Created
December 21, 2011 17:29
-
-
Save steff-mueller/1506865 to your computer and use it in GitHub Desktop.
ServiceStack - Permission based authorization
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
//Example usage of these attributes: | |
[Authenticate] | |
[RequiredPermission("CanInspectTweets")] | |
[RequiredPermissionOnPost("CanAddTweets")] | |
[RequiredPermissionOnPut("CanAddTweets")] | |
[RequiredPermissionOnDelete("CanRemoveTweets")] | |
[RestService("/tweets",)] | |
public class Tweet { ... } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
public interface IOAuthSession | |
{ | |
string ReferrerUrl { get; set; } | |
string Id { get; set; } | |
string UserAuthId { get; set; } | |
string UserName { get; set; } | |
string DisplayName { get; set; } | |
string FirstName { get; set; } | |
string LastName { get; set; } | |
string Email { get; set; } | |
List<IOAuthTokens> ProviderOAuthAccess { get; set; } | |
DateTime CreatedAt { get; set; } | |
DateTime LastModified { get; set; } | |
bool IsAnyAuthorized(); | |
bool IsAuthorized(string provider); | |
void OnAuthenticated(IServiceBase oAuthService, IOAuthTokens tokens, Dictionary<string, string> authInfo); | |
bool TryAuthenticate(IServiceBase oAuthService, string userName, string password); | |
//New method! | |
bool HasPermission(string permission); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Net; | |
using System.Text; | |
using ServiceStack.Common; | |
using ServiceStack.ServiceInterface; | |
using ServiceStack.WebHost.Endpoints; | |
using ServiceStack.Common.Web; | |
namespace Servicestack.Security | |
{ | |
public static class PermissionHandler | |
{ | |
//Init has to be called in the app host | |
public static void Init(AppHostBase apphost) | |
{ | |
apphost.RequestFilters.Add((req, res, dto) => | |
{ | |
string sessionId = req.GetPermanentSessionId(); | |
UserSession session = apphost.GetCacheClient().GetSession(sessionId); | |
List<string> requiredPermissions; | |
var attribute = dto.GetType().FirstAttribute<RequiredPermissionAttribute>(); | |
if (attribute != null) | |
requiredPermissions = attribute.RequiredPermissions; | |
else | |
requiredPermissions = new List<string>(); | |
if (req.HttpMethod == HttpMethods.Get) | |
{ | |
var getAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnGetAttribute>(); | |
requiredPermissions.AddRange(getAttribute.RequiredPermissions); | |
} | |
else if (req.HttpMethod == HttpMethods.Post) | |
{ | |
var postAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>(); | |
requiredPermissions.AddRange(postAttribute.RequiredPermissions); | |
} | |
else if (req.HttpMethod == HttpMethods.Put) | |
{ | |
var putAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>(); | |
requiredPermissions.AddRange(putAttribute.RequiredPermissions); | |
} | |
else if (req.HttpMethod == HttpMethods.Delete) | |
{ | |
var deleteAttribute = dto.GetType().FirstAttribute<RequiredPermissionOnPostAttribute>(); | |
requiredPermissions.AddRange(deleteAttribute.RequiredPermissions); | |
} | |
//To-do: Add other http methods | |
foreach (string requiredPermission in requiredPermissions) | |
{ | |
if (!session.HasPermission(requiredPermission)) | |
{ | |
res.StatusCode = (int)HttpStatusCode.Unauthorized; | |
res.Close(); | |
return; | |
} | |
} | |
}); | |
} | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Text; | |
namespace Servicestack.Security | |
{ | |
[AttributeUsage(AttributeTargets.Class, Inherited = false, AllowMultiple = false)] | |
public class RequiredPermissionAttribute : Attribute | |
{ | |
public List<string> RequiredPermissions { get; set; } | |
public RequiredPermissionAttribute(params string[] permissions) | |
{ | |
this.RequiredPermissions = permissions.ToList(); | |
} | |
} | |
public class RequiredPermissionOnGetAttribute : RequiredPermissionAttribute | |
{ | |
public RequiredPermissionOnGetAttribute(params string[] permissions) : base(permissions) { } | |
} | |
public class RequiredPermissionOnPostAttribute : RequiredPermissionAttribute | |
{ | |
public RequiredPermissionOnPostAttribute(params string[] permissions) : base(permissions) { } | |
} | |
public class RequiredPermissionOnPutAttribute : RequiredPermissionAttribute | |
{ | |
public RequiredPermissionOnPutAttribute(params string[] permissions) : base(permissions) { } | |
} | |
public class RequiredPermissionOnDeleteAttribute : RequiredPermissionAttribute | |
{ | |
public RequiredPermissionOnDeleteAttribute(params string[] permissions) : base(permissions) { } | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment