-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #300 from DigitalExcellence/release/0.8.0
- Loading branch information
Showing
106 changed files
with
12,545 additions
and
1,370 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -27,4 +27,4 @@ jobs: | |
docker-compose down | ||
docker-compose pull | ||
sleep 10s | ||
docker-compose up -d | ||
docker-compose up -d |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -333,3 +333,6 @@ profile | |
|
||
|
||
IdentityServer/tempkey.rsa | ||
|
||
/API/Uploads/Images/* | ||
!/API/Uploads/Images/.gitkeep |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
/* | ||
* Digital Excellence Copyright (C) 2020 Brend Smits | ||
* | ||
* This program is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Lesser General Public License as published | ||
* by the Free Software Foundation version 3 of the License. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty | ||
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
* See the GNU Lesser General Public License for more details. | ||
* | ||
* You can find a copy of the GNU Lesser General Public License | ||
* along with this program, in the LICENSE.md file in the root project directory. | ||
* If not, see https://www.gnu.org/licenses/lgpl-3.0.txt | ||
*/ | ||
|
||
using Models; | ||
using Services.Services; | ||
using System.Threading.Tasks; | ||
|
||
namespace API.Common | ||
{ | ||
/// <summary> | ||
/// The implementation for the authorization helper. | ||
/// </summary> | ||
public class AuthorizationHelper : IAuthorizationHelper | ||
{ | ||
|
||
private readonly IUserService userService; | ||
|
||
/// <summary> | ||
/// Initializes a new instance of the <see cref="AuthorizationHelper"/> class. | ||
/// </summary> | ||
/// <param name="userService">The user service for communicating with the logic layer.</param> | ||
public AuthorizationHelper(IUserService userService) | ||
{ | ||
this.userService = userService; | ||
} | ||
|
||
/// <summary> | ||
/// This method checks if a user has the correct scope to use the endpoint. | ||
/// This method checks for a normal scope and the data officer scope within the | ||
/// same institution. | ||
/// </summary> | ||
/// <param name="loggedInUser">The user model of the logged in user.</param> | ||
/// <param name="scope">The required scope for accessing this endpoint.</param> | ||
/// <param name="dataOfficerScope">The required scope for accessing this | ||
/// endpoint for data officers within the same institution.</param> | ||
/// <param name="propertyOfUserId">The id of the user owner of the property | ||
/// which the logged in user wants to access.</param> | ||
/// <returns>bool: true if the user is allowed, false if the user is not allowed.</returns> | ||
public async Task<bool> UserIsAllowed(User loggedInUser, string scope, string dataOfficerScope, int propertyOfUserId) | ||
{ | ||
bool hasUserWriteScope = userService.UserHasScope(loggedInUser.IdentityId, scope); | ||
bool hasCorrectDataOfficerRights = | ||
userService.UserHasScope(loggedInUser.IdentityId, dataOfficerScope) && | ||
await userService.HasSameInstitution(loggedInUser.Id, propertyOfUserId); | ||
bool isAllowed = hasUserWriteScope || hasCorrectDataOfficerRights; | ||
return isAllowed; | ||
} | ||
|
||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Digital Excellence Copyright (C) 2020 Brend Smits | ||
* | ||
* This program is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Lesser General Public License as published | ||
* by the Free Software Foundation version 3 of the License. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty | ||
* of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | ||
* See the GNU Lesser General Public License for more details. | ||
* | ||
* You can find a copy of the GNU Lesser General Public License | ||
* along with this program, in the LICENSE.md file in the root project directory. | ||
* If not, see https://www.gnu.org/licenses/lgpl-3.0.txt | ||
*/ | ||
|
||
using Models; | ||
using System.Threading.Tasks; | ||
|
||
namespace API.Common | ||
{ | ||
/// <summary> | ||
/// The interface for the authorization helper | ||
/// </summary> | ||
public interface IAuthorizationHelper | ||
{ | ||
/// <summary> | ||
/// This method checks if a user has the correct scope to use the endpoint. | ||
/// This method checks for a normal scope and the data officer scope within the | ||
/// same institution. | ||
/// </summary> | ||
/// <param name="loggedInUser">The user model of the logged in user.</param> | ||
/// <param name="scope">The required scope for accessing this endpoint.</param> | ||
/// <param name="dataOfficerScope">The required scope for accessing this | ||
/// endpoint for data officers within the same institution.</param> | ||
/// <param name="propertyOfUserId">The id of the user owner of the property | ||
/// which the logged in user wants to access.</param> | ||
/// <returns>bool: true if the user is allowed, false if the user is not allowed.</returns> | ||
public Task<bool> UserIsAllowed(User loggedInUser, | ||
string scope, | ||
string dataOfficerScope, | ||
int propertyOfUserId); | ||
|
||
} | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.