From 9e294919fec9fefbc5548be11675c0b5690108de Mon Sep 17 00:00:00 2001 From: "Atsuta, Ivan" Date: Fri, 25 Oct 2024 13:52:15 +0200 Subject: [PATCH 1/3] add domainSecurityRule checks to ISecuritySystem --- .../SecurityRule/DomainSecurityRule.cs | 28 +++++++++-- .../SecurityRule/SecurityRuleExtensions.cs | 50 ++++++++++++++----- .../IDomainSecurityRoleExtractor.cs | 4 +- .../SecuritySystem/ISecuritySystem.cs | 4 +- .../AccessorsFilterBuilderFactory.cs | 2 +- .../SecurityFilterBuilderFactory.cs | 2 +- .../SecurityFilterBuilderFactory.cs | 2 +- .../RoleFactorySecurityRuleExpander.cs | 2 +- .../Expanders/RootSecurityRuleExpande.cs | 4 +- .../Expanders/SecurityRoleExpander.cs | 2 +- .../ClientSecurityRuleResolver.cs | 2 +- .../DomainModeSecurityRuleResolver.cs | 2 +- .../DomainSecurityRoleExtractor.cs | 37 +++++++++----- .../SecuritySystem/SecuritySystem.cs | 18 +++++-- .../SecuritySystem/SecuritySystemFactory.cs | 4 +- src/__SolutionItems/CommonAssemblyInfo.cs | 6 +-- 16 files changed, 121 insertions(+), 48 deletions(-) diff --git a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs index 2fd10f0b3..968146388 100644 --- a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs +++ b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs @@ -67,7 +67,7 @@ public record FactorySecurityRule(Type RuleFactoryType) : DomainSecurityRule; public record OverrideAccessDeniedMessageSecurityRule(DomainSecurityRule BaseSecurityRule, string CustomMessage) : DomainSecurityRule; - public abstract record RoleBaseSecurityRule : DomainSecurityRule + public abstract record RoleBaseSecurityRule : DomainSecurityRule, IRoleBaseSecurityRuleCustomData { /// /// Тип разворачивания деревьев (как правило для просмотра самого дерева выбирается HierarchicalExpandType.All) @@ -78,7 +78,10 @@ public abstract record RoleBaseSecurityRule : DomainSecurityRule public SecurityPathRestriction? CustomRestriction { get; init; } = null; - public HierarchicalExpandType SafeExpandType => this.CustomExpandType ?? HierarchicalExpandType.Children; + public HierarchicalExpandType GetSafeExpandType () => this.CustomExpandType ?? HierarchicalExpandType.Children; + + + public RoleBaseSecurityRuleCustomData GetCustomData() => new(this); public bool EqualsCustoms(RoleBaseSecurityRule other) { @@ -96,6 +99,23 @@ public bool EqualsCustoms(RoleBaseSecurityRule other) public static implicit operator RoleBaseSecurityRule(RoleBaseSecurityRule[] securityRules) => securityRules.ToSecurityRule(); } + public record RoleBaseSecurityRuleCustomData(HierarchicalExpandType? CustomExpandType, SecurityRuleCredential? CustomCredential, SecurityPathRestriction? CustomRestriction) : IRoleBaseSecurityRuleCustomData + { + public RoleBaseSecurityRuleCustomData(IRoleBaseSecurityRuleCustomData roleBaseSecurityRule) + :this(roleBaseSecurityRule.CustomExpandType, roleBaseSecurityRule.CustomCredential, roleBaseSecurityRule.CustomRestriction) + { + } + } + + public interface IRoleBaseSecurityRuleCustomData + { + public HierarchicalExpandType? CustomExpandType { get; } + + public SecurityRuleCredential? CustomCredential { get; } + + public SecurityPathRestriction? CustomRestriction { get; } + } + public record RoleGroupSecurityRule(DeepEqualsCollection Children) : RoleBaseSecurityRule; public record AnyRoleSecurityRule : RoleBaseSecurityRule; @@ -132,7 +152,7 @@ public override string ToString() => this.SecurityRoles.Count == 1 else { return new NonExpandedRolesSecurityRule(DeepEqualsCollection.Create(rule1.SecurityRoles.Union(rule2.SecurityRoles))) - .WithCopyCustoms(rule1); + .TryApplyCustoms(rule1); } } } @@ -161,7 +181,7 @@ public static ExpandedRolesSecurityRule Create(IEnumerable securit else { return new ExpandedRolesSecurityRule(DeepEqualsCollection.Create(rule1.SecurityRoles.Union(rule2.SecurityRoles))) - .WithCopyCustoms(rule1); + .TryApplyCustoms(rule1); } } } diff --git a/src/Framework.SecuritySystem.Abstract/SecurityRule/SecurityRuleExtensions.cs b/src/Framework.SecuritySystem.Abstract/SecurityRule/SecurityRuleExtensions.cs index ae994d69e..6ab6bec55 100644 --- a/src/Framework.SecuritySystem.Abstract/SecurityRule/SecurityRuleExtensions.cs +++ b/src/Framework.SecuritySystem.Abstract/SecurityRule/SecurityRuleExtensions.cs @@ -45,16 +45,29 @@ public static NonExpandedRolesSecurityRule ToSecurityRule( SecurityPathRestriction? customRestriction = null) => new[] { securityRole }.ToSecurityRule(customExpandType, customCredential, customRestriction); - public static RoleGroupSecurityRule ToSecurityRule( + public static RoleBaseSecurityRule ToSecurityRule( this IEnumerable securityRules, HierarchicalExpandType? customExpandType = null, SecurityRuleCredential? customCredential = null, - SecurityPathRestriction? customRestriction = null) => - new( - DeepEqualsCollection.Create(securityRules)) + SecurityPathRestriction? customRestriction = null) + { + var cache = securityRules.ToList(); + + if (cache.Count == 1) { - CustomExpandType = customExpandType, CustomCredential = customCredential, CustomRestriction = customRestriction - }; + return cache.Single().TryApplyCustoms(customExpandType, customCredential, customRestriction); + } + else + { + return new RoleGroupSecurityRule( + DeepEqualsCollection.Create(cache)) + { + CustomExpandType = customExpandType, + CustomCredential = customCredential, + CustomRestriction = customRestriction + }; + } + } public static DomainSecurityRule Or( this DomainSecurityRule securityRule, @@ -192,12 +205,23 @@ public static DomainSecurityRule WithOverrideAccessDeniedMessage( string customMessage) => new OverrideAccessDeniedMessageSecurityRule(securityRule, customMessage); - public static T WithCopyCustoms(this T securityRule, RoleBaseSecurityRule customSource) + public static T TryApplyCustoms( + this T securityRule, + HierarchicalExpandType? customExpandType = null, + SecurityRuleCredential? customCredential = null, + SecurityPathRestriction? customRestriction = null) where T : RoleBaseSecurityRule => - securityRule with - { - CustomExpandType = securityRule.CustomExpandType ?? customSource.CustomExpandType, - CustomCredential = securityRule.CustomCredential ?? customSource.CustomCredential, - CustomRestriction = securityRule.CustomRestriction ?? customSource.CustomRestriction, - }; + + customExpandType is null && customCredential is null && customRestriction is null + ? securityRule + : securityRule with + { + CustomExpandType = securityRule.CustomExpandType ?? customExpandType, + CustomCredential = securityRule.CustomCredential ?? customCredential, + CustomRestriction = securityRule.CustomRestriction ?? customRestriction, + }; + + public static T TryApplyCustoms(this T securityRule, IRoleBaseSecurityRuleCustomData customSource) + where T : RoleBaseSecurityRule => + securityRule.TryApplyCustoms(customSource.CustomExpandType, customSource.CustomCredential, customSource.CustomRestriction); } diff --git a/src/Framework.SecuritySystem.Abstract/SecurityRuleInfo/IDomainSecurityRoleExtractor.cs b/src/Framework.SecuritySystem.Abstract/SecurityRuleInfo/IDomainSecurityRoleExtractor.cs index fdfadcde9..91c1e37ff 100644 --- a/src/Framework.SecuritySystem.Abstract/SecurityRuleInfo/IDomainSecurityRoleExtractor.cs +++ b/src/Framework.SecuritySystem.Abstract/SecurityRuleInfo/IDomainSecurityRoleExtractor.cs @@ -2,5 +2,7 @@ public interface IDomainSecurityRoleExtractor { - IEnumerable Extract(DomainSecurityRule securityRule); + IEnumerable ExtractSecurityRoles(DomainSecurityRule securityRule); + + DomainSecurityRule.RoleBaseSecurityRule ExtractSecurityRule(DomainSecurityRule securityRule); } diff --git a/src/Framework.SecuritySystem.Abstract/SecuritySystem/ISecuritySystem.cs b/src/Framework.SecuritySystem.Abstract/SecuritySystem/ISecuritySystem.cs index d5958f06f..38fe661aa 100644 --- a/src/Framework.SecuritySystem.Abstract/SecuritySystem/ISecuritySystem.cs +++ b/src/Framework.SecuritySystem.Abstract/SecuritySystem/ISecuritySystem.cs @@ -2,9 +2,9 @@ public interface ISecuritySystem { - bool HasAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule); + bool HasAccess(DomainSecurityRule securityRule); bool IsAdministrator() => this.HasAccess(SecurityRole.Administrator); - void CheckAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule); + void CheckAccess(DomainSecurityRule securityRule); } diff --git a/src/Framework.SecuritySystem/Builders/AccessorsBuilder/AccessorsFilterBuilderFactory.cs b/src/Framework.SecuritySystem/Builders/AccessorsBuilder/AccessorsFilterBuilderFactory.cs index a232a4aa9..af0309914 100644 --- a/src/Framework.SecuritySystem/Builders/AccessorsBuilder/AccessorsFilterBuilderFactory.cs +++ b/src/Framework.SecuritySystem/Builders/AccessorsBuilder/AccessorsFilterBuilderFactory.cs @@ -42,7 +42,7 @@ public AccessorsFilterInfo CreateFilter( () => FuncHelper.Create( (TDomainObject domainObject) => { - var filter = builder.GetAccessorsFilter(domainObject, securityRule.SafeExpandType); + var filter = builder.GetAccessorsFilter(domainObject, securityRule.GetSafeExpandType()); return permissionSystem.GetPermissionSource(securityRule).GetAccessors(filter); })); diff --git a/src/Framework.SecuritySystem/Builders/MaterializedBuilder/SecurityFilterBuilderFactory.cs b/src/Framework.SecuritySystem/Builders/MaterializedBuilder/SecurityFilterBuilderFactory.cs index d166cd28c..deba8c7bb 100644 --- a/src/Framework.SecuritySystem/Builders/MaterializedBuilder/SecurityFilterBuilderFactory.cs +++ b/src/Framework.SecuritySystem/Builders/MaterializedBuilder/SecurityFilterBuilderFactory.cs @@ -22,7 +22,7 @@ public SecurityFilterInfo CreateFilter(DomainSecurityRule.RoleBas var optimizedPermissions = permissionOptimizationService.Optimize(rawPermissions); - var expandedPermissions = optimizedPermissions.Select(permission => this.TryExpandPermission(permission, securityRule.SafeExpandType)); + var expandedPermissions = optimizedPermissions.Select(permission => this.TryExpandPermission(permission, securityRule.GetSafeExpandType())); var builder = this.CreateBuilder(securityPath); diff --git a/src/Framework.SecuritySystem/Builders/QueryBuilder/SecurityFilterBuilderFactory.cs b/src/Framework.SecuritySystem/Builders/QueryBuilder/SecurityFilterBuilderFactory.cs index 74b4bda8e..35261bc57 100644 --- a/src/Framework.SecuritySystem/Builders/QueryBuilder/SecurityFilterBuilderFactory.cs +++ b/src/Framework.SecuritySystem/Builders/QueryBuilder/SecurityFilterBuilderFactory.cs @@ -49,7 +49,7 @@ public SecurityFilterInfo CreateFilter(DomainSecurityRule.RoleBas { var builder = this.CreateBuilder(securityPath); - var permissionFilterExpression = builder.GetSecurityFilterExpression(securityRule.SafeExpandType).ExpandConst().InlineEval(); + var permissionFilterExpression = builder.GetSecurityFilterExpression(securityRule.GetSafeExpandType()).ExpandConst().InlineEval(); var permissionQuery = permissionSystem.GetPermissionSource(securityRule).GetPermissionQuery(); diff --git a/src/Framework.SecuritySystem/Expanders/RoleFactorySecurityRuleExpander.cs b/src/Framework.SecuritySystem/Expanders/RoleFactorySecurityRuleExpander.cs index ca1df1d11..c9412acd0 100644 --- a/src/Framework.SecuritySystem/Expanders/RoleFactorySecurityRuleExpander.cs +++ b/src/Framework.SecuritySystem/Expanders/RoleFactorySecurityRuleExpander.cs @@ -10,6 +10,6 @@ public DomainSecurityRule.RoleBaseSecurityRule Expand(DomainSecurityRule.RoleFac { var factory = (IFactory)serviceProvider.GetRequiredService(securityRule.RoleFactoryType); - return factory.Create().WithCopyCustoms(securityRule); + return factory.Create().TryApplyCustoms(securityRule); } } diff --git a/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs b/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs index fa4657561..b78b84c53 100644 --- a/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs +++ b/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs @@ -47,13 +47,13 @@ public ExpandedRolesSecurityRule FullRoleExpand(RoleBaseSecurityRule securityRul { case AnyRoleSecurityRule: - return ExpandedRolesSecurityRule.Create(securityRoleSource.SecurityRoles).WithCopyCustoms(securityRule); + return ExpandedRolesSecurityRule.Create(securityRoleSource.SecurityRoles).TryApplyCustoms(securityRule); case RoleGroupSecurityRule roleGroupSecurityRule: return ExpandedRolesSecurityRule .Create(roleGroupSecurityRule.Children.SelectMany(c => this.FullRoleExpand(c).SecurityRoles)) - .WithCopyCustoms(securityRule); + .TryApplyCustoms(securityRule); case OperationSecurityRule operationSecurityRule: return this.Expand(this.Expand(operationSecurityRule)); diff --git a/src/Framework.SecuritySystem/Expanders/SecurityRoleExpander.cs b/src/Framework.SecuritySystem/Expanders/SecurityRoleExpander.cs index 5dd44b50d..ae1b77cec 100644 --- a/src/Framework.SecuritySystem/Expanders/SecurityRoleExpander.cs +++ b/src/Framework.SecuritySystem/Expanders/SecurityRoleExpander.cs @@ -30,7 +30,7 @@ public SecurityRoleExpander(ISecurityRoleSource securityRoleSource) .ToArray(); return new DomainSecurityRule.ExpandedRolesSecurityRule(DeepEqualsCollection.Create(securityRoles)) - .WithCopyCustoms(securityRule); + .TryApplyCustoms(securityRule); }).WithLock(); } diff --git a/src/Framework.SecuritySystem/SecurityRuleInfo/ClientSecurityRuleResolver.cs b/src/Framework.SecuritySystem/SecurityRuleInfo/ClientSecurityRuleResolver.cs index 9b5c4ffca..fb956e2e6 100644 --- a/src/Framework.SecuritySystem/SecurityRuleInfo/ClientSecurityRuleResolver.cs +++ b/src/Framework.SecuritySystem/SecurityRuleInfo/ClientSecurityRuleResolver.cs @@ -12,7 +12,7 @@ public class ClientSecurityRuleResolver( { var request = from clientSecurityRuleInfo in clientSecurityRuleInfoSource.GetInfos() - let roles = domainSecurityRoleExtractor.Extract(clientSecurityRuleInfo.Implementation) + let roles = domainSecurityRoleExtractor.ExtractSecurityRoles(clientSecurityRuleInfo.Implementation) where roles.Contains(securityRole) diff --git a/src/Framework.SecuritySystem/SecurityRuleInfo/DomainModeSecurityRuleResolver.cs b/src/Framework.SecuritySystem/SecurityRuleInfo/DomainModeSecurityRuleResolver.cs index d0461694a..02a2c7cb6 100644 --- a/src/Framework.SecuritySystem/SecurityRuleInfo/DomainModeSecurityRuleResolver.cs +++ b/src/Framework.SecuritySystem/SecurityRuleInfo/DomainModeSecurityRuleResolver.cs @@ -12,7 +12,7 @@ public class DomainModeSecurityRuleResolver( { var request = from domainModeSecurityRuleInfo in domainModeSecurityRuleInfoList - let roles = domainSecurityRoleExtractor.Extract(domainModeSecurityRuleInfo.Implementation) + let roles = domainSecurityRoleExtractor.ExtractSecurityRoles(domainModeSecurityRuleInfo.Implementation) where roles.Contains(securityRole) diff --git a/src/Framework.SecuritySystem/SecurityRuleInfo/DomainSecurityRoleExtractor.cs b/src/Framework.SecuritySystem/SecurityRuleInfo/DomainSecurityRoleExtractor.cs index d8ae5f22a..caac2e181 100644 --- a/src/Framework.SecuritySystem/SecurityRuleInfo/DomainSecurityRoleExtractor.cs +++ b/src/Framework.SecuritySystem/SecurityRuleInfo/DomainSecurityRoleExtractor.cs @@ -4,26 +4,39 @@ namespace Framework.SecuritySystem.SecurityRuleInfo; -public class DomainSecurityRoleExtractor(ISecurityRuleExpander expander) : IDomainSecurityRoleExtractor +public class DomainSecurityRoleExtractor : IDomainSecurityRoleExtractor { - private readonly IDictionaryCache> cache = - new DictionaryCache>( - securityRule => - { - var usedRoles = new HashSet(); + private readonly IDictionaryCache rulesCache; - new ScanVisitor(usedRoles).Visit(expander.FullDomainExpand(securityRule)); + private readonly IDictionaryCache> rolesCache; - return usedRoles; - }).WithLock(); + public DomainSecurityRoleExtractor(ISecurityRuleExpander expander) + { + this.rulesCache = + new DictionaryCache( + securityRule => + { + var usedRules = new HashSet(); + + new ScanVisitor(usedRules).Visit(expander.FullDomainExpand(securityRule)); + + return usedRules.ToArray(); + }).WithLock(); + + this.rolesCache = + new DictionaryCache>( + securityRule => expander.FullRoleExpand(this.rulesCache[securityRule]).SecurityRoles.ToHashSet()).WithLock(); + } + + public IEnumerable ExtractSecurityRoles(DomainSecurityRule securityRule) => this.rolesCache[securityRule]; - public IEnumerable Extract(DomainSecurityRule securityRule) => this.cache[securityRule]; + public DomainSecurityRule.RoleBaseSecurityRule ExtractSecurityRule(DomainSecurityRule securityRule) => this.rulesCache[securityRule]; - private class ScanVisitor(ISet usedRoles) : SecurityRuleVisitor + private class ScanVisitor(ISet usedRules) : SecurityRuleVisitor { protected override DomainSecurityRule Visit(DomainSecurityRule.ExpandedRolesSecurityRule securityRule) { - usedRoles.UnionWith(securityRule.SecurityRoles); + usedRules.Add(securityRule); return securityRule; } diff --git a/src/Framework.SecuritySystem/SecuritySystem/SecuