and restarting the application. 22 |

23 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Shared/_CookieConsentPartial.cshtml: -------------------------------------------------------------------------------- 1 | @using Microsoft.AspNetCore.Http.Features 2 | 3 | @{ 4 | var consentFeature = Context.Features.Get(); 5 | var showBanner = !consentFeature?.CanTrack ?? false; 6 | var cookieString = consentFeature?.CreateConsentCookie(); 7 | } 8 | 9 | @if (showBanner) 10 | { 11 | 33 | 41 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Shared/_Layout.cshtml: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | @ViewData["Title"] - DataAuthWebApp 7 | 8 | 9 | 10 | 11 | 12 | 13 | 16 | 17 | 18 | 19 | 20 | 55 | 56 | 57 | 58 |
59 | @RenderBody() 60 |
61 |
62 |

© 2018 - DataAuthWebApp

63 |
64 |
65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 78 | 84 | 85 | 86 | 87 | @RenderSection("Scripts", required: false) 88 | 89 | 90 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Shared/_LoginPartial.cshtml: -------------------------------------------------------------------------------- 1 | @using Microsoft.AspNetCore.Identity 2 | 3 | @inject SignInManager SignInManager 4 | @inject UserManager UserManager 5 | 6 | @if (User.Identity.IsAuthenticated) 7 | { 8 | 18 | } 19 | else 20 | { 21 | 25 | } -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Shared/_ValidationScriptsPartial.cshtml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 12 | 18 | 19 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Stock/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model IEnumerable 2 | 3 | @{ 4 | ViewData["Title"] = "Index"; 5 | } 6 | 7 |

Index

8 | 9 | @*

10 | Create New 11 |

*@ 12 | 13 | 14 | 15 | 18 | 21 | 24 | @**@ 25 | 26 | 27 | 28 | @foreach (var item in Model) { 29 | 30 | 33 | 36 | 39 | @**@ 44 | 45 | } 46 | 47 |
16 | @Html.DisplayNameFor(model => model.Name) 17 | 19 | Stock level 20 | 22 | In Shop 23 |
31 | @Html.DisplayFor(modelItem => item.Name) 32 | 34 | @Html.DisplayFor(modelItem => item.NumInStock) 35 | 37 | @Html.DisplayFor(modelItem => item.AtShop.Name) 38 | 40 | @Html.ActionLink("Edit", "Edit", new { id=item.StockInfoId }) | 41 | @Html.ActionLink("Details", "Details", new { id=item.StockInfoId }) | 42 | @Html.ActionLink("Delete", "Delete", new { id=item.StockInfoId }) 43 |
48 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Users/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model System.Security.Claims.ClaimsPrincipal 2 | @{ 3 | ViewData["Title"] = "User"; 4 | } 5 | 6 |

Current logged in user claims.

7 | 8 | @if (Model?.Identity.IsAuthenticated == true) 9 | { 10 |

User '@User.Identity.Name'

11 |
    12 | 13 | @foreach (var claim in @Model.Claims) 14 | { 15 |
  • @claim.ToString()
  • 16 | } 17 |
18 | } 19 | else 20 | { 21 |

No user is logged in.

22 | } 23 | 24 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Users/List.cshtml: -------------------------------------------------------------------------------- 1 | @model List 2 | @{ 3 | ViewData["Title"] = "All users"; 4 | } 5 | 6 |

List of users

7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | @foreach (var user in @Model) 15 | { 16 | 17 | 18 | 19 | 20 | 21 | 22 | } 23 |
User EmailRolesDistrict Manager?Linked to shop(s)
@user.Email@user.RoleNames@user.IsDistrictManager@user.ShopNames
24 | 25 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Users/Permissions.cshtml: -------------------------------------------------------------------------------- 1 | @model IEnumerable 2 | 3 | @{ 4 | ViewData["Title"] = "Permissions"; 5 | } 6 | 7 |

Permissions

8 | 9 | 10 | 11 | 12 | 15 | 18 | 21 | 24 | 27 | 28 | 29 | 30 | @foreach (var item in Model) { 31 | 32 | 35 | 38 | 41 | 44 | 47 | 48 | } 49 | 50 |
13 | @Html.DisplayNameFor(model => model.GroupName) 14 | 16 | @Html.DisplayNameFor(model => model.ShortName) 17 | 19 | @Html.DisplayNameFor(model => model.Description) 20 | 22 | @Html.DisplayNameFor(model => model.Permission) 23 | 25 | @Html.DisplayNameFor(model => model.ModuleName) 26 |
33 | @Html.DisplayFor(modelItem => item.GroupName) 34 | 36 | @Html.DisplayFor(modelItem => item.ShortName) 37 | 39 | @Html.DisplayFor(modelItem => item.Description) 40 | 42 | @item.Permission.ToString() 43 | 45 | @Html.DisplayFor(modelItem => item.ModuleName) 46 |
51 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/Users/Roles.cshtml: -------------------------------------------------------------------------------- 1 | @model IEnumerable 2 | 3 | @{ 4 | ViewData["Title"] = "Roles"; 5 | } 6 | 7 |

Roles

8 | 9 | @*

10 | Create New 11 |

*@ 12 | 13 | 14 | 15 | 18 | 21 | 24 | @**@ 25 | 26 | 27 | 28 | @foreach (var item in Model) { 29 | 30 | 33 | 36 | 39 | @**@ 44 | 45 | } 46 | 47 |
16 | @Html.DisplayNameFor(model => model.RoleName) 17 | 19 | @Html.DisplayNameFor(model => model.Description) 20 | 22 | Permissions 23 |
31 | @Html.DisplayFor(modelItem => item.RoleName) 32 | 34 | @Html.DisplayFor(modelItem => item.Description) 35 | 37 | @string.Join(", ", item.PermissionsInRole.Select(x => x.ToString())) 38 | 40 | @Html.ActionLink("Edit", "Edit", new { /* id=item.PrimaryKey */ }) | 41 | @Html.ActionLink("Details", "Details", new { /* id=item.PrimaryKey */ }) | 42 | @Html.ActionLink("Delete", "Delete", new { /* id=item.PrimaryKey */ }) 43 |
48 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/_ViewImports.cshtml: -------------------------------------------------------------------------------- 1 | @using DataAuthWebApp 2 | @using DataAuthWebApp.Models 3 | @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers 4 | -------------------------------------------------------------------------------- /DataAuthWebApp/Views/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "_Layout"; 3 | } 4 | -------------------------------------------------------------------------------- /DataAuthWebApp/appsettings.Development.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Debug", 5 | "System": "Information", 6 | "Microsoft": "Information" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /DataAuthWebApp/appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "ConnectionStrings": { 3 | "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-DataAuthWebApp-A3E6499E-9E5B-49A3-9737-CE4F95D40FB9;Trusted_Connection=True;MultipleActiveResultSets=true" 4 | }, 5 | "Logging": { 6 | "LogLevel": { 7 | "Default": "Warning" 8 | } 9 | }, 10 | "AllowedHosts": "*" 11 | } 12 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/SeedData/rolestopermissions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "RoleName": "Dummy", 4 | "Description": "Permissions not used in DataAuthWebApp", 5 | "Permissions": [ "DataAuthPermission" ] 6 | } 7 | ] 8 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/SeedData/userinfo.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Email": "D4u@g1.com", 4 | "RolesCommaDelimited": "Dummy", 5 | "ModulesCommaDelimited": "", 6 | "ShopNames": "Dress4U" 7 | }, 8 | { 9 | "Email": "S4u@g1.com", 10 | "RolesCommaDelimited": "Dummy", 11 | "ModulesCommaDelimited": "", 12 | "ShopNames": "Shirt4U" 13 | }, 14 | { 15 | "Email": "T4u@g1.com", 16 | "RolesCommaDelimited": "Dummy", 17 | "ModulesCommaDelimited": "", 18 | "ShopNames": "Tie4U" 19 | }, 20 | { 21 | "Email": "4uMan@g1.com", 22 | "RolesCommaDelimited": "Dummy", 23 | "ModulesCommaDelimited": "", 24 | "ShopNames": "Dress4U,Shirt4U,Ties4U" 25 | }, 26 | { 27 | "Email": "Power@g1.com", 28 | "RolesCommaDelimited": "Dummy", 29 | "ModulesCommaDelimited": "", 30 | "ShopNames": "DressPower" 31 | } 32 | ] 33 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/css/site.css: -------------------------------------------------------------------------------- 1 | /* Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification\ 2 | for details on configuring this project to bundle and minify static web assets. */ 3 | body { 4 | padding-top: 50px; 5 | padding-bottom: 20px; 6 | } 7 | 8 | /* Wrapping element */ 9 | /* Set some basic padding to keep content from hitting the edges */ 10 | .body-content { 11 | padding-left: 15px; 12 | padding-right: 15px; 13 | } 14 | 15 | /* Carousel */ 16 | .carousel-caption p { 17 | font-size: 20px; 18 | line-height: 1.4; 19 | } 20 | 21 | /* Make .svg files in the carousel display properly in older browsers */ 22 | .carousel-inner .item img[src$=".svg"] { 23 | width: 100%; 24 | } 25 | 26 | /* QR code generator */ 27 | #qrCode { 28 | margin: 15px; 29 | } 30 | 31 | /* Hide/rearrange for smaller screens */ 32 | @media screen and (max-width: 767px) { 33 | /* Hide captions */ 34 | .carousel-caption { 35 | display: none; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/css/site.min.css: -------------------------------------------------------------------------------- 1 | body{padding-top:50px;padding-bottom:20px}.body-content{padding-left:15px;padding-right:15px}.carousel-caption p{font-size:20px;line-height:1.4}.carousel-inner .item img[src$=".svg"]{width:100%}#qrCode{margin:15px}@media screen and (max-width:767px){.carousel-caption{display:none}} -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/favicon.ico -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/js/site.js: -------------------------------------------------------------------------------- 1 | // Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification 2 | // for details on configuring this project to bundle and minify static web assets. 3 | 4 | // Write your JavaScript code. 5 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/js/site.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/js/site.min.js -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "bootstrap", 3 | "description": "The most popular front-end framework for developing responsive, mobile first projects on the web.", 4 | "keywords": [ 5 | "css", 6 | "js", 7 | "less", 8 | "mobile-first", 9 | "responsive", 10 | "front-end", 11 | "framework", 12 | "web" 13 | ], 14 | "homepage": "http://getbootstrap.com", 15 | "license": "MIT", 16 | "moduleType": "globals", 17 | "main": [ 18 | "less/bootstrap.less", 19 | "dist/js/bootstrap.js" 20 | ], 21 | "ignore": [ 22 | "/.*", 23 | "_config.yml", 24 | "CNAME", 25 | "composer.json", 26 | "CONTRIBUTING.md", 27 | "docs", 28 | "js/tests", 29 | "test-infra" 30 | ], 31 | "dependencies": { 32 | "jquery": "1.9.1 - 3" 33 | }, 34 | "version": "3.3.7", 35 | "_release": "3.3.7", 36 | "_resolution": { 37 | "type": "version", 38 | "tag": "v3.3.7", 39 | "commit": "0b9c4a4007c44201dce9a6cc1a38407005c26c86" 40 | }, 41 | "_source": "https://github.com/twbs/bootstrap.git", 42 | "_target": "v3.3.7", 43 | "_originalSource": "bootstrap", 44 | "_direct": true 45 | } -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2011-2016 Twitter, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/DataAuthWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/bootstrap/dist/js/npm.js: -------------------------------------------------------------------------------- 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment. 2 | require('../../js/transition.js') 3 | require('../../js/alert.js') 4 | require('../../js/button.js') 5 | require('../../js/carousel.js') 6 | require('../../js/collapse.js') 7 | require('../../js/dropdown.js') 8 | require('../../js/modal.js') 9 | require('../../js/tooltip.js') 10 | require('../../js/popover.js') 11 | require('../../js/scrollspy.js') 12 | require('../../js/tab.js') 13 | require('../../js/affix.js') -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery-validation-unobtrusive/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery-validation-unobtrusive", 3 | "homepage": "https://github.com/aspnet/jquery-validation-unobtrusive", 4 | "version": "3.2.9", 5 | "_release": "3.2.9", 6 | "_resolution": { 7 | "type": "version", 8 | "tag": "v3.2.9", 9 | "commit": "a91f5401898e125f10771c5f5f0909d8c4c82396" 10 | }, 11 | "_source": "https://github.com/aspnet/jquery-validation-unobtrusive.git", 12 | "_target": "^3.2.9", 13 | "_originalSource": "jquery-validation-unobtrusive", 14 | "_direct": true 15 | } -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery-validation-unobtrusive/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) .NET Foundation. All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use 4 | these files except in compliance with the License. You may obtain a copy of the 5 | License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software distributed 10 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 11 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 12 | specific language governing permissions and limitations under the License. 13 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js: -------------------------------------------------------------------------------- 1 | // Unobtrusive validation support library for jQuery and jQuery Validate 2 | // Copyright (C) Microsoft Corporation. All rights reserved. 3 | // @version v3.2.9 4 | !function(a){"function"==typeof define&&define.amd?define("jquery.validate.unobtrusive",["jquery.validation"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery-validation")):jQuery.validator.unobtrusive=a(jQuery)}(function(a){function e(a,e,n){a.rules[e]=n,a.message&&(a.messages[e]=a.message)}function n(a){return a.replace(/^\s+|\s+$/g,"").split(/\s*,\s*/g)}function t(a){return a.replace(/([!"#$%&'()*+,.\/:;<=>?@\[\\\]^`{|}~])/g,"\\$1")}function r(a){return a.substr(0,a.lastIndexOf(".")+1)}function i(a,e){return 0===a.indexOf("*.")&&(a=a.replace("*.",e)),a}function o(e,n){var r=a(this).find("[data-valmsg-for='"+t(n[0].name)+"']"),i=r.attr("data-valmsg-replace"),o=i?a.parseJSON(i)!==!1:null;r.removeClass("field-validation-valid").addClass("field-validation-error"),e.data("unobtrusiveContainer",r),o?(r.empty(),e.removeClass("input-validation-error").appendTo(r)):e.hide()}function d(e,n){var t=a(this).find("[data-valmsg-summary=true]"),r=t.find("ul");r&&r.length&&n.errorList.length&&(r.empty(),t.addClass("validation-summary-errors").removeClass("validation-summary-valid"),a.each(n.errorList,function(){a("
  • ").html(this.message).appendTo(r)}))}function s(e){var n=e.data("unobtrusiveContainer");if(n){var t=n.attr("data-valmsg-replace"),r=t?a.parseJSON(t):null;n.addClass("field-validation-valid").removeClass("field-validation-error"),e.removeData("unobtrusiveContainer"),r&&n.empty()}}function l(e){var n=a(this),t="__jquery_unobtrusive_validation_form_reset";if(!n.data(t)){n.data(t,!0);try{n.data("validator").resetForm()}finally{n.removeData(t)}n.find(".validation-summary-errors").addClass("validation-summary-valid").removeClass("validation-summary-errors"),n.find(".field-validation-error").addClass("field-validation-valid").removeClass("field-validation-error").removeData("unobtrusiveContainer").find(">*").removeData("unobtrusiveContainer")}}function u(e){var n=a(e),t=n.data(v),r=a.proxy(l,e),i=f.unobtrusive.options||{},u=function(n,t){var r=i[n];r&&a.isFunction(r)&&r.apply(e,t)};return t||(t={options:{errorClass:i.errorClass||"input-validation-error",errorElement:i.errorElement||"span",errorPlacement:function(){o.apply(e,arguments),u("errorPlacement",arguments)},invalidHandler:function(){d.apply(e,arguments),u("invalidHandler",arguments)},messages:{},rules:{},success:function(){s.apply(e,arguments),u("success",arguments)}},attachValidation:function(){n.off("reset."+v,r).on("reset."+v,r).validate(this.options)},validate:function(){return n.validate(),n.valid()}},n.data(v,t)),t}var m,f=a.validator,v="unobtrusiveValidation";return f.unobtrusive={adapters:[],parseElement:function(e,n){var t,r,i,o=a(e),d=o.parents("form")[0];d&&(t=u(d),t.options.rules[e.name]=r={},t.options.messages[e.name]=i={},a.each(this.adapters,function(){var n="data-val-"+this.name,t=o.attr(n),s={};void 0!==t&&(n+="-",a.each(this.params,function(){s[this]=o.attr(n+this)}),this.adapt({element:e,form:d,message:t,params:s,rules:r,messages:i}))}),a.extend(r,{__dummy__:!0}),n||t.attachValidation())},parse:function(e){var n=a(e),t=n.parents().addBack().filter("form").add(n.find("form")).has("[data-val=true]");n.find("[data-val=true]").each(function(){f.unobtrusive.parseElement(this,!0)}),t.each(function(){var a=u(this);a&&a.attachValidation()})}},m=f.unobtrusive.adapters,m.add=function(a,e,n){return n||(n=e,e=[]),this.push({name:a,params:e,adapt:n}),this},m.addBool=function(a,n){return this.add(a,function(t){e(t,n||a,!0)})},m.addMinMax=function(a,n,t,r,i,o){return this.add(a,[i||"min",o||"max"],function(a){var i=a.params.min,o=a.params.max;i&&o?e(a,r,[i,o]):i?e(a,n,i):o&&e(a,t,o)})},m.addSingleVal=function(a,n,t){return this.add(a,[n||"val"],function(r){e(r,t||a,r.params[n])})},f.addMethod("__dummy__",function(a,e,n){return!0}),f.addMethod("regex",function(a,e,n){var t;return!!this.optional(e)||(t=new RegExp(n).exec(a),t&&0===t.index&&t[0].length===a.length)}),f.addMethod("nonalphamin",function(a,e,n){var t;return n&&(t=a.match(/\W/g),t=t&&t.length>=n),t}),f.methods.extension?(m.addSingleVal("accept","mimtype"),m.addSingleVal("extension","extension")):m.addSingleVal("extension","extension","accept"),m.addSingleVal("regex","pattern"),m.addBool("creditcard").addBool("date").addBool("digits").addBool("email").addBool("number").addBool("url"),m.addMinMax("length","minlength","maxlength","rangelength").addMinMax("range","min","max","range"),m.addMinMax("minlength","minlength").addMinMax("maxlength","minlength","maxlength"),m.add("equalto",["other"],function(n){var o=r(n.element.name),d=n.params.other,s=i(d,o),l=a(n.form).find(":input").filter("[name='"+t(s)+"']")[0];e(n,"equalTo",l)}),m.add("required",function(a){"INPUT"===a.element.tagName.toUpperCase()&&"CHECKBOX"===a.element.type.toUpperCase()||e(a,"required",!0)}),m.add("remote",["url","type","additionalfields"],function(o){var d={url:o.params.url,type:o.params.type||"GET",data:{}},s=r(o.element.name);a.each(n(o.params.additionalfields||o.element.name),function(e,n){var r=i(n,s);d.data[r]=function(){var e=a(o.form).find(":input").filter("[name='"+t(r)+"']");return e.is(":checkbox")?e.filter(":checked").val()||e.filter(":hidden").val()||"":e.is(":radio")?e.filter(":checked").val()||"":e.val()}}),e(o,"remote",d)}),m.add("password",["min","nonalphamin","regex"],function(a){a.params.min&&e(a,"minlength",a.params.min),a.params.nonalphamin&&e(a,"nonalphamin",a.params.nonalphamin),a.params.regex&&e(a,"regex",a.params.regex)}),m.add("fileextensions",["extensions"],function(a){e(a,"extension",a.params.extensions)}),a(function(){f.unobtrusive.parse(document)}),f.unobtrusive}); -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery-validation/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery-validation", 3 | "homepage": "https://jqueryvalidation.org/", 4 | "repository": { 5 | "type": "git", 6 | "url": "git://github.com/jquery-validation/jquery-validation.git" 7 | }, 8 | "authors": [ 9 | "Jörn Zaefferer " 10 | ], 11 | "description": "Form validation made easy", 12 | "main": "dist/jquery.validate.js", 13 | "keywords": [ 14 | "forms", 15 | "validation", 16 | "validate" 17 | ], 18 | "license": "MIT", 19 | "ignore": [ 20 | "**/.*", 21 | "node_modules", 22 | "bower_components", 23 | "test", 24 | "demo", 25 | "lib" 26 | ], 27 | "dependencies": { 28 | "jquery": ">= 1.7.2" 29 | }, 30 | "version": "1.17.0", 31 | "_release": "1.17.0", 32 | "_resolution": { 33 | "type": "version", 34 | "tag": "1.17.0", 35 | "commit": "fc9b12d3bfaa2d0c04605855b896edb2934c0772" 36 | }, 37 | "_source": "https://github.com/jzaefferer/jquery-validation.git", 38 | "_target": "^1.17.0", 39 | "_originalSource": "jquery-validation", 40 | "_direct": true 41 | } -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery-validation/LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | ===================== 3 | 4 | Copyright Jörn Zaefferer 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery", 3 | "main": "dist/jquery.js", 4 | "license": "MIT", 5 | "ignore": [ 6 | "package.json" 7 | ], 8 | "keywords": [ 9 | "jquery", 10 | "javascript", 11 | "browser", 12 | "library" 13 | ], 14 | "homepage": "https://github.com/jquery/jquery-dist", 15 | "version": "3.3.1", 16 | "_release": "3.3.1", 17 | "_resolution": { 18 | "type": "version", 19 | "tag": "3.3.1", 20 | "commit": "9e8ec3d10fad04748176144f108d7355662ae75e" 21 | }, 22 | "_source": "https://github.com/jquery/jquery-dist.git", 23 | "_target": "^3.3.1", 24 | "_originalSource": "jquery", 25 | "_direct": true 26 | } -------------------------------------------------------------------------------- /DataAuthWebApp/wwwroot/lib/jquery/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright JS Foundation and other contributors, https://js.foundation/ 2 | 3 | This software consists of voluntary contributions made by many 4 | individuals. For exact contribution history, see the revision history 5 | available at https://github.com/jquery/jquery 6 | 7 | The following license applies to all parts of this software except as 8 | documented below: 9 | 10 | ==== 11 | 12 | Permission is hereby granted, free of charge, to any person obtaining 13 | a copy of this software and associated documentation files (the 14 | "Software"), to deal in the Software without restriction, including 15 | without limitation the rights to use, copy, modify, merge, publish, 16 | distribute, sublicense, and/or sell copies of the Software, and to 17 | permit persons to whom the Software is furnished to do so, subject to 18 | the following conditions: 19 | 20 | The above copyright notice and this permission notice shall be 21 | included in all copies or substantial portions of the Software. 22 | 23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 27 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 28 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 29 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 | 31 | ==== 32 | 33 | All files located in the node_modules and external directories are 34 | externally maintained libraries used by this software which have their 35 | own licenses; we recommend you read them, as their terms may differ from 36 | the terms above. 37 | -------------------------------------------------------------------------------- /DataAuthorize/DataAuthorize.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /DataAuthorize/DummyClaimsFromUser.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | 5 | namespace DataAuthorize 6 | { 7 | public class DummyClaimsFromUser : IGetClaimsProvider 8 | { 9 | public string UserId => null; 10 | public int ShopKey => 0; 11 | public string DistrictManagerId => null; 12 | } 13 | } -------------------------------------------------------------------------------- /DataAuthorize/GetClaimsFromUser.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Linq; 5 | using System.Security.Claims; 6 | using Microsoft.AspNetCore.Http; 7 | 8 | namespace DataAuthorize 9 | { 10 | public class GetClaimsFromUser : IGetClaimsProvider 11 | { 12 | public const string ShopKeyClaimName = "ShopKey"; 13 | public const string DistrictManagerIdClaimName = "DistrictManagerId"; 14 | 15 | public string UserId { get; private set; } 16 | public int ShopKey { get; private set; } 17 | public string DistrictManagerId { get; private set; } 18 | 19 | public GetClaimsFromUser(IHttpContextAccessor accessor) 20 | { 21 | UserId = accessor.HttpContext?.User.Claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier)?.Value; 22 | var shopKeyString = accessor.HttpContext?.User.Claims.SingleOrDefault(x => x.Type == ShopKeyClaimName)?.Value; 23 | if (shopKeyString != null) 24 | { 25 | int.TryParse(shopKeyString, out var shopKey); 26 | ShopKey = shopKey; 27 | } 28 | DistrictManagerId = accessor.HttpContext?.User.Claims.SingleOrDefault(x => x.Type == DistrictManagerIdClaimName)?.Value; 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /DataAuthorize/IGetClaimsProvider.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | namespace DataAuthorize 5 | { 6 | public interface IGetClaimsProvider 7 | { 8 | string UserId { get; } 9 | 10 | int ShopKey { get; } 11 | 12 | string DistrictManagerId { get;} 13 | } 14 | } -------------------------------------------------------------------------------- /DataAuthorize/IOwnedBy.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace DataAuthorize 4 | { 5 | public interface IOwnedBy 6 | { 7 | string OwnedBy { get; } 8 | void SetOwnedBy(string protectKey); 9 | } 10 | } -------------------------------------------------------------------------------- /DataAuthorize/IShopKey.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | namespace DataAuthorize 5 | { 6 | public interface IShopKey 7 | { 8 | int ShopKey { get; } 9 | void SetShopKey(int shopKey); 10 | } 11 | } -------------------------------------------------------------------------------- /DataAuthorize/OwnedByBase.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.ComponentModel.DataAnnotations; 6 | 7 | namespace DataAuthorize 8 | { 9 | public class OwnedByBase : IOwnedBy 10 | { 11 | [Required] //This means SQL will throw an error if we doing fill it in 12 | [MaxLength(40)] //A guid string is 36 characters long 13 | public string OwnedBy { get; private set; } 14 | 15 | public void SetOwnedBy(string protectKey) 16 | { 17 | OwnedBy = protectKey; 18 | } 19 | } 20 | } -------------------------------------------------------------------------------- /DataAuthorize/OwnedByExtensions.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Linq; 5 | using Microsoft.EntityFrameworkCore; 6 | 7 | namespace DataAuthorize 8 | { 9 | public static class OwnedByExtensions 10 | { 11 | /// 12 | /// This is called in the overridden SaveChanges in the application's DbContext 13 | /// Its job is to call the SetOwnedBy on entities that have it and are being created 14 | /// 15 | /// 16 | /// 17 | public static void MarkCreatedItemAsOwnedBy(this DbContext context, string userId) 18 | { 19 | foreach (var entityEntry in context.ChangeTracker.Entries() 20 | .Where(e => e.State == EntityState.Added)) 21 | { 22 | if (entityEntry.Entity is IOwnedBy entityToMark) 23 | { 24 | entityToMark.SetOwnedBy(userId); 25 | } 26 | } 27 | } 28 | 29 | 30 | public static void MarkCreatedItemWithShopKey(this DbContext context, int shopKey) 31 | { 32 | //At startup shopKey will be zero, so ignore the setting of the ShopKey 33 | //This allows my seeding code to work 34 | if (shopKey == 0) return; 35 | 36 | foreach (var entityEntry in context.ChangeTracker.Entries() 37 | .Where(e => e.State == EntityState.Added)) 38 | { 39 | if (entityEntry.Entity is IShopKey entityToMark) 40 | { 41 | entityToMark.SetShopKey(shopKey); 42 | } 43 | } 44 | } 45 | } 46 | } -------------------------------------------------------------------------------- /DataLayer/DataLayer.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | ..\..\..\..\.nuget\packages\microsoft.entityframeworkcore\2.1.4\lib\netstandard2.0\Microsoft.EntityFrameworkCore.dll 19 | 20 | 21 | 22 | 23 | -------------------------------------------------------------------------------- /DataLayer/EfClasses/AuthClasses/ModulesForUser.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.ComponentModel.DataAnnotations; 6 | using PermissionParts; 7 | 8 | namespace DataLayer.EfClasses.AuthClasses 9 | { 10 | /// 11 | /// This holds what modules a user can access, using the user's identity key 12 | /// 13 | public class ModulesForUser 14 | { 15 | public ModulesForUser(string userId, PaidForModules allowedPaidForModules) 16 | { 17 | UserId = userId ?? throw new ArgumentNullException(nameof(userId)); 18 | AllowedPaidForModules = allowedPaidForModules; 19 | } 20 | 21 | [Key] 22 | [MaxLength(450)] //Matches identity size 23 | public string UserId { get; set; } 24 | public PaidForModules AllowedPaidForModules { get; set; } 25 | } 26 | } -------------------------------------------------------------------------------- /DataLayer/EfClasses/AuthClasses/RoleToPermissions.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.ComponentModel.DataAnnotations; 7 | using System.Linq; 8 | using PermissionParts; 9 | 10 | namespace DataLayer.EfClasses.AuthClasses 11 | { 12 | public class RoleToPermissions 13 | { 14 | private string _permissionsInRole; 15 | 16 | /// 17 | /// ShortName of the role 18 | /// 19 | [Key] 20 | [Required(AllowEmptyStrings = false)] 21 | [MaxLength(450)] //Matches identity size 22 | public string RoleName { get; private set; } 23 | 24 | /// 25 | /// A human-friendly description of what the Role does 26 | /// 27 | [Required(AllowEmptyStrings = false)] 28 | public string Description { get; private set; } 29 | 30 | /// 31 | /// This returns the list of permissions in this role 32 | /// 33 | public IEnumerable PermissionsInRole => _permissionsInRole.UnpackPermissionsFromString(); 34 | 35 | private RoleToPermissions() { } 36 | 37 | /// 38 | /// This creates the Role with its permissions 39 | /// 40 | /// 41 | /// 42 | /// 43 | public RoleToPermissions(string roleName, string description, ICollection permissions) 44 | { 45 | RoleName = roleName; 46 | Update(description, permissions); 47 | } 48 | 49 | public void Update(string description, ICollection permissions) 50 | { 51 | Description = description; 52 | if (permissions == null || !permissions.Any()) 53 | throw new InvalidOperationException("There should be at least one permission associated with a role."); 54 | 55 | _permissionsInRole = permissions.PackPermissionsIntoString(); 56 | } 57 | } 58 | } -------------------------------------------------------------------------------- /DataLayer/EfClasses/BusinessClasses/PersonalData.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using DataAuthorize; 5 | 6 | namespace DataLayer.EfClasses.BusinessClasses 7 | { 8 | public class PersonalData : OwnedByBase 9 | { 10 | public int PersonalDataId { get; set; } 11 | 12 | public string SecretToYou { get; set; } 13 | } 14 | } -------------------------------------------------------------------------------- /DataLayer/EfClasses/MultiTenantClasses/MultiTenantUser.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections; 5 | using System.Collections.Generic; 6 | using System.ComponentModel.DataAnnotations; 7 | using System.ComponentModel.DataAnnotations.Schema; 8 | using System.Diagnostics; 9 | using DataAuthorize; 10 | 11 | namespace DataLayer.EfClasses.MultiTenantClasses 12 | { 13 | public class MultiTenantUser : IShopKey 14 | { 15 | [Required] //This means SQL will throw an error if we doing fill it in 16 | [MaxLength(40)] //A guid string is 36 characters long 17 | [Key] 18 | public string UserId { get; set; } 19 | public int ShopKey { get; set; } 20 | public void SetShopKey(int shopKey) 21 | { 22 | ShopKey = shopKey; 23 | } 24 | 25 | public bool IsDistrictManager { get; set; } 26 | 27 | //--------------------------------------------- 28 | //relationships 29 | 30 | public ICollection AccessTo { get; set; } 31 | 32 | public override string ToString() 33 | { 34 | return $"{nameof(UserId)}: {UserId}, {nameof(ShopKey)}: {ShopKey}, {nameof(IsDistrictManager)}: {IsDistrictManager}"; 35 | } 36 | } 37 | } -------------------------------------------------------------------------------- /DataLayer/EfClasses/MultiTenantClasses/Shop.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.ComponentModel.DataAnnotations; 5 | using System.ComponentModel.DataAnnotations.Schema; 6 | using DataAuthorize; 7 | 8 | namespace DataLayer.EfClasses.MultiTenantClasses 9 | { 10 | public class Shop : IShopKey 11 | { 12 | [Key] 13 | public int ShopKey { get; private set; } 14 | public void SetShopKey(int shopKey) 15 | { 16 | ShopKey = shopKey; 17 | } 18 | 19 | public string Name { get; set; } 20 | 21 | [MaxLength(40)] 22 | public string DistrictManagerId { get; set; } 23 | 24 | //------------------------------------------- 25 | //relationships 26 | 27 | [ForeignKey(nameof(DistrictManagerId))] 28 | public MultiTenantUser DistrictManager { get; set; } 29 | 30 | public override string ToString() 31 | { 32 | return $"{nameof(ShopKey)}: {ShopKey}, {nameof(Name)}: {Name}, {nameof(DistrictManagerId)}: {DistrictManagerId}"; 33 | } 34 | } 35 | } -------------------------------------------------------------------------------- /DataLayer/EfClasses/MultiTenantClasses/StockInfo.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.ComponentModel.DataAnnotations; 5 | using System.ComponentModel.DataAnnotations.Schema; 6 | using DataAuthorize; 7 | 8 | namespace DataLayer.EfClasses.MultiTenantClasses 9 | { 10 | public class StockInfo : IShopKey 11 | { 12 | public int StockInfoId { get; set; } 13 | public string Name { get; set; } 14 | public int NumInStock { get; set; } 15 | public int ShopKey { get; private set; } 16 | 17 | public void SetShopKey(int shopKey) 18 | { 19 | ShopKey = shopKey; 20 | } 21 | 22 | [MaxLength(40)] 23 | public string DistrictManagerId { get; set; } 24 | 25 | //--------------------------------------------- 26 | //relationships 27 | 28 | [ForeignKey(nameof(ShopKey))] 29 | public Shop AtShop { get; set; } 30 | 31 | public override string ToString() 32 | { 33 | return $"{nameof(StockInfoId)}: {StockInfoId}, {nameof(Name)}: {Name}, {nameof(NumInStock)}: {NumInStock}, {nameof(ShopKey)}: {ShopKey}, {nameof(DistrictManagerId)}: {DistrictManagerId}"; 34 | } 35 | } 36 | } -------------------------------------------------------------------------------- /DataLayer/EfCode/ExtraAuthorizeDbContext.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using DataLayer.EfClasses.AuthClasses; 5 | using Microsoft.EntityFrameworkCore; 6 | 7 | namespace DataLayer.EfCode 8 | { 9 | public class ExtraAuthorizeDbContext : DbContext 10 | { 11 | public DbSet RolesToPermissions { get; set; } 12 | public DbSet ModulesForUsers { get; set; } 13 | 14 | public ExtraAuthorizeDbContext(DbContextOptions options) 15 | : base(options) { } 16 | 17 | protected override void OnModelCreating(ModelBuilder modelBuilder) 18 | { 19 | modelBuilder.Entity().Property("_permissionsInRole") 20 | .IsUnicode(false).HasColumnName("PermissionsInRole").IsRequired(); 21 | } 22 | } 23 | } -------------------------------------------------------------------------------- /DataLayer/EfCode/MultiTenantDbContext.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Threading; 5 | using System.Threading.Tasks; 6 | using DataAuthorize; 7 | using DataLayer.EfClasses.MultiTenantClasses; 8 | using Microsoft.EntityFrameworkCore; 9 | 10 | namespace DataLayer.EfCode 11 | { 12 | public class MultiTenantDbContext : DbContext 13 | { 14 | public int ShopKey { get; } 15 | public string DistrictManagerId { get; } 16 | 17 | public DbSet MultiTenantUsers { get; set; } 18 | public DbSet Shops { get; set; } 19 | public DbSet CurrentStock { get; set; } 20 | 21 | public MultiTenantDbContext(DbContextOptions options, IGetClaimsProvider userData) 22 | : base(options) 23 | { 24 | ShopKey = userData.ShopKey; 25 | DistrictManagerId = userData.DistrictManagerId; 26 | } 27 | 28 | //I only have to override these two version of SaveChanges, as the other two versions call these 29 | public override int SaveChanges(bool acceptAllChangesOnSuccess) 30 | { 31 | this.MarkCreatedItemWithShopKey(ShopKey); 32 | return base.SaveChanges(acceptAllChangesOnSuccess); 33 | } 34 | 35 | public override async Task SaveChangesAsync(bool acceptAllChangesOnSuccess, CancellationToken cancellationToken = new CancellationToken()) 36 | { 37 | this.MarkCreatedItemWithShopKey(ShopKey); 38 | return await base.SaveChangesAsync(acceptAllChangesOnSuccess, cancellationToken); 39 | } 40 | 41 | protected override void OnModelCreating(ModelBuilder modelBuilder) 42 | { 43 | //Standard multi-tenant query filter - just filter on ShopKey 44 | //This assumes that the district manager cannot manage the shop users 45 | modelBuilder.Entity().HasQueryFilter(x => x.ShopKey == ShopKey); 46 | 47 | //Altered query filter to handle hierarchical access 48 | modelBuilder.Entity().HasQueryFilter(x => DistrictManagerId == null 49 | ? x.ShopKey == ShopKey 50 | : x.DistrictManagerId == DistrictManagerId); 51 | modelBuilder.Entity().HasQueryFilter(x => DistrictManagerId == null 52 | ? x.ShopKey == ShopKey 53 | : x.DistrictManagerId == DistrictManagerId); 54 | } 55 | } 56 | } -------------------------------------------------------------------------------- /DataLayer/EfCode/PersonalDbContext.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Linq; 5 | using System.Threading; 6 | using System.Threading.Tasks; 7 | using DataAuthorize; 8 | using DataLayer.EfClasses.BusinessClasses; 9 | using Microsoft.EntityFrameworkCore; 10 | 11 | namespace DataLayer.EfCode 12 | { 13 | public class PersonalDbContext : DbContext 14 | { 15 | private readonly string _userId; 16 | 17 | public DbSet PersonalDatas { get; set; } 18 | 19 | public PersonalDbContext(DbContextOptions options, IGetClaimsProvider userData) 20 | : base(options) 21 | { 22 | _userId = userData.UserId; 23 | } 24 | 25 | //I only have to override these two version of SaveChanges, as the other two versions call these 26 | public override int SaveChanges(bool acceptAllChangesOnSuccess) 27 | { 28 | this.MarkCreatedItemAsOwnedBy(_userId); 29 | return base.SaveChanges(acceptAllChangesOnSuccess); 30 | } 31 | 32 | public override async Task SaveChangesAsync(bool acceptAllChangesOnSuccess, CancellationToken cancellationToken = new CancellationToken()) 33 | { 34 | this.MarkCreatedItemAsOwnedBy(_userId); 35 | return await base.SaveChangesAsync(acceptAllChangesOnSuccess, cancellationToken); 36 | } 37 | 38 | protected override void OnModelCreating(ModelBuilder modelBuilder) 39 | { 40 | foreach (var entityOwnedBy in modelBuilder.Model.GetEntityTypes().Where(x => x.ClrType.GetInterface(nameof(IOwnedBy)) != null)) 41 | { 42 | modelBuilder.Entity(entityOwnedBy.ClrType).HasIndex(nameof(IOwnedBy.OwnedBy)); 43 | } 44 | 45 | modelBuilder.Entity().HasQueryFilter(x => x.OwnedBy == _userId); 46 | } 47 | } 48 | } -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2018 Jon P Smith - https://www.thereformedprogrammer.net/ 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /PermissionAccessControl.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.28307.136 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{608F451A-9063-4191-AFCD-398A429CFC33}" 7 | ProjectSection(SolutionItems) = preProject 8 | LICENSE = LICENSE 9 | PermissionAccessControlHomePage.png = PermissionAccessControlHomePage.png 10 | README.md = README.md 11 | EndProjectSection 12 | EndProject 13 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "PermissionParts", "PermissionParts\PermissionParts.csproj", "{02633708-C1E3-45D1-9016-0499134BC581}" 14 | EndProject 15 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "TestWebApp", "TestWebApp\TestWebApp.csproj", "{9EE2BC43-3AC9-4D97-8E5E-15099A20C440}" 16 | EndProject 17 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DataLayer", "DataLayer\DataLayer.csproj", "{DBA80257-4697-480E-85C6-87C23047E415}" 18 | EndProject 19 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "RolesToPermission", "RolesToPermission\RolesToPermission.csproj", "{D75D71AF-EFEE-4C37-BD28-9BC11B2ADACA}" 20 | EndProject 21 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "StartupCode", "StartupCode\StartupCode.csproj", "{7CE53160-EA4F-4395-90FC-C1A10290BD62}" 22 | EndProject 23 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DataAuthWebApp", "DataAuthWebApp\DataAuthWebApp.csproj", "{09B56163-769A-4BEB-A3D0-A4BF41581125}" 24 | EndProject 25 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DataAuthorize", "DataAuthorize\DataAuthorize.csproj", "{321D2524-A63F-403A-9F6E-5FA3772B7C70}" 26 | EndProject 27 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Test", "Test\Test.csproj", "{D0BDF24D-5D22-4492-A4BF-5153423D2606}" 28 | EndProject 29 | Global 30 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 31 | Debug|Any CPU = Debug|Any CPU 32 | Release|Any CPU = Release|Any CPU 33 | EndGlobalSection 34 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 35 | {02633708-C1E3-45D1-9016-0499134BC581}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 36 | {02633708-C1E3-45D1-9016-0499134BC581}.Debug|Any CPU.Build.0 = Debug|Any CPU 37 | {02633708-C1E3-45D1-9016-0499134BC581}.Release|Any CPU.ActiveCfg = Release|Any CPU 38 | {02633708-C1E3-45D1-9016-0499134BC581}.Release|Any CPU.Build.0 = Release|Any CPU 39 | {9EE2BC43-3AC9-4D97-8E5E-15099A20C440}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 40 | {9EE2BC43-3AC9-4D97-8E5E-15099A20C440}.Debug|Any CPU.Build.0 = Debug|Any CPU 41 | {9EE2BC43-3AC9-4D97-8E5E-15099A20C440}.Release|Any CPU.ActiveCfg = Release|Any CPU 42 | {9EE2BC43-3AC9-4D97-8E5E-15099A20C440}.Release|Any CPU.Build.0 = Release|Any CPU 43 | {DBA80257-4697-480E-85C6-87C23047E415}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 44 | {DBA80257-4697-480E-85C6-87C23047E415}.Debug|Any CPU.Build.0 = Debug|Any CPU 45 | {DBA80257-4697-480E-85C6-87C23047E415}.Release|Any CPU.ActiveCfg = Release|Any CPU 46 | {DBA80257-4697-480E-85C6-87C23047E415}.Release|Any CPU.Build.0 = Release|Any CPU 47 | {D75D71AF-EFEE-4C37-BD28-9BC11B2ADACA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 48 | {D75D71AF-EFEE-4C37-BD28-9BC11B2ADACA}.Debug|Any CPU.Build.0 = Debug|Any CPU 49 | {D75D71AF-EFEE-4C37-BD28-9BC11B2ADACA}.Release|Any CPU.ActiveCfg = Release|Any CPU 50 | {D75D71AF-EFEE-4C37-BD28-9BC11B2ADACA}.Release|Any CPU.Build.0 = Release|Any CPU 51 | {7CE53160-EA4F-4395-90FC-C1A10290BD62}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 52 | {7CE53160-EA4F-4395-90FC-C1A10290BD62}.Debug|Any CPU.Build.0 = Debug|Any CPU 53 | {7CE53160-EA4F-4395-90FC-C1A10290BD62}.Release|Any CPU.ActiveCfg = Release|Any CPU 54 | {7CE53160-EA4F-4395-90FC-C1A10290BD62}.Release|Any CPU.Build.0 = Release|Any CPU 55 | {09B56163-769A-4BEB-A3D0-A4BF41581125}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 56 | {09B56163-769A-4BEB-A3D0-A4BF41581125}.Debug|Any CPU.Build.0 = Debug|Any CPU 57 | {09B56163-769A-4BEB-A3D0-A4BF41581125}.Release|Any CPU.ActiveCfg = Release|Any CPU 58 | {09B56163-769A-4BEB-A3D0-A4BF41581125}.Release|Any CPU.Build.0 = Release|Any CPU 59 | {321D2524-A63F-403A-9F6E-5FA3772B7C70}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 60 | {321D2524-A63F-403A-9F6E-5FA3772B7C70}.Debug|Any CPU.Build.0 = Debug|Any CPU 61 | {321D2524-A63F-403A-9F6E-5FA3772B7C70}.Release|Any CPU.ActiveCfg = Release|Any CPU 62 | {321D2524-A63F-403A-9F6E-5FA3772B7C70}.Release|Any CPU.Build.0 = Release|Any CPU 63 | {D0BDF24D-5D22-4492-A4BF-5153423D2606}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 64 | {D0BDF24D-5D22-4492-A4BF-5153423D2606}.Debug|Any CPU.Build.0 = Debug|Any CPU 65 | {D0BDF24D-5D22-4492-A4BF-5153423D2606}.Release|Any CPU.ActiveCfg = Release|Any CPU 66 | {D0BDF24D-5D22-4492-A4BF-5153423D2606}.Release|Any CPU.Build.0 = Release|Any CPU 67 | EndGlobalSection 68 | GlobalSection(SolutionProperties) = preSolution 69 | HideSolutionNode = FALSE 70 | EndGlobalSection 71 | GlobalSection(ExtensibilityGlobals) = postSolution 72 | SolutionGuid = {ECE7B0F7-28D5-4824-9D7B-8673FE3DBF04} 73 | EndGlobalSection 74 | EndGlobal 75 | -------------------------------------------------------------------------------- /PermissionAccessControlHomePage.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/PermissionAccessControlHomePage.png -------------------------------------------------------------------------------- /PermissionParts/LinkedToModuleAttribute.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | 6 | namespace PermissionParts 7 | { 8 | [AttributeUsage(AttributeTargets.Field)] 9 | public class LinkedToModuleAttribute : Attribute 10 | { 11 | public PaidForModules PaidForModule { get; private set; } 12 | 13 | public LinkedToModuleAttribute(PaidForModules paidForModule) 14 | { 15 | PaidForModule = paidForModule; 16 | } 17 | } 18 | } -------------------------------------------------------------------------------- /PermissionParts/PaidForModules.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | 6 | namespace PermissionParts 7 | { 8 | /// 9 | /// This is an example of how you would manage what optional parts of your system a user can access 10 | /// NOTE: You can add Display attributes (as done on Permissions) to give more information about a module 11 | /// 12 | [Flags] 13 | public enum PaidForModules : long 14 | { 15 | None = 0, 16 | Feature1 = 1, 17 | Feature2 = 2, 18 | Feature3 = 4 19 | } 20 | } -------------------------------------------------------------------------------- /PermissionParts/PermissionChecker.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.ComponentModel; 6 | using System.Linq; 7 | 8 | namespace PermissionParts 9 | { 10 | public static class PermissionChecker 11 | { 12 | public static bool ThisPermissionIsAllowed(this string packedPermissions, string permissionName) 13 | { 14 | var usersPermissions = packedPermissions.UnpackPermissionsFromString().ToArray(); 15 | 16 | if (!Enum.TryParse(permissionName, true, out Permissions permissionToCheck)) 17 | throw new InvalidEnumArgumentException($"{permissionName} could not be converted to a {nameof(Permissions)}."); 18 | 19 | return usersPermissions.Contains(permissionToCheck); 20 | } 21 | } 22 | } -------------------------------------------------------------------------------- /PermissionParts/PermissionDisplay.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.ComponentModel.DataAnnotations; 7 | using System.Reflection; 8 | 9 | namespace PermissionParts 10 | { 11 | public class PermissionDisplay 12 | { 13 | public PermissionDisplay(string groupName, string name, string description, Permissions permission, 14 | string moduleName) 15 | { 16 | Permission = permission; 17 | GroupName = groupName; 18 | ShortName = name ?? throw new ArgumentNullException(nameof(name)); 19 | Description = description ?? throw new ArgumentNullException(nameof(description)); 20 | ModuleName = moduleName; 21 | } 22 | 23 | /// 24 | /// GroupName, which groups permissions working in the same area 25 | /// 26 | public string GroupName { get; private set; } 27 | /// 28 | /// ShortName of the permission - often says what it does, e.g. Read 29 | /// 30 | public string ShortName { get; private set; } 31 | /// 32 | /// Long description of what action this permission allows 33 | /// 34 | public string Description { get; private set; } 35 | /// 36 | /// Gives the actual permission 37 | /// 38 | public Permissions Permission { get; private set; } 39 | /// 40 | /// Contains an optional paidForModule that this feature is linked to 41 | /// 42 | public string ModuleName { get; private set; } 43 | 44 | 45 | /// 46 | /// This returns 47 | /// 48 | /// 49 | public static List GetPermissionsToDisplay(Type enumType) 50 | { 51 | var result = new List(); 52 | foreach (var permissionName in Enum.GetNames(enumType)) 53 | { 54 | var member = enumType.GetMember(permissionName); 55 | //This allows you to obsolete a permission and it won't be shown as a possible option, but is still there so you won't reuse the number 56 | var obsoleteAttribute = member[0].GetCustomAttribute(); 57 | if (obsoleteAttribute != null) 58 | continue; 59 | //If there is no DisplayAttribute then the Enum is not used 60 | var displayAttribute = member[0].GetCustomAttribute(); 61 | if (displayAttribute == null) 62 | continue; 63 | 64 | //Gets the optional PaidForModule that a permission can be linked to 65 | var moduleAttribute = member[0].GetCustomAttribute(); 66 | 67 | var permission = (Permissions)Enum.Parse(enumType, permissionName, false); 68 | 69 | result.Add(new PermissionDisplay(displayAttribute.GroupName, displayAttribute.Name, 70 | displayAttribute.Description, permission, moduleAttribute?.PaidForModule.ToString())); 71 | } 72 | 73 | return result; 74 | } 75 | } 76 | } -------------------------------------------------------------------------------- /PermissionParts/PermissionPackers.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Globalization; 7 | using System.Linq; 8 | 9 | namespace PermissionParts 10 | { 11 | public static class PermissionPackers 12 | { 13 | public const char PackType = 'H'; 14 | public const int PackedSize = 4; 15 | 16 | public static string FormDefaultPackPrefix() 17 | { 18 | return $"{PackType}{PackedSize:D1}-"; 19 | } 20 | 21 | public static string PackPermissionsIntoString(this IEnumerable permissions) 22 | { 23 | return permissions.Aggregate(FormDefaultPackPrefix(), (s, permission) => s + ((int) permission).ToString("X4")); 24 | } 25 | 26 | public static IEnumerable UnpackPermissionValuesFromString(this string packedPermissions) 27 | { 28 | var packPrefix = FormDefaultPackPrefix(); 29 | if (packedPermissions == null) 30 | throw new ArgumentNullException(nameof(packedPermissions)); 31 | if (!packedPermissions.StartsWith(packPrefix)) 32 | throw new InvalidOperationException("The format of the packed permissions is wrong" + 33 | $" - should start with {packPrefix}"); 34 | 35 | int index = packPrefix.Length; 36 | while (index < packedPermissions.Length) 37 | { 38 | yield return int.Parse(packedPermissions.Substring(index, PackedSize), NumberStyles.HexNumber); 39 | index += PackedSize; 40 | } 41 | } 42 | 43 | public static IEnumerable UnpackPermissionsFromString(this string packedPermissions) 44 | { 45 | return packedPermissions.UnpackPermissionValuesFromString().Select(x => ((Permissions) x)); 46 | } 47 | 48 | public static Permissions? FindPermissionViaName(this string permissionName) 49 | { 50 | return Enum.TryParse(permissionName, out Permissions permission) 51 | ? (Permissions?) permission 52 | : null; 53 | } 54 | 55 | } 56 | } -------------------------------------------------------------------------------- /PermissionParts/PermissionParts.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netstandard2.0 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /PermissionParts/Permissions.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.ComponentModel.DataAnnotations; 6 | 7 | namespace PermissionParts 8 | { 9 | public enum Permissions : short 10 | { 11 | NotSet = 0, //error condition 12 | 13 | //Here is an example of very detailed control over something 14 | [Display(GroupName = "Color", Name = "Read", Description = "Can read colors")] 15 | ColorRead = 0x10, 16 | [Display(GroupName = "Color", Name = "Create", Description = "Can create a color entry")] 17 | ColorCreate = 0x11, 18 | [Display(GroupName = "Color", Name = "Update", Description = "Can update a color entry")] 19 | ColorUpdate = 0x12, 20 | [Display(GroupName = "Color", Name = "Delete", Description = "Can delete a color entry")] 21 | ColorDelete = 0x13, 22 | 23 | [Display(GroupName = "UserAdmin", Name = "Read users", Description = "Can list User")] 24 | UserRead = 0x20, 25 | //This is an example of grouping multiple actions under one permission 26 | [Display(GroupName = "UserAdmin", Name = "Alter user", Description = "Can do anything to the User")] 27 | UserChange = 0x21, 28 | 29 | [Display(GroupName = "UserAdmin", Name = "Read Roles", Description = "Can list Role")] 30 | RoleRead = 0x28, 31 | [Display(GroupName = "UserAdmin", Name = "Change Role", Description = "Can create, update or delete a Role")] 32 | RoleChange = 0x29, 33 | 34 | //This is an example of a permission linked to a optional (paid for?) feature 35 | //The code that turns roles to permissions can 36 | //remove this permission if the user isn't allowed to access this feature 37 | [LinkedToModule(PaidForModules.Feature1)] 38 | [Display(GroupName = "Features", Name = "Feature1", Description = "Can access feature1")] 39 | Feature1Access = 0x30, 40 | [LinkedToModule(PaidForModules.Feature2)] 41 | [Display(GroupName = "Features", Name = "Feature2", Description = "Can access feature2")] 42 | Feature2Access = 0x31, 43 | 44 | //This is an example of what to do with permission you don't used anymore. 45 | //You don't want its number to be reused as it could cause problems 46 | //Just mark it as obsolete and the PermissionDisplay code won't show it 47 | [Obsolete] 48 | [Display(GroupName = "Old", Name = "Not used", Description = "example of old permission")] 49 | OldPermissionNotUsed = 0x40, 50 | 51 | [Display(GroupName = "DataAuth", Name = "Not used", Description = "Permissions aren't used in DataAuthWebApp")] 52 | DataAuthPermission 53 | } 54 | } -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PermissionAccessControl 2 | 3 | This is a GitHub repo containing example code that goes with two articles 4 | - [A better way to handle authorization in ASP.NET Core](https://www.thereformedprogrammer.net/a-better-way-to-handle-authorization-in-asp-net-core/). 5 | - [Handling data authorization ASP.NET Core and Entity Framework Core](https://www.thereformedprogrammer.net/part-2-handling-data-authorization-asp-net-core-and-entity-framework-core/) 6 | 7 | It contains a ASP.NET Core applications with extra code to implement feature or data authorization. All the ASP.NET Core applications use in-memory databases which are seeded on startup so it should run anywhere. 8 | 9 | MIT licence. 10 | 11 | Here is a example of the first application, [TestWebApp](https://github.com/JonPSmith/PermissionAccessControl/tree/master/TestWebApp), that covers feature authorization. 12 | 13 | ![permission access](https://github.com/JonPSmith/PermissionAccessControl/blob/master/PermissionAccessControlHomePage.png) 14 | 15 | ## Feature authorization 16 | 17 | The [TestWebApp](https://github.com/JonPSmith/PermissionAccessControl/tree/master/TestWebApp) 18 | is the application you can run to try out the feature authorization code in the article 19 | [A better way to handle authorization in ASP.NET Core](https://www.thereformedprogrammer.net/a-better-way-to-handle-authorization-in-asp-net-core/). 20 | 21 | Select the [TestWebApp](https://github.com/JonPSmith/PermissionAccessControl/tree/master/TestWebApp) 22 | as your startup application. When you run it you will see a list of users that you can log in as. 23 | Here are some comments on these: 24 | 25 | - Staff@g1.com: 26 | - This user can read the data in the Color controller, but can't change it (you get a "Access denied" error) 27 | - This user has "bought" access to Feature1, so a "Feature1" link is added to the nav block when they log in. 28 | - Manager@g1.com: 29 | - This user can read and write the data in the Color controller. 30 | - This user hasn't "bought" access to Feature1, so no "Feature1" link appears for them (and they get an "Access denied" error if you try to access it). 31 | 32 | ## Data authorization 33 | 34 | The [DataAuthWebApp](https://github.com/JonPSmith/PermissionAccessControl/tree/master/DataAuthWebApp) 35 | is the application you can run to try out the data authorization code in the article 36 | [Handling data authorization ASP.NET Core and Entity Framework Core](https://www.thereformedprogrammer.net/part-2-handling-data-authorization-asp-net-core-and-entity-framework-core/). 37 | 38 | Select the [DataAuthWebApp](https://github.com/JonPSmith/PermissionAccessControl/tree/master/DataAuthWebApp) 39 | as your startup application. When you run it you will see a list of users that you can log in as. 40 | Here are some comments on these: 41 | 42 | - Any user: 43 | - If you log in you can create some personal data via the "Personal Data" link in the nav block. That data is protected so only the user that created it can see it. 44 | _Remember - its a in-memory database so it loses anything you put in when you stop the application._ 45 | - Users D4u@g1.com, S4u@g1.com, T4u@g1.com, and Power@g1.com 46 | - These users can each access to the shops Dress4U, Shirt4U, Tie4U and DressPower respectively. You can list the shop's stock via the "Shop Stock" link in the nav bar. 47 | - 4uMan@g1.com: 48 | - This user is a district manager for the three ...4U shops (but not the DressPower shop) 49 | When that user list the stock via the "Shop Stock" link they get the stock of all three shops that they are a manager of. This shows how hierarchical access can be implemented. 50 | 51 | -------------------------------------------------------------------------------- /RolesToPermission/AuthorizationPolicyProvider.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Inventory Innovations, Inc. 2 | 3 | using System.Threading.Tasks; 4 | using Microsoft.AspNetCore.Authorization; 5 | using Microsoft.Extensions.Configuration; 6 | using Microsoft.Extensions.Options; 7 | 8 | namespace RolesToPermission 9 | { 10 | //thanks to https://www.jerriepelser.com/blog/creating-dynamic-authorization-policies-aspnet-core/ 11 | //And to GholamReza Rabbal see https://github.com/JonPSmith/PermissionAccessControl/issues/3 12 | 13 | public class AuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider 14 | { 15 | private readonly AuthorizationOptions _options; 16 | 17 | public AuthorizationPolicyProvider(IOptions options) : base(options) 18 | { 19 | _options = options.Value; 20 | } 21 | 22 | public override async Task GetPolicyAsync(string policyName) 23 | { 24 | //Unit tested shows this is quicker (and safer - see link to issue above) than the original version 25 | return await base.GetPolicyAsync(policyName) 26 | ?? new AuthorizationPolicyBuilder() 27 | .AddRequirements(new PermissionRequirement(policyName)) 28 | .Build(); 29 | } 30 | } 31 | } -------------------------------------------------------------------------------- /RolesToPermission/CalcAllowedPermissions.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using System.Reflection; 8 | using System.Security.Claims; 9 | using System.Threading.Tasks; 10 | using DataLayer.EfCode; 11 | using Microsoft.EntityFrameworkCore; 12 | using PermissionParts; 13 | 14 | namespace RolesToPermission 15 | { 16 | public class CalcAllowedPermissions : IDisposable 17 | { 18 | /// 19 | /// NOTE: This class is used in OnValidatePrincipal so it can't use DI, so I can't inject the DbContext here because that is dynamic. 20 | /// Therefore I can pass in the database options because that is a singleton 21 | /// From that the method can create a valid dbContext to access the database 22 | /// 23 | private readonly DbContextOptions _extraAuthDbContextOptions; 24 | 25 | private ExtraAuthorizeDbContext _context; 26 | 27 | public CalcAllowedPermissions(ExtraAuthorizeDbContext context) 28 | { 29 | _context = context; 30 | } 31 | 32 | public CalcAllowedPermissions(DbContextOptions extraAuthDbContextOptions) 33 | { 34 | _extraAuthDbContextOptions = extraAuthDbContextOptions; 35 | } 36 | 37 | /// 38 | /// This is called if the Permissions that a user needs calculating. 39 | /// 40 | /// 41 | /// 42 | public async Task CalcPermissionsForUser(IEnumerable claims) 43 | { 44 | var usersRoles = claims.Where(x => x.Type == ClaimTypes.Role).Select(x => x.Value) 45 | .ToList(); 46 | 47 | var dbContext = GetContext(); 48 | //This gets all the permissions, with a distinct to remove duplicates 49 | var permissionsForUser = await dbContext.RolesToPermissions.Where(x => usersRoles.Contains(x.RoleName)) 50 | .SelectMany(x => x.PermissionsInRole) 51 | .Distinct() 52 | .ToListAsync(); 53 | //we get the modules this user is allowed to see 54 | var userModules = 55 | dbContext.ModulesForUsers.Find(claims.SingleOrDefault(x => x.Type == ClaimTypes.NameIdentifier).Value) 56 | ?.AllowedPaidForModules ?? PaidForModules.None; 57 | //Now we remove permissions that are linked to modules that the user has no access to 58 | var filteredPermissions = 59 | from permission in permissionsForUser 60 | let moduleAttr = typeof(Permissions).GetMember(permission.ToString())[0] 61 | .GetCustomAttribute() 62 | where moduleAttr == null || userModules.HasFlag(moduleAttr.PaidForModule) 63 | select permission; 64 | 65 | return filteredPermissions.PackPermissionsIntoString(); 66 | } 67 | 68 | private ExtraAuthorizeDbContext GetContext() 69 | { 70 | return _context ?? new ExtraAuthorizeDbContext(_extraAuthDbContextOptions); 71 | } 72 | 73 | #region IDisposable Support 74 | 75 | protected virtual void Dispose(bool disposing) 76 | { 77 | if (_extraAuthDbContextOptions != null && _context != null) 78 | { 79 | if (disposing) 80 | { 81 | _context.Dispose(); 82 | } 83 | 84 | // TODO: free unmanaged resources (unmanaged objects) and override a finalizer below. 85 | // TODO: set large fields to null. 86 | _context = null; 87 | } 88 | } 89 | 90 | // TODO: override a finalizer only if Dispose(bool disposing) above has code to free unmanaged resources. 91 | // ~CalcAllowedPermissions() { 92 | // // Do not change this code. Put cleanup code in Dispose(bool disposing) above. 93 | // Dispose(false); 94 | // } 95 | 96 | // This code added to correctly implement the disposable pattern. 97 | public void Dispose() 98 | { 99 | // Do not change this code. Put cleanup code in Dispose(bool disposing) above. 100 | Dispose(true); 101 | // TODO: uncomment the following line if the finalizer is overridden above. 102 | // GC.SuppressFinalize(this); 103 | } 104 | #endregion 105 | } 106 | } -------------------------------------------------------------------------------- /RolesToPermission/HasPermissionAttribute.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using Microsoft.AspNetCore.Authorization; 6 | using PermissionParts; 7 | 8 | namespace RolesToPermission 9 | { 10 | [AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, Inherited = false)] 11 | public class HasPermissionAttribute : AuthorizeAttribute 12 | { 13 | public HasPermissionAttribute(Permissions permission) : base(permission.ToString()) 14 | { } 15 | } 16 | } -------------------------------------------------------------------------------- /RolesToPermission/PermissionConstants.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | namespace RolesToPermission 5 | { 6 | public static class PermissionConstants 7 | { 8 | public const string PackedPermissionClaimType = "Permissions"; 9 | 10 | } 11 | } -------------------------------------------------------------------------------- /RolesToPermission/PermissionExtensions.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Linq; 5 | using System.Security.Claims; 6 | using PermissionParts; 7 | 8 | namespace RolesToPermission 9 | { 10 | public static class PermissionExtensions 11 | { 12 | /// 13 | /// This returns true if the current user has the permission 14 | /// 15 | /// 16 | /// 17 | /// 18 | public static bool UserHasThisPermission(this ClaimsPrincipal user, Permissions permission) 19 | { 20 | var permissionClaim = 21 | user?.Claims.SingleOrDefault(x => x.Type == PermissionConstants.PackedPermissionClaimType); 22 | return permissionClaim?.Value.UnpackPermissionsFromString().Contains(permission) == true; 23 | } 24 | } 25 | } -------------------------------------------------------------------------------- /RolesToPermission/PermissionHandler.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Linq; 5 | using System.Threading.Tasks; 6 | using Microsoft.AspNetCore.Authorization; 7 | using PermissionParts; 8 | 9 | namespace RolesToPermission 10 | { 11 | //thanks to https://www.jerriepelser.com/blog/creating-dynamic-authorization-policies-aspnet-core/ 12 | 13 | public class PermissionHandler : AuthorizationHandler 14 | { 15 | protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) 16 | { 17 | var permissionsClaim = 18 | context.User.Claims.SingleOrDefault(c => c.Type == PermissionConstants.PackedPermissionClaimType); 19 | // If user does not have the scope claim, get out of here 20 | if (permissionsClaim == null) 21 | return Task.CompletedTask; 22 | 23 | if (permissionsClaim.Value.ThisPermissionIsAllowed(requirement.PermissionName)) 24 | context.Succeed(requirement); 25 | 26 | return Task.CompletedTask; 27 | } 28 | } 29 | } -------------------------------------------------------------------------------- /RolesToPermission/PermissionRequirement.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using Microsoft.AspNetCore.Authorization; 6 | 7 | namespace RolesToPermission 8 | { 9 | public class PermissionRequirement : IAuthorizationRequirement 10 | { 11 | public PermissionRequirement(string permissionName) 12 | { 13 | PermissionName = permissionName ?? throw new ArgumentNullException(nameof(permissionName)); 14 | } 15 | 16 | public string PermissionName { get; } 17 | } 18 | } -------------------------------------------------------------------------------- /RolesToPermission/RolesToPermission.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | -------------------------------------------------------------------------------- /StartupCode/StartupCode.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | -------------------------------------------------------------------------------- /StartupCode/UserInfoJson.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | 6 | namespace StartupCode 7 | { 8 | public class UserInfoJson 9 | { 10 | /// 11 | /// User's Email, which is also their password 12 | /// 13 | public string Email { get; set; } 14 | /// 15 | /// List of RoleNames, comma delimited 16 | /// 17 | public string RolesCommaDelimited { get; set; } 18 | /// 19 | /// List of Module Names, comma delimited 20 | /// 21 | public string ModulesCommaDelimited { get; set; } 22 | /// 23 | /// Various Data authorization data 24 | /// 25 | public string ShopNames { get; set; } 26 | } 27 | } -------------------------------------------------------------------------------- /Test/Mocks/MockGetClaimsProvider.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using DataAuthorize; 6 | 7 | namespace Test.Mocks 8 | { 9 | public class MockGetClaimsProvider : IGetClaimsProvider 10 | { 11 | public MockGetClaimsProvider(string userId, int shopKey, string districtManagerId) 12 | { 13 | UserId = userId ?? throw new ArgumentNullException(nameof(userId)); 14 | ShopKey = shopKey; 15 | DistrictManagerId = districtManagerId; 16 | } 17 | 18 | public string UserId { get; } 19 | public int ShopKey { get; } 20 | public string DistrictManagerId { get; } 21 | 22 | } 23 | } -------------------------------------------------------------------------------- /Test/Test.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | 6 | false 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | -------------------------------------------------------------------------------- /Test/UnitTests/TestAuthorizationPolicyPerformance.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Threading.Tasks; 6 | using Microsoft.AspNetCore.Authorization; 7 | using Microsoft.Extensions.Configuration; 8 | using Microsoft.Extensions.Options; 9 | using RolesToPermission; 10 | using TestSupport.EfHelpers; 11 | using Xunit; 12 | using Xunit.Abstractions; 13 | 14 | namespace Test.UnitTests 15 | { 16 | public class TestAuthorizationPolicyPerformance 17 | { 18 | private ITestOutputHelper _output; 19 | 20 | public TestAuthorizationPolicyPerformance(ITestOutputHelper output) 21 | { 22 | _output = output; 23 | } 24 | 25 | [Fact] 26 | public async Task ComparePerformance() 27 | { 28 | //SETUP 29 | var random = new Random(1); 30 | const int numTimes = 1000; 31 | 32 | var original = new OriginalAuthorizationPolicyProvider( 33 | new OptionsWrapper(new AuthorizationOptions())); 34 | var simplified = new SimplifiedAuthorizationPolicyProvider( 35 | new OptionsWrapper(new AuthorizationOptions())); 36 | 37 | for (int i = 0; i < 10; i++) 38 | { 39 | await original.GetPolicyAsync(random.Next(1, 10).ToString("D10")); 40 | await simplified.GetPolicyAsync(random.Next(1, 10).ToString("D10")); 41 | } 42 | 43 | //ATTEMPT 44 | using (new TimeThings(_output, "Original", numTimes)) 45 | { 46 | for (int i = 0; i < numTimes; i++) 47 | { 48 | await original.GetPolicyAsync(random.Next(1, 40).ToString("D10")); 49 | } 50 | } 51 | using (new TimeThings(_output, "Simplified", numTimes)) 52 | { 53 | for (int i = 0; i < numTimes; i++) 54 | { 55 | await simplified.GetPolicyAsync(random.Next(1, 40).ToString("D10")); 56 | } 57 | } 58 | 59 | //VERIFY 60 | 61 | } 62 | } 63 | 64 | 65 | public class OriginalAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider 66 | { 67 | private readonly AuthorizationOptions _options; 68 | 69 | public OriginalAuthorizationPolicyProvider(IOptions options) : base(options) 70 | { 71 | _options = options.Value; 72 | } 73 | 74 | public override async Task GetPolicyAsync(string policyName) 75 | { 76 | var policy = await base.GetPolicyAsync(policyName); 77 | 78 | if (policy == null) 79 | { 80 | policy = new AuthorizationPolicyBuilder() 81 | .AddRequirements(new PermissionRequirement(policyName)) 82 | .Build(); 83 | 84 | // Add policy to the AuthorizationOptions, so we don't have to re-create it each time 85 | _options.AddPolicy(policyName, policy); 86 | } 87 | return policy; 88 | } 89 | } 90 | 91 | public class SimplifiedAuthorizationPolicyProvider : DefaultAuthorizationPolicyProvider 92 | { 93 | private readonly AuthorizationOptions _options; 94 | 95 | public SimplifiedAuthorizationPolicyProvider(IOptions options) : base(options) 96 | { 97 | _options = options.Value; 98 | 99 | } 100 | 101 | public override async Task GetPolicyAsync(string policyName) 102 | { 103 | var policy = await base.GetPolicyAsync(policyName) ?? new AuthorizationPolicyBuilder() 104 | .AddRequirements(new PermissionRequirement(policyName)) 105 | .Build(); 106 | 107 | return policy ; 108 | } 109 | } 110 | } -------------------------------------------------------------------------------- /Test/UnitTests/TestMultiTenantDbContext.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT licence. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | using System.Linq; 6 | using DataLayer.EfClasses.MultiTenantClasses; 7 | using DataLayer.EfCode; 8 | using Microsoft.EntityFrameworkCore; 9 | using Test.Mocks; 10 | using TestSupport.EfHelpers; 11 | using Xunit; 12 | using Xunit.Extensions.AssertExtensions; 13 | 14 | namespace Test.UnitTests 15 | { 16 | public class TestMultiTenantDbContext 17 | { 18 | 19 | 20 | [Fact] 21 | public void TestCreateValidDatabaseOk() 22 | { 23 | //SETUP 24 | var options = SqliteInMemory.CreateOptions(); 25 | using (var context = new MultiTenantDbContext(options, new MockGetClaimsProvider("user-id", 0, null))) 26 | { 27 | context.Database.EnsureCreated(); 28 | 29 | //ATTEMPT 30 | var shop1 = new Shop {Name = "Test1"}; 31 | var shop2 = new Shop {Name = "Test2"}; 32 | context.AddRange(shop1, shop2); 33 | context.SaveChanges(); 34 | 35 | //VERIFY 36 | context.Shops.IgnoreQueryFilters().Count().ShouldEqual(2); 37 | } 38 | } 39 | 40 | [Theory] 41 | [InlineData(1, null, "shop2")] 42 | [InlineData(123, "manager-id", "shop1")] 43 | public void TestShopHierarchicalFilterOk(int shopKey, string districtManagerId, string stockName) 44 | { 45 | //SETUP 46 | var options = SqliteInMemory.CreateOptions(); 47 | using (var context = 48 | new MultiTenantDbContext(options, new MockGetClaimsProvider("user-id", 0, "manager-id"))) 49 | { 50 | context.Database.EnsureCreated(); 51 | 52 | var mUser = new MultiTenantUser 53 | { 54 | UserId = "manager-id", 55 | IsDistrictManager = true 56 | }; 57 | var shop1 = new Shop {Name = "shop1", DistrictManager = mUser}; 58 | var shop2 = new Shop {Name = "shop2"}; 59 | context.AddRange(shop1, shop2); 60 | context.SaveChanges(); 61 | var stock1 = new StockInfo 62 | {Name = shop1.Name, NumInStock = 10, AtShop = shop1, DistrictManagerId = shop1.DistrictManagerId}; 63 | var stock2 = new StockInfo 64 | {Name = shop2.Name, NumInStock = 10, AtShop = shop2, DistrictManagerId = shop2.DistrictManagerId}; 65 | context.AddRange(stock1, stock2); 66 | context.SaveChanges(); 67 | } 68 | using (var context = new MultiTenantDbContext(options, new MockGetClaimsProvider("user-id", shopKey, districtManagerId))) 69 | { 70 | 71 | //ATTEMPT 72 | var filtered = context.CurrentStock.ToList(); 73 | 74 | //VERIFY 75 | filtered.Count.ShouldEqual(1); 76 | filtered.Single().Name.ShouldEqual(stockName); 77 | } 78 | } 79 | 80 | [Theory] 81 | [InlineData(1, null, "shop2")] 82 | [InlineData(123, "manager-id", "shop1")] 83 | public void TestShopHierarchicalFilterWithIncludeOk(int shopKey, string districtManagerId, string stockName) 84 | { 85 | //SETUP 86 | var options = SqliteInMemory.CreateOptions(); 87 | using (var context = 88 | new MultiTenantDbContext(options, new MockGetClaimsProvider("user-id", 0, "manager-id"))) 89 | { 90 | context.Database.EnsureCreated(); 91 | 92 | var mUser = new MultiTenantUser 93 | { 94 | UserId = "manager-id", 95 | IsDistrictManager = true 96 | }; 97 | var shop1 = new Shop { Name = "shop1", DistrictManager = mUser }; 98 | var shop2 = new Shop { Name = "shop2" }; 99 | context.AddRange(shop1, shop2); 100 | context.SaveChanges(); 101 | var stock1 = new StockInfo 102 | { Name = shop1.Name, NumInStock = 10, AtShop = shop1, DistrictManagerId = shop1.DistrictManagerId }; 103 | var stock2 = new StockInfo 104 | { Name = shop2.Name, NumInStock = 10, AtShop = shop2, DistrictManagerId = shop2.DistrictManagerId }; 105 | context.AddRange(stock1, stock2); 106 | context.SaveChanges(); 107 | } 108 | using (var context = new MultiTenantDbContext(options, new MockGetClaimsProvider("user-id", shopKey, districtManagerId))) 109 | { 110 | 111 | //ATTEMPT 112 | var filtered = context.CurrentStock.Include(x => x.AtShop).ToList(); 113 | 114 | //VERIFY 115 | filtered.Count.ShouldEqual(1); 116 | filtered.Single().Name.ShouldEqual(stockName); 117 | } 118 | } 119 | } 120 | 121 | } -------------------------------------------------------------------------------- /TestWebApp/AddPermissionsToUserClaims.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2019 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Security.Claims; 5 | using System.Threading.Tasks; 6 | using DataLayer.EfCode; 7 | using Microsoft.AspNetCore.Identity; 8 | using Microsoft.EntityFrameworkCore; 9 | using Microsoft.Extensions.Options; 10 | using RolesToPermission; 11 | 12 | namespace TestWebApp 13 | { 14 | //thanks to https://korzh.com/blogs/net-tricks/aspnet-identity-store-user-data-in-claims 15 | public class AddPermissionsToUserClaims : UserClaimsPrincipalFactory 16 | { 17 | private readonly ExtraAuthorizeDbContext _extraAuthDbContext; 18 | 19 | public AddPermissionsToUserClaims( 20 | UserManager userManager, 21 | RoleManager roleManager, 22 | IOptions optionsAccessor, 23 | ExtraAuthorizeDbContext extraAuthDbContext) 24 | : base(userManager, roleManager, optionsAccessor) 25 | { 26 | _extraAuthDbContext = extraAuthDbContext; 27 | } 28 | 29 | protected override async Task GenerateClaimsAsync(IdentityUser user) 30 | { 31 | var identity = await base.GenerateClaimsAsync(user); 32 | var rtoPCalcer = new CalcAllowedPermissions(_extraAuthDbContext); 33 | identity.AddClaim(new Claim(PermissionConstants.PackedPermissionClaimType, 34 | await rtoPCalcer.CalcPermissionsForUser(identity.Claims))); 35 | return identity; 36 | } 37 | } 38 | } -------------------------------------------------------------------------------- /TestWebApp/Areas/Identity/Pages/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "/Views/Shared/_Layout.cshtml"; 3 | } 4 | -------------------------------------------------------------------------------- /TestWebApp/AuthCookieValidate.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | using System.Linq; 6 | using System.Security.Claims; 7 | using System.Threading.Tasks; 8 | using Microsoft.AspNetCore.Authentication.Cookies; 9 | using RolesToPermission; 10 | 11 | namespace TestWebApp 12 | { 13 | public class AuthCookieValidate 14 | { 15 | /// 16 | /// This is the code that can calculates the permissions for a user 17 | /// 18 | private readonly CalcAllowedPermissions _rtoPCalcer; 19 | 20 | public AuthCookieValidate(CalcAllowedPermissions rtoPCalcer) 21 | { 22 | _rtoPCalcer = rtoPCalcer; 23 | } 24 | 25 | public async Task ValidateAsync(CookieValidatePrincipalContext context) 26 | { 27 | if (context.Principal.Claims.Any(x => x.Type == PermissionConstants.PackedPermissionClaimType)) 28 | return; 29 | 30 | //No permissions in the claims, so we need to add it. This is only happen once after the user has logged in 31 | var claims = new List(); 32 | claims.AddRange(context.Principal.Claims); //Copy over existing claims 33 | //Now calculate the Permissions Claim value and add it 34 | claims.Add(new Claim(PermissionConstants.PackedPermissionClaimType, 35 | await _rtoPCalcer.CalcPermissionsForUser(context.Principal.Claims))); 36 | 37 | //Build a new ClaimsPrincipal and use it to replace the current ClaimsPrincipal 38 | var identity = new ClaimsIdentity(claims, "Cookie"); 39 | var newPrincipal = new ClaimsPrincipal(identity); 40 | context.ReplacePrincipal(newPrincipal); 41 | //THIS IS IMPORTANT: This updates the cookie, otherwise this calc will be done every HTTP request 42 | context.ShouldRenew = true; 43 | } 44 | } 45 | } -------------------------------------------------------------------------------- /TestWebApp/Controllers/ColorController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using Microsoft.AspNetCore.Http; 6 | using Microsoft.AspNetCore.Mvc; 7 | using PermissionParts; 8 | using RolesToPermission; 9 | 10 | namespace TestWebApp.Controllers 11 | { 12 | public class ColorController : Controller 13 | { 14 | private static readonly List MyData = new List{ "Red", "Blue", "Green", "Yellow"}; 15 | 16 | [HasPermission(Permissions.ColorRead)] 17 | public ActionResult Index() 18 | { 19 | return View(MyData); 20 | } 21 | 22 | [HasPermission(Permissions.ColorCreate)] 23 | public ActionResult Create() 24 | { 25 | return View(); 26 | } 27 | 28 | [HasPermission(Permissions.ColorCreate)] 29 | [HttpPost] 30 | [ValidateAntiForgeryToken] 31 | public ActionResult Create(IFormCollection collection) 32 | { 33 | try 34 | { 35 | // TODO: Add insert logic here 36 | MyData.Add(collection["Data"]); 37 | return RedirectToAction(nameof(Index)); 38 | } 39 | catch 40 | { 41 | return View(); 42 | } 43 | } 44 | 45 | [HasPermission(Permissions.ColorDelete)] 46 | public ActionResult Delete(int id) 47 | { 48 | MyData.RemoveAt(id); 49 | return RedirectToAction(nameof(Index)); 50 | } 51 | } 52 | } -------------------------------------------------------------------------------- /TestWebApp/Controllers/ColorRoleController.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | using Microsoft.AspNetCore.Authorization; 6 | using Microsoft.AspNetCore.Http; 7 | using Microsoft.AspNetCore.Mvc; 8 | 9 | 10 | namespace TestWebApp.Controllers 11 | { 12 | public class ColorRoleController : Controller 13 | { 14 | private static readonly List MyData = new List { "Red", "Blue", "Green", "Yellow" }; 15 | 16 | [Authorize(Roles = "Staff,Manager")] 17 | public ActionResult Index() 18 | { 19 | return View(MyData); 20 | } 21 | 22 | [Authorize(Roles = "Manager")] 23 | public ActionResult Create() 24 | { 25 | return View(); 26 | } 27 | 28 | [Authorize(Roles = "Manager")] 29 | [HttpPost] 30 | [ValidateAntiForgeryToken] 31 | public ActionResult Create(IFormCollection collection) 32 | { 33 | try 34 | { 35 | // TODO: Add insert logic here 36 | MyData.Add(collection["Data"]); 37 | return RedirectToAction(nameof(Index)); 38 | } 39 | catch 40 | { 41 | return View(); 42 | } 43 | } 44 | 45 | [Authorize(Roles = "Manager")] 46 | public ActionResult Delete(int id) 47 | { 48 | MyData.RemoveAt(id); 49 | return RedirectToAction(nameof(Index)); 50 | } 51 | 52 | } 53 | } -------------------------------------------------------------------------------- /TestWebApp/Controllers/Feature1Controller.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using Microsoft.AspNetCore.Mvc; 5 | using PermissionParts; 6 | using RolesToPermission; 7 | 8 | namespace TestWebApp.Controllers 9 | { 10 | public class Feature1Controller : Controller 11 | { 12 | [HasPermission(Permissions.Feature1Access)] 13 | public IActionResult Index() 14 | { 15 | return 16 | View(); 17 | } 18 | } 19 | } -------------------------------------------------------------------------------- /TestWebApp/Controllers/HomeController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Diagnostics; 4 | using System.Linq; 5 | using System.Threading.Tasks; 6 | using DataLayer.EfCode; 7 | using Microsoft.AspNetCore.Mvc; 8 | using TestWebApp.Data; 9 | using TestWebApp.DisplayCode; 10 | using TestWebApp.Models; 11 | 12 | namespace TestWebApp.Controllers 13 | { 14 | public class HomeController : Controller 15 | { 16 | public IActionResult Index([FromServices]ApplicationDbContext applicationDbContext, 17 | [FromServices] ExtraAuthorizeDbContext extraAuthorizeDbContext) 18 | { 19 | var userLister = new ListUsers(applicationDbContext, extraAuthorizeDbContext); 20 | var roleLister = new ListRoles(extraAuthorizeDbContext); 21 | 22 | return View(new HomePageDto(userLister.ListUserWithRolesAndModules(), roleLister.ListRolesWithPermissionsExplained().ToList())); 23 | } 24 | 25 | public IActionResult About() 26 | { 27 | ViewData["Message"] = "Your application description page."; 28 | 29 | return View(); 30 | } 31 | 32 | public IActionResult Contact() 33 | { 34 | ViewData["Message"] = "Your contact page."; 35 | 36 | return View(); 37 | } 38 | 39 | public IActionResult Privacy() 40 | { 41 | return View(); 42 | } 43 | 44 | [ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] 45 | public IActionResult Error() 46 | { 47 | return View(new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); 48 | } 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /TestWebApp/Controllers/UsersController.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using DataLayer.EfCode; 5 | using Microsoft.AspNetCore.Mvc; 6 | using PermissionParts; 7 | using TestWebApp.Data; 8 | using TestWebApp.DisplayCode; 9 | 10 | namespace TestWebApp.Controllers 11 | { 12 | public class UsersController : Controller 13 | { 14 | private readonly ApplicationDbContext _applicationDbContext; 15 | private readonly ExtraAuthorizeDbContext _extraAuthorizeDbContext; 16 | 17 | public UsersController(ApplicationDbContext applicationDbContext, ExtraAuthorizeDbContext extraAuthorizeDbContext) 18 | { 19 | _applicationDbContext = applicationDbContext; 20 | _extraAuthorizeDbContext = extraAuthorizeDbContext; 21 | } 22 | 23 | public IActionResult Index() 24 | { 25 | return View(HttpContext.User); 26 | } 27 | 28 | public IActionResult List() 29 | { 30 | var lister = new ListUsers(_applicationDbContext, _extraAuthorizeDbContext); 31 | 32 | return View(lister.ListUserWithRolesAndModules()); 33 | } 34 | 35 | 36 | public IActionResult Roles() 37 | { 38 | var roles = _extraAuthorizeDbContext.RolesToPermissions.ToList(); 39 | return View(roles); 40 | } 41 | 42 | public IActionResult Permissions() 43 | { 44 | return View(PermissionDisplay.GetPermissionsToDisplay(typeof(Permissions))); 45 | } 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /TestWebApp/Data/ApplicationDbContext.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Text; 4 | using Microsoft.AspNetCore.Identity.EntityFrameworkCore; 5 | using Microsoft.EntityFrameworkCore; 6 | 7 | namespace TestWebApp.Data 8 | { 9 | public class ApplicationDbContext : IdentityDbContext 10 | { 11 | public ApplicationDbContext(DbContextOptions options) 12 | : base(options) 13 | { 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /TestWebApp/DisplayCode/HomePageDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | 7 | namespace TestWebApp.DisplayCode 8 | { 9 | public class HomePageDto 10 | { 11 | public HomePageDto(List user, List roles) 12 | { 13 | User = user ?? throw new ArgumentNullException(nameof(user)); 14 | Roles = roles ?? throw new ArgumentNullException(nameof(roles)); 15 | } 16 | 17 | public List User { get; set; } 18 | public List Roles { get; set; } 19 | } 20 | } -------------------------------------------------------------------------------- /TestWebApp/DisplayCode/ListRoles.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System.Collections.Generic; 5 | using System.ComponentModel.DataAnnotations; 6 | using System.Linq; 7 | using System.Reflection; 8 | using DataLayer.EfCode; 9 | using PermissionParts; 10 | using TestWebApp.Data; 11 | 12 | namespace TestWebApp.DisplayCode 13 | { 14 | public class ListRoles 15 | { 16 | private readonly ExtraAuthorizeDbContext _extraAuthorizeDbContext; 17 | 18 | public ListRoles(ExtraAuthorizeDbContext extraAuthorizeDbContext) 19 | { 20 | _extraAuthorizeDbContext = extraAuthorizeDbContext; 21 | } 22 | 23 | public IEnumerable ListRolesWithPermissionsExplained() 24 | { 25 | foreach (var roleToPermissions in _extraAuthorizeDbContext.RolesToPermissions) 26 | { 27 | var permissionsWithDesc = 28 | from permission in roleToPermissions.PermissionsInRole 29 | let displayAttr = typeof(Permissions).GetMember(permission.ToString())[0] 30 | .GetCustomAttribute() 31 | let moduleAttr = typeof(Permissions).GetMember(permission.ToString())[0] 32 | .GetCustomAttribute() 33 | select new PermissionWithDesc(permission.ToString(), displayAttr?.Description, moduleAttr?.PaidForModule.ToString()); 34 | yield return new RolesListDto(roleToPermissions.RoleName, permissionsWithDesc.ToList()); 35 | } 36 | } 37 | 38 | } 39 | } -------------------------------------------------------------------------------- /TestWebApp/DisplayCode/ListUsers.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using DataLayer.EfCode; 8 | using PermissionParts; 9 | using TestWebApp.Data; 10 | 11 | namespace TestWebApp.DisplayCode 12 | { 13 | 14 | public class ListUsers 15 | { 16 | private readonly ApplicationDbContext _applicationDbContext; 17 | private readonly ExtraAuthorizeDbContext _extraAuthorizeDbContext; 18 | 19 | public ListUsers(ApplicationDbContext applicationDbContext, ExtraAuthorizeDbContext extraAuthorizeDbContext) 20 | { 21 | _applicationDbContext = applicationDbContext ?? throw new ArgumentNullException(nameof(applicationDbContext)); 22 | _extraAuthorizeDbContext = extraAuthorizeDbContext ?? throw new ArgumentNullException(nameof(extraAuthorizeDbContext)); 23 | } 24 | 25 | public List ListUserWithRolesAndModules() 26 | { 27 | var rolesWithUserIds = _applicationDbContext.UserRoles 28 | .Select(x => new { _applicationDbContext.Roles.Single(y => y.Id == x.RoleId).Name, x.UserId }).ToList(); 29 | 30 | var result = new List(); 31 | foreach (var user in _applicationDbContext.Users) 32 | { 33 | var thisUserModules = _extraAuthorizeDbContext.ModulesForUsers.Find(user.Id)?.AllowedPaidForModules ?? 34 | PaidForModules.None; 35 | result.Add(new UserListDto(user.UserName, 36 | string.Join(", ", rolesWithUserIds.Where(x => x.UserId == user.Id).Select(x => x.Name)), 37 | thisUserModules.ToString() 38 | )); 39 | } 40 | 41 | return result; 42 | } 43 | } 44 | } -------------------------------------------------------------------------------- /TestWebApp/DisplayCode/RolesListDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | using System.Collections.Generic; 6 | 7 | namespace TestWebApp.DisplayCode 8 | { 9 | public class RolesListDto 10 | { 11 | public RolesListDto(string roleName, List permissionsWithDesc) 12 | { 13 | RoleName = roleName ?? throw new ArgumentNullException(nameof(roleName)); 14 | PermissionsWithDesc = permissionsWithDesc ?? throw new ArgumentNullException(nameof(permissionsWithDesc)); 15 | } 16 | 17 | public string RoleName { get; set; } 18 | public List PermissionsWithDesc { get; set; } 19 | } 20 | 21 | public class PermissionWithDesc 22 | { 23 | public PermissionWithDesc(string permissionName, string description, string linkedToModule) 24 | { 25 | PermissionName = permissionName ?? throw new ArgumentNullException(nameof(permissionName)); 26 | Description = description ?? throw new ArgumentNullException(nameof(description)); 27 | LinkedToModule = linkedToModule; 28 | } 29 | 30 | public string PermissionName { get; set; } 31 | public string Description { get; set; } 32 | public string LinkedToModule { get; set; } 33 | } 34 | } -------------------------------------------------------------------------------- /TestWebApp/DisplayCode/UserListDto.cs: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2018 Jon P Smith, GitHub: JonPSmith, web: http://www.thereformedprogrammer.net/ 2 | // Licensed under MIT license. See License.txt in the project root for license information. 3 | 4 | using System; 5 | 6 | namespace TestWebApp.DisplayCode 7 | { 8 | public class UserListDto 9 | { 10 | public UserListDto(string email, string roleNames, string moduleNames) 11 | { 12 | Email = email ?? throw new ArgumentNullException(nameof(email)); 13 | RoleNames = roleNames ?? throw new ArgumentNullException(nameof(roleNames)); 14 | ModuleNames = moduleNames ?? throw new ArgumentNullException(nameof(moduleNames)); 15 | } 16 | 17 | public string Email { get; set; } 18 | public string RoleNames { get; set; } 19 | public string ModuleNames { get; set; } 20 | 21 | 22 | } 23 | } -------------------------------------------------------------------------------- /TestWebApp/Models/ErrorViewModel.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | 3 | namespace TestWebApp.Models 4 | { 5 | public class ErrorViewModel 6 | { 7 | public string RequestId { get; set; } 8 | 9 | public bool ShowRequestId => !string.IsNullOrEmpty(RequestId); 10 | } 11 | } -------------------------------------------------------------------------------- /TestWebApp/Program.cs: -------------------------------------------------------------------------------- 1 | using System.Threading.Tasks; 2 | using DataLayer.EfCode; 3 | using Microsoft.AspNetCore; 4 | using Microsoft.AspNetCore.Hosting; 5 | using Microsoft.Extensions.DependencyInjection; 6 | using StartupCode; 7 | using TestWebApp.Data; 8 | 9 | namespace TestWebApp 10 | { 11 | public class Program 12 | { 13 | public static async Task Main(string[] args) 14 | { 15 | (await BuildWebHostAsync(args)).Run(); 16 | } 17 | 18 | private static async Task BuildWebHostAsync(string[] args) 19 | { 20 | var webHost = WebHost.CreateDefaultBuilder(args) 21 | .UseStartup() 22 | .Build(); 23 | 24 | //Because I am using in-memory databases I need to make sure they are created 25 | //before my startup code tries to use them 26 | SetupDatabases(webHost); 27 | await webHost.Services.AddUsersAndExtraAuthAsync(); 28 | return webHost; 29 | } 30 | 31 | 32 | private static void SetupDatabases(IWebHost webHost) 33 | { 34 | using (var scope = webHost.Services.CreateScope()) 35 | { 36 | var services = scope.ServiceProvider; 37 | using (var context = services.GetRequiredService()) 38 | { 39 | context.Database.EnsureCreated(); 40 | } 41 | using (var context = services.GetRequiredService()) 42 | { 43 | context.Database.EnsureCreated(); 44 | } 45 | } 46 | } 47 | } 48 | } 49 | -------------------------------------------------------------------------------- /TestWebApp/Properties/launchSettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "iisSettings": { 3 | "windowsAuthentication": false, 4 | "anonymousAuthentication": true, 5 | "iisExpress": { 6 | "applicationUrl": "http://localhost:54897", 7 | "sslPort": 44361 8 | } 9 | }, 10 | "profiles": { 11 | "IIS Express": { 12 | "commandName": "IISExpress", 13 | "launchBrowser": true, 14 | "environmentVariables": { 15 | "ASPNETCORE_ENVIRONMENT": "Development" 16 | } 17 | }, 18 | "TestWebApp": { 19 | "commandName": "Project", 20 | "launchBrowser": true, 21 | "applicationUrl": "https://localhost:5001;http://localhost:5000", 22 | "environmentVariables": { 23 | "ASPNETCORE_ENVIRONMENT": "Development" 24 | } 25 | } 26 | } 27 | } -------------------------------------------------------------------------------- /TestWebApp/Startup.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Threading.Tasks; 5 | using DataLayer.EfCode; 6 | using Microsoft.AspNetCore.Authentication.Cookies; 7 | using Microsoft.AspNetCore.Authorization; 8 | using Microsoft.AspNetCore.Builder; 9 | using Microsoft.AspNetCore.Identity; 10 | using Microsoft.AspNetCore.Hosting; 11 | using Microsoft.AspNetCore.Http; 12 | using Microsoft.AspNetCore.HttpsPolicy; 13 | using Microsoft.AspNetCore.Mvc; 14 | using Microsoft.Data.Sqlite; 15 | using Microsoft.EntityFrameworkCore; 16 | using TestWebApp.Data; 17 | using Microsoft.Extensions.Configuration; 18 | using Microsoft.Extensions.DependencyInjection; 19 | using RolesToPermission; 20 | using StartupCode; 21 | 22 | namespace TestWebApp 23 | { 24 | public class Startup 25 | { 26 | public Startup(IConfiguration configuration) 27 | { 28 | Configuration = configuration; 29 | } 30 | 31 | public IConfiguration Configuration { get; } 32 | 33 | // This method gets called by the runtime. Use this method to add services to the container. 34 | public void ConfigureServices(IServiceCollection services) 35 | { 36 | services.Configure(options => 37 | { 38 | // This lambda determines whether user consent for non-essential cookies is needed for a given request. 39 | options.CheckConsentNeeded = context => true; 40 | options.MinimumSameSitePolicy = SameSiteMode.None; 41 | }); 42 | 43 | //Have own database for roles to Permissions and Modules - uses in-memory database 44 | var rolesConnection = SetupSqliteInMemoryConnection(); 45 | services.AddDbContext(options => options.UseSqlite(rolesConnection)); 46 | 47 | //Swapped over to Sqlite in-memory database for identity database 48 | var identityConnection = SetupSqliteInMemoryConnection(); 49 | services.AddDbContext(options => options.UseSqlite(identityConnection)); 50 | //services.AddDbContext(options => 51 | // options.UseSqlServer( 52 | // Configuration.GetConnectionString("DefaultConnection"))); 53 | //services.AddDefaultIdentity() 54 | // .AddEntityFrameworkStores(); 55 | //NOTE: Had to use AddIdentity() rather than AddDefaultIdentity to get roles working 56 | services.AddIdentity() 57 | .AddEntityFrameworkStores() 58 | .AddDefaultUI() 59 | .AddDefaultTokenProviders(); 60 | 61 | if (false) 62 | { 63 | //We build the AuthCookie's OnValidatePrincipal 64 | var sp = services.BuildServiceProvider(); 65 | var extraAuthDbContextOptions = sp.GetRequiredService>(); 66 | var authCookieValidate = new AuthCookieValidate(new CalcAllowedPermissions(extraAuthDbContextOptions)); 67 | 68 | //see https://docs.microsoft.com/en-us/aspnet/core/security/authentication/identity-configuration?view=aspnetcore-2.1#cookie-settings 69 | services.ConfigureApplicationCookie(options => 70 | { 71 | options.Events.OnValidatePrincipal = authCookieValidate.ValidateAsync; 72 | }); 73 | } 74 | else 75 | { 76 | //For simple setup on login then this will work 77 | services.AddScoped, AddPermissionsToUserClaims>(); 78 | } 79 | 80 | //Register the Permission policy handlers 81 | services.AddSingleton(); 82 | services.AddSingleton(); 83 | 84 | 85 | 86 | services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_1); 87 | } 88 | 89 | //ADDED - 90 | private static SqliteConnection SetupSqliteInMemoryConnection() 91 | { 92 | var connectionStringBuilder = new SqliteConnectionStringBuilder { DataSource = ":memory:" }; 93 | var connectionString = connectionStringBuilder.ToString(); 94 | var connection = new SqliteConnection(connectionString); 95 | connection.Open(); //see https://github.com/aspnet/EntityFramework/issues/6968 96 | return connection; 97 | } 98 | 99 | // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. 100 | public void Configure(IApplicationBuilder app, IHostingEnvironment env, IServiceProvider serviceProvider) 101 | { 102 | if (env.IsDevelopment()) 103 | { 104 | app.UseDeveloperExceptionPage(); 105 | app.UseDatabaseErrorPage(); 106 | } 107 | else 108 | { 109 | app.UseExceptionHandler("/Home/Error"); 110 | app.UseHsts(); 111 | } 112 | 113 | app.UseHttpsRedirection(); 114 | app.UseStaticFiles(); 115 | app.UseCookiePolicy(); 116 | 117 | app.UseAuthentication(); 118 | 119 | app.UseMvc(routes => 120 | { 121 | routes.MapRoute( 122 | name: "default", 123 | template: "{controller=Home}/{action=Index}/{id?}"); 124 | }); 125 | } 126 | } 127 | } 128 | -------------------------------------------------------------------------------- /TestWebApp/TestWebApp.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp2.1 5 | aspnet-TestWebApp-D3C52907-D3E3-4D99-ADC4-FB9D48221B5D 6 | 7.1 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | $(IncludeRazorContentInPack) 27 | 28 | 29 | $(IncludeRazorContentInPack) 30 | 31 | 32 | $(IncludeRazorContentInPack) 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /TestWebApp/Views/Color/Create.cshtml: -------------------------------------------------------------------------------- 1 | @model string 2 | 3 | @{ 4 | ViewData["Title"] = "Create"; 5 | } 6 | 7 |

    Create

    8 | 9 |

    HasPermissionAttribute

    10 |
    11 |
    12 |
    13 |
    14 |
    15 |
    16 | 17 | 18 |
    19 |
    20 | 21 |
    22 |
    23 |
    24 |
    25 | 26 |
    27 | Back to List 28 |
    29 | 30 | @section Scripts { 31 | @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} 32 | } 33 | -------------------------------------------------------------------------------- /TestWebApp/Views/Color/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model List 2 | 3 | @{ 4 | ViewData["Title"] = "Index"; 5 | } 6 | 7 |

    Index

    8 | 9 |

    10 | Create New 11 |

    12 | 13 | 14 | 15 | 18 | 19 | 20 | 21 | 22 | @for (var i = 0; i < Model.Count; i++) 23 | { 24 | 25 | 28 | 31 | 32 | } 33 | 34 |
    16 | Data 17 |
    26 | @Model[i] 27 | 29 | @Html.ActionLink("Delete", "Delete", new { id = i }) 30 |
    35 | -------------------------------------------------------------------------------- /TestWebApp/Views/ColorRole/Create.cshtml: -------------------------------------------------------------------------------- 1 | @model string 2 | 3 | @{ 4 | ViewData["Title"] = "Create"; 5 | } 6 | 7 |

    Create

    8 | 9 |

    HasPermissionAttribute

    10 |
    11 |
    12 |
    13 |
    14 |
    15 |
    16 | 17 | 18 |
    19 |
    20 | 21 |
    22 |
    23 |
    24 |
    25 | 26 |
    27 | Back to List 28 |
    29 | 30 | @section Scripts { 31 | @{await Html.RenderPartialAsync("_ValidationScriptsPartial");} 32 | } 33 | -------------------------------------------------------------------------------- /TestWebApp/Views/ColorRole/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model List 2 | 3 | @{ 4 | ViewData["Title"] = "Index"; 5 | } 6 | 7 |

    Index

    8 | 9 |

    10 | Create New 11 |

    12 | 13 | 14 | 15 | 18 | 19 | 20 | 21 | 22 | @for (var i = 0; i < Model.Count; i++) 23 | { 24 | 25 | 28 | 31 | 32 | } 33 | 34 |
    16 | Data 17 |
    26 | @Model[i] 27 | 29 | @Html.ActionLink("Delete", "Delete", new { id = i }) 30 |
    35 | -------------------------------------------------------------------------------- /TestWebApp/Views/Feature1/Index.cshtml: -------------------------------------------------------------------------------- 1 |  2 | @{ 3 | ViewData["Title"] = "Index"; 4 | } 5 | 6 |

    You have access!

    7 | 8 |

    Welcome. You can use Feature1.

    9 | 10 | -------------------------------------------------------------------------------- /TestWebApp/Views/Home/About.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "About"; 3 | } 4 |

    @ViewData["Title"]

    5 |

    @ViewData["Message"]

    6 | 7 |

    Use this area to provide additional information.

    8 | -------------------------------------------------------------------------------- /TestWebApp/Views/Home/Contact.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "Contact"; 3 | } 4 |

    @ViewData["Title"]

    5 |

    @ViewData["Message"]

    6 | 7 |
    8 | One Microsoft Way
    9 | Redmond, WA 98052-6399
    10 | P: 11 | 425.555.0100 12 |
    13 | 14 |
    15 | Support: Support@example.com
    16 | Marketing: Marketing@example.com 17 |
    18 | -------------------------------------------------------------------------------- /TestWebApp/Views/Home/Index.cshtml: -------------------------------------------------------------------------------- 1 | @using StartupCode 2 | @model TestWebApp.DisplayCode.HomePageDto 3 | @{ 4 | ViewData["Title"] = "Home Page"; 5 | } 6 | 7 |

    Welcome to Permission Access Control example

    8 | 9 |

    10 | This is an example ASP.NET Core web application to show how you can implement a roles-to-permissions authorization system. 11 | This application uses in-memory database to allow you to easily run the application (it seeds the database on startup) 12 |

    13 |

    Please read the article 14 | A better way to handle authorization in ASP.NET Core 15 | for how this works.

    16 | 17 |

    18 | NOTE: the @Html.ActionLink("ColorController", "Index", "Color") and the @Html.ActionLink("Feature1Controller", "Index", "Feature1") 19 | are protected by Permissions, so try accessing them either of those when not logged in, 20 | or logged in as user Staff@g1.com or Manager@g1.com. 21 |

    22 | 23 | 24 |

    List of users so you can log in

    25 |

    NOTE: The Email address is also the Password!

    26 | 27 | 28 | 29 | 30 | 31 | 32 | @foreach (var user in @Model.User) 33 | { 34 | 35 | 36 | 37 | 38 | 39 | } 40 |
    User EmailRolesAllowed Modules
    @user.Email@user.RoleNames@user.ModuleNames
    41 | 42 | 43 | 44 | @*

    List of roles, with their permission, but remember that the permissions are filtered by what modules the user is allowed to access

    45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | @foreach (var roleData in @Model.Roles) 53 | 54 | { 55 | for (int i = 0; i < roleData.PermissionsWithDesc.Count; i++ ) 56 | { 57 | 58 | 59 | 60 | 61 | 62 | 63 | } 64 | } 65 |
    RoleNameHas permissionPermission descriptionOptional Module link
    @(i == 0 ? roleData.RoleName : "")@roleData.PermissionsWithDesc[i].PermissionName@roleData.PermissionsWithDesc[i].Description@roleData.PermissionsWithDesc[i].LinkedToModule
    *@ -------------------------------------------------------------------------------- /TestWebApp/Views/Home/Privacy.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | ViewData["Title"] = "Privacy Policy"; 3 | } 4 |

    @ViewData["Title"]

    5 | 6 |

    Use this page to detail your site's privacy policy.

    7 | -------------------------------------------------------------------------------- /TestWebApp/Views/Shared/Error.cshtml: -------------------------------------------------------------------------------- 1 | @model ErrorViewModel 2 | @{ 3 | ViewData["Title"] = "Error"; 4 | } 5 | 6 |

    Error.

    7 |

    An error occurred while processing your request.

    8 | 9 | @if (Model.ShowRequestId) 10 | { 11 |

    12 | Request ID: @Model.RequestId 13 |

    14 | } 15 | 16 |

    Development Mode

    17 |

    18 | Swapping to Development environment will display more detailed information about the error that occurred. 19 |

    20 |

    21 | Development environment should not be enabled in deployed applications, as it can result in sensitive information from exceptions being displayed to end users. For local debugging, development environment can be enabled by setting the ASPNETCORE_ENVIRONMENT environment variable to Development, and restarting the application. 22 |

    23 | -------------------------------------------------------------------------------- /TestWebApp/Views/Shared/_CookieConsentPartial.cshtml: -------------------------------------------------------------------------------- 1 | @using Microsoft.AspNetCore.Http.Features 2 | 3 | @{ 4 | var consentFeature = Context.Features.Get(); 5 | var showBanner = !consentFeature?.CanTrack ?? false; 6 | var cookieString = consentFeature?.CreateConsentCookie(); 7 | } 8 | 9 | @if (showBanner) 10 | { 11 | 33 | 41 | } -------------------------------------------------------------------------------- /TestWebApp/Views/Shared/_Layout.cshtml: -------------------------------------------------------------------------------- 1 | @using PermissionParts 2 | @using RolesToPermission 3 | 4 | 5 | 6 | 7 | 8 | @ViewData["Title"] - TestWebApp 9 | 10 | 11 | 12 | 13 | 14 | 15 | 18 | 19 | 20 | 21 | 22 | 60 | 61 | 62 | 63 |
    64 | @RenderBody() 65 |
    66 |
    67 |

    © 2018 - TestWebApp

    68 |
    69 |
    70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 83 | 89 | 90 | 91 | 92 | @RenderSection("Scripts", required: false) 93 | 94 | 95 | -------------------------------------------------------------------------------- /TestWebApp/Views/Shared/_LoginPartial.cshtml: -------------------------------------------------------------------------------- 1 | @using Microsoft.AspNetCore.Identity 2 | 3 | @inject SignInManager SignInManager 4 | @inject UserManager UserManager 5 | 6 | @if (User.Identity.IsAuthenticated) 7 | { 8 | 18 | } 19 | else 20 | { 21 | 25 | } -------------------------------------------------------------------------------- /TestWebApp/Views/Shared/_ValidationScriptsPartial.cshtml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 12 | 18 | 19 | -------------------------------------------------------------------------------- /TestWebApp/Views/Users/Index.cshtml: -------------------------------------------------------------------------------- 1 | @model System.Security.Claims.ClaimsPrincipal 2 | @{ 3 | ViewData["Title"] = "User"; 4 | } 5 | 6 |

    Current logged in user claims.

    7 | 8 | @if (Model?.Identity.IsAuthenticated == true) 9 | { 10 |

    User '@User.Identity.Name'

    11 |
      12 | 13 | @foreach (var claim in @Model.Claims) 14 | { 15 |
    • @claim.ToString()
    • 16 | } 17 |
    18 | } 19 | else 20 | { 21 |

    No user is logged in.

    22 | } 23 | 24 | -------------------------------------------------------------------------------- /TestWebApp/Views/Users/List.cshtml: -------------------------------------------------------------------------------- 1 | @model List 2 | @{ 3 | ViewData["Title"] = "All users"; 4 | } 5 | 6 |

    List of users

    7 | 8 | 9 | 10 | 11 | 12 | 13 | @foreach (var user in @Model) 14 | { 15 | 16 | 17 | 18 | 19 | 20 | } 21 |
    User EmailRolesAllowed Modules
    @user.Email@user.RoleNames@user.ModuleNames
    22 | 23 | -------------------------------------------------------------------------------- /TestWebApp/Views/Users/Permissions.cshtml: -------------------------------------------------------------------------------- 1 | @model IEnumerable 2 | 3 | @{ 4 | ViewData["Title"] = "Permissions"; 5 | } 6 | 7 |

    Permissions

    8 | 9 | 10 | 11 | 12 | 15 | 18 | 21 | 24 | 27 | 28 | 29 | 30 | @foreach (var item in Model) { 31 | 32 | 35 | 38 | 41 | 44 | 47 | 48 | } 49 | 50 |
    13 | @Html.DisplayNameFor(model => model.GroupName) 14 | 16 | @Html.DisplayNameFor(model => model.ShortName) 17 | 19 | @Html.DisplayNameFor(model => model.Description) 20 | 22 | @Html.DisplayNameFor(model => model.Permission) 23 | 25 | @Html.DisplayNameFor(model => model.ModuleName) 26 |
    33 | @Html.DisplayFor(modelItem => item.GroupName) 34 | 36 | @Html.DisplayFor(modelItem => item.ShortName) 37 | 39 | @Html.DisplayFor(modelItem => item.Description) 40 | 42 | @item.Permission.ToString() 43 | 45 | @Html.DisplayFor(modelItem => item.ModuleName) 46 |
    51 | -------------------------------------------------------------------------------- /TestWebApp/Views/Users/Roles.cshtml: -------------------------------------------------------------------------------- 1 | @model IEnumerable 2 | 3 | @{ 4 | ViewData["Title"] = "Roles"; 5 | } 6 | 7 |

    Roles

    8 | 9 | @*

    10 | Create New 11 |

    *@ 12 | 13 | 14 | 15 | 18 | 21 | 24 | @**@ 25 | 26 | 27 | 28 | @foreach (var item in Model) { 29 | 30 | 33 | 36 | 39 | @**@ 44 | 45 | } 46 | 47 |
    16 | @Html.DisplayNameFor(model => model.RoleName) 17 | 19 | @Html.DisplayNameFor(model => model.Description) 20 | 22 | Permissions 23 |
    31 | @Html.DisplayFor(modelItem => item.RoleName) 32 | 34 | @Html.DisplayFor(modelItem => item.Description) 35 | 37 | @string.Join(", ", item.PermissionsInRole.Select(x => x.ToString())) 38 | 40 | @Html.ActionLink("Edit", "Edit", new { /* id=item.PrimaryKey */ }) | 41 | @Html.ActionLink("Details", "Details", new { /* id=item.PrimaryKey */ }) | 42 | @Html.ActionLink("Delete", "Delete", new { /* id=item.PrimaryKey */ }) 43 |
    48 | -------------------------------------------------------------------------------- /TestWebApp/Views/_ViewImports.cshtml: -------------------------------------------------------------------------------- 1 | @using TestWebApp 2 | @using TestWebApp.Models 3 | @addTagHelper *, Microsoft.AspNetCore.Mvc.TagHelpers 4 | -------------------------------------------------------------------------------- /TestWebApp/Views/_ViewStart.cshtml: -------------------------------------------------------------------------------- 1 | @{ 2 | Layout = "_Layout"; 3 | } 4 | -------------------------------------------------------------------------------- /TestWebApp/appsettings.Development.json: -------------------------------------------------------------------------------- 1 | { 2 | "Logging": { 3 | "LogLevel": { 4 | "Default": "Debug", 5 | "System": "Information", 6 | "Microsoft": "Information" 7 | } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /TestWebApp/appsettings.json: -------------------------------------------------------------------------------- 1 | { 2 | "ConnectionStrings": { 3 | "DefaultConnection": "Server=(localdb)\\mssqllocaldb;Database=aspnet-TestWebApp-D3C52907-D3E3-4D99-ADC4-FB9D48221B5D;Trusted_Connection=True;MultipleActiveResultSets=true" 4 | }, 5 | "Logging": { 6 | "LogLevel": { 7 | "Default": "Warning" 8 | } 9 | }, 10 | "AllowedHosts": "*" 11 | } 12 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/SeedData/rolestopermissions.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "RoleName": "Staff", 4 | "Description": "Staff can only read data", 5 | "Permissions": ["ColorRead","Feature1Access"] 6 | }, 7 | { 8 | "RoleName": "Manager", 9 | "Description": "Managers can read/write the data", 10 | "Permissions": [ "ColorRead","ColorCreate","ColorDelete","ColorUpdate","Feature1Access" ] 11 | }, 12 | { 13 | "RoleName": "Admin", 14 | "Description": "Admin can manage users, but not read data", 15 | "Permissions": [ "UserRead,UserChange","Feature1Access","Feature2Access" ] 16 | } 17 | ] 18 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/SeedData/userinfo.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Email": "Staff@g1.com", 4 | "RolesCommaDelimited": "Staff", 5 | "ModulesCommaDelimited": "Feature1", 6 | "DataInfo": {} 7 | }, 8 | { 9 | "Email": "Manager@g1.com", 10 | "RolesCommaDelimited": "Manager", 11 | "ModulesCommaDelimited": "", 12 | "DataInfo": {} 13 | }, 14 | { 15 | "Email": "Admin@g1.com", 16 | "RolesCommaDelimited": "Manager,Admin", 17 | "ModulesCommaDelimited": "Feature1,Feature2", 18 | "DataInfo": {} 19 | } 20 | ] 21 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/css/site.css: -------------------------------------------------------------------------------- 1 | /* Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification\ 2 | for details on configuring this project to bundle and minify static web assets. */ 3 | body { 4 | padding-top: 50px; 5 | padding-bottom: 20px; 6 | } 7 | 8 | /* Wrapping element */ 9 | /* Set some basic padding to keep content from hitting the edges */ 10 | .body-content { 11 | padding-left: 15px; 12 | padding-right: 15px; 13 | } 14 | 15 | /* Carousel */ 16 | .carousel-caption p { 17 | font-size: 20px; 18 | line-height: 1.4; 19 | } 20 | 21 | /* Make .svg files in the carousel display properly in older browsers */ 22 | .carousel-inner .item img[src$=".svg"] { 23 | width: 100%; 24 | } 25 | 26 | /* QR code generator */ 27 | #qrCode { 28 | margin: 15px; 29 | } 30 | 31 | /* Hide/rearrange for smaller screens */ 32 | @media screen and (max-width: 767px) { 33 | /* Hide captions */ 34 | .carousel-caption { 35 | display: none; 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/css/site.min.css: -------------------------------------------------------------------------------- 1 | body{padding-top:50px;padding-bottom:20px}.body-content{padding-left:15px;padding-right:15px}.carousel-caption p{font-size:20px;line-height:1.4}.carousel-inner .item img[src$=".svg"]{width:100%}#qrCode{margin:15px}@media screen and (max-width:767px){.carousel-caption{display:none}} -------------------------------------------------------------------------------- /TestWebApp/wwwroot/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/favicon.ico -------------------------------------------------------------------------------- /TestWebApp/wwwroot/js/site.js: -------------------------------------------------------------------------------- 1 | // Please see documentation at https://docs.microsoft.com/aspnet/core/client-side/bundling-and-minification 2 | // for details on configuring this project to bundle and minify static web assets. 3 | 4 | // Write your JavaScript code. 5 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/js/site.min.js: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/js/site.min.js -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "bootstrap", 3 | "description": "The most popular front-end framework for developing responsive, mobile first projects on the web.", 4 | "keywords": [ 5 | "css", 6 | "js", 7 | "less", 8 | "mobile-first", 9 | "responsive", 10 | "front-end", 11 | "framework", 12 | "web" 13 | ], 14 | "homepage": "http://getbootstrap.com", 15 | "license": "MIT", 16 | "moduleType": "globals", 17 | "main": [ 18 | "less/bootstrap.less", 19 | "dist/js/bootstrap.js" 20 | ], 21 | "ignore": [ 22 | "/.*", 23 | "_config.yml", 24 | "CNAME", 25 | "composer.json", 26 | "CONTRIBUTING.md", 27 | "docs", 28 | "js/tests", 29 | "test-infra" 30 | ], 31 | "dependencies": { 32 | "jquery": "1.9.1 - 3" 33 | }, 34 | "version": "3.3.7", 35 | "_release": "3.3.7", 36 | "_resolution": { 37 | "type": "version", 38 | "tag": "v3.3.7", 39 | "commit": "0b9c4a4007c44201dce9a6cc1a38407005c26c86" 40 | }, 41 | "_source": "https://github.com/twbs/bootstrap.git", 42 | "_target": "v3.3.7", 43 | "_originalSource": "bootstrap", 44 | "_direct": true 45 | } -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2011-2016 Twitter, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. 22 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.eot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.eot -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.ttf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.ttf -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/JonPSmith/PermissionAccessControl/d934364af6d30fd93394051b72a6100da5794842/TestWebApp/wwwroot/lib/bootstrap/dist/fonts/glyphicons-halflings-regular.woff2 -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/bootstrap/dist/js/npm.js: -------------------------------------------------------------------------------- 1 | // This file is autogenerated via the `commonjs` Grunt task. You can require() this file in a CommonJS environment. 2 | require('../../js/transition.js') 3 | require('../../js/alert.js') 4 | require('../../js/button.js') 5 | require('../../js/carousel.js') 6 | require('../../js/collapse.js') 7 | require('../../js/dropdown.js') 8 | require('../../js/modal.js') 9 | require('../../js/tooltip.js') 10 | require('../../js/popover.js') 11 | require('../../js/scrollspy.js') 12 | require('../../js/tab.js') 13 | require('../../js/affix.js') -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery-validation-unobtrusive/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery-validation-unobtrusive", 3 | "homepage": "https://github.com/aspnet/jquery-validation-unobtrusive", 4 | "version": "3.2.9", 5 | "_release": "3.2.9", 6 | "_resolution": { 7 | "type": "version", 8 | "tag": "v3.2.9", 9 | "commit": "a91f5401898e125f10771c5f5f0909d8c4c82396" 10 | }, 11 | "_source": "https://github.com/aspnet/jquery-validation-unobtrusive.git", 12 | "_target": "^3.2.9", 13 | "_originalSource": "jquery-validation-unobtrusive", 14 | "_direct": true 15 | } -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery-validation-unobtrusive/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright (c) .NET Foundation. All rights reserved. 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); you may not use 4 | these files except in compliance with the License. You may obtain a copy of the 5 | License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software distributed 10 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 11 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 12 | specific language governing permissions and limitations under the License. 13 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery-validation-unobtrusive/jquery.validate.unobtrusive.min.js: -------------------------------------------------------------------------------- 1 | // Unobtrusive validation support library for jQuery and jQuery Validate 2 | // Copyright (C) Microsoft Corporation. All rights reserved. 3 | // @version v3.2.9 4 | !function(a){"function"==typeof define&&define.amd?define("jquery.validate.unobtrusive",["jquery.validation"],a):"object"==typeof module&&module.exports?module.exports=a(require("jquery-validation")):jQuery.validator.unobtrusive=a(jQuery)}(function(a){function e(a,e,n){a.rules[e]=n,a.message&&(a.messages[e]=a.message)}function n(a){return a.replace(/^\s+|\s+$/g,"").split(/\s*,\s*/g)}function t(a){return a.replace(/([!"#$%&'()*+,.\/:;<=>?@\[\\\]^`{|}~])/g,"\\$1")}function r(a){return a.substr(0,a.lastIndexOf(".")+1)}function i(a,e){return 0===a.indexOf("*.")&&(a=a.replace("*.",e)),a}function o(e,n){var r=a(this).find("[data-valmsg-for='"+t(n[0].name)+"']"),i=r.attr("data-valmsg-replace"),o=i?a.parseJSON(i)!==!1:null;r.removeClass("field-validation-valid").addClass("field-validation-error"),e.data("unobtrusiveContainer",r),o?(r.empty(),e.removeClass("input-validation-error").appendTo(r)):e.hide()}function d(e,n){var t=a(this).find("[data-valmsg-summary=true]"),r=t.find("ul");r&&r.length&&n.errorList.length&&(r.empty(),t.addClass("validation-summary-errors").removeClass("validation-summary-valid"),a.each(n.errorList,function(){a("
  • ").html(this.message).appendTo(r)}))}function s(e){var n=e.data("unobtrusiveContainer");if(n){var t=n.attr("data-valmsg-replace"),r=t?a.parseJSON(t):null;n.addClass("field-validation-valid").removeClass("field-validation-error"),e.removeData("unobtrusiveContainer"),r&&n.empty()}}function l(e){var n=a(this),t="__jquery_unobtrusive_validation_form_reset";if(!n.data(t)){n.data(t,!0);try{n.data("validator").resetForm()}finally{n.removeData(t)}n.find(".validation-summary-errors").addClass("validation-summary-valid").removeClass("validation-summary-errors"),n.find(".field-validation-error").addClass("field-validation-valid").removeClass("field-validation-error").removeData("unobtrusiveContainer").find(">*").removeData("unobtrusiveContainer")}}function u(e){var n=a(e),t=n.data(v),r=a.proxy(l,e),i=f.unobtrusive.options||{},u=function(n,t){var r=i[n];r&&a.isFunction(r)&&r.apply(e,t)};return t||(t={options:{errorClass:i.errorClass||"input-validation-error",errorElement:i.errorElement||"span",errorPlacement:function(){o.apply(e,arguments),u("errorPlacement",arguments)},invalidHandler:function(){d.apply(e,arguments),u("invalidHandler",arguments)},messages:{},rules:{},success:function(){s.apply(e,arguments),u("success",arguments)}},attachValidation:function(){n.off("reset."+v,r).on("reset."+v,r).validate(this.options)},validate:function(){return n.validate(),n.valid()}},n.data(v,t)),t}var m,f=a.validator,v="unobtrusiveValidation";return f.unobtrusive={adapters:[],parseElement:function(e,n){var t,r,i,o=a(e),d=o.parents("form")[0];d&&(t=u(d),t.options.rules[e.name]=r={},t.options.messages[e.name]=i={},a.each(this.adapters,function(){var n="data-val-"+this.name,t=o.attr(n),s={};void 0!==t&&(n+="-",a.each(this.params,function(){s[this]=o.attr(n+this)}),this.adapt({element:e,form:d,message:t,params:s,rules:r,messages:i}))}),a.extend(r,{__dummy__:!0}),n||t.attachValidation())},parse:function(e){var n=a(e),t=n.parents().addBack().filter("form").add(n.find("form")).has("[data-val=true]");n.find("[data-val=true]").each(function(){f.unobtrusive.parseElement(this,!0)}),t.each(function(){var a=u(this);a&&a.attachValidation()})}},m=f.unobtrusive.adapters,m.add=function(a,e,n){return n||(n=e,e=[]),this.push({name:a,params:e,adapt:n}),this},m.addBool=function(a,n){return this.add(a,function(t){e(t,n||a,!0)})},m.addMinMax=function(a,n,t,r,i,o){return this.add(a,[i||"min",o||"max"],function(a){var i=a.params.min,o=a.params.max;i&&o?e(a,r,[i,o]):i?e(a,n,i):o&&e(a,t,o)})},m.addSingleVal=function(a,n,t){return this.add(a,[n||"val"],function(r){e(r,t||a,r.params[n])})},f.addMethod("__dummy__",function(a,e,n){return!0}),f.addMethod("regex",function(a,e,n){var t;return!!this.optional(e)||(t=new RegExp(n).exec(a),t&&0===t.index&&t[0].length===a.length)}),f.addMethod("nonalphamin",function(a,e,n){var t;return n&&(t=a.match(/\W/g),t=t&&t.length>=n),t}),f.methods.extension?(m.addSingleVal("accept","mimtype"),m.addSingleVal("extension","extension")):m.addSingleVal("extension","extension","accept"),m.addSingleVal("regex","pattern"),m.addBool("creditcard").addBool("date").addBool("digits").addBool("email").addBool("number").addBool("url"),m.addMinMax("length","minlength","maxlength","rangelength").addMinMax("range","min","max","range"),m.addMinMax("minlength","minlength").addMinMax("maxlength","minlength","maxlength"),m.add("equalto",["other"],function(n){var o=r(n.element.name),d=n.params.other,s=i(d,o),l=a(n.form).find(":input").filter("[name='"+t(s)+"']")[0];e(n,"equalTo",l)}),m.add("required",function(a){"INPUT"===a.element.tagName.toUpperCase()&&"CHECKBOX"===a.element.type.toUpperCase()||e(a,"required",!0)}),m.add("remote",["url","type","additionalfields"],function(o){var d={url:o.params.url,type:o.params.type||"GET",data:{}},s=r(o.element.name);a.each(n(o.params.additionalfields||o.element.name),function(e,n){var r=i(n,s);d.data[r]=function(){var e=a(o.form).find(":input").filter("[name='"+t(r)+"']");return e.is(":checkbox")?e.filter(":checked").val()||e.filter(":hidden").val()||"":e.is(":radio")?e.filter(":checked").val()||"":e.val()}}),e(o,"remote",d)}),m.add("password",["min","nonalphamin","regex"],function(a){a.params.min&&e(a,"minlength",a.params.min),a.params.nonalphamin&&e(a,"nonalphamin",a.params.nonalphamin),a.params.regex&&e(a,"regex",a.params.regex)}),m.add("fileextensions",["extensions"],function(a){e(a,"extension",a.params.extensions)}),a(function(){f.unobtrusive.parse(document)}),f.unobtrusive}); -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery-validation/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery-validation", 3 | "homepage": "https://jqueryvalidation.org/", 4 | "repository": { 5 | "type": "git", 6 | "url": "git://github.com/jquery-validation/jquery-validation.git" 7 | }, 8 | "authors": [ 9 | "Jörn Zaefferer " 10 | ], 11 | "description": "Form validation made easy", 12 | "main": "dist/jquery.validate.js", 13 | "keywords": [ 14 | "forms", 15 | "validation", 16 | "validate" 17 | ], 18 | "license": "MIT", 19 | "ignore": [ 20 | "**/.*", 21 | "node_modules", 22 | "bower_components", 23 | "test", 24 | "demo", 25 | "lib" 26 | ], 27 | "dependencies": { 28 | "jquery": ">= 1.7.2" 29 | }, 30 | "version": "1.17.0", 31 | "_release": "1.17.0", 32 | "_resolution": { 33 | "type": "version", 34 | "tag": "1.17.0", 35 | "commit": "fc9b12d3bfaa2d0c04605855b896edb2934c0772" 36 | }, 37 | "_source": "https://github.com/jzaefferer/jquery-validation.git", 38 | "_target": "^1.17.0", 39 | "_originalSource": "jquery-validation", 40 | "_direct": true 41 | } -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery-validation/LICENSE.md: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | ===================== 3 | 4 | Copyright Jörn Zaefferer 5 | 6 | Permission is hereby granted, free of charge, to any person obtaining a copy 7 | of this software and associated documentation files (the "Software"), to deal 8 | in the Software without restriction, including without limitation the rights 9 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 10 | copies of the Software, and to permit persons to whom the Software is 11 | furnished to do so, subject to the following conditions: 12 | 13 | The above copyright notice and this permission notice shall be included in 14 | all copies or substantial portions of the Software. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 21 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 22 | THE SOFTWARE. 23 | -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery/.bower.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "jquery", 3 | "main": "dist/jquery.js", 4 | "license": "MIT", 5 | "ignore": [ 6 | "package.json" 7 | ], 8 | "keywords": [ 9 | "jquery", 10 | "javascript", 11 | "browser", 12 | "library" 13 | ], 14 | "homepage": "https://github.com/jquery/jquery-dist", 15 | "version": "3.3.1", 16 | "_release": "3.3.1", 17 | "_resolution": { 18 | "type": "version", 19 | "tag": "3.3.1", 20 | "commit": "9e8ec3d10fad04748176144f108d7355662ae75e" 21 | }, 22 | "_source": "https://github.com/jquery/jquery-dist.git", 23 | "_target": "^3.3.1", 24 | "_originalSource": "jquery", 25 | "_direct": true 26 | } -------------------------------------------------------------------------------- /TestWebApp/wwwroot/lib/jquery/LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright JS Foundation and other contributors, https://js.foundation/ 2 | 3 | This software consists of voluntary contributions made by many 4 | individuals. For exact contribution history, see the revision history 5 | available at https://github.com/jquery/jquery 6 | 7 | The following license applies to all parts of this software except as 8 | documented below: 9 | 10 | ==== 11 | 12 | Permission is hereby granted, free of charge, to any person obtaining 13 | a copy of this software and associated documentation files (the 14 | "Software"), to deal in the Software without restriction, including 15 | without limitation the rights to use, copy, modify, merge, publish, 16 | distribute, sublicense, and/or sell copies of the Software, and to 17 | permit persons to whom the Software is furnished to do so, subject to 18 | the following conditions: 19 | 20 | The above copyright notice and this permission notice shall be 21 | included in all copies or substantial portions of the Software. 22 | 23 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 24 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 25 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 26 | NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 27 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 28 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 29 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 30 | 31 | ==== 32 | 33 | All files located in the node_modules and external directories are 34 | externally maintained libraries used by this software which have their 35 | own licenses; we recommend you read them, as their terms may differ from 36 | the terms above. 37 | --------------------------------------------------------------------------------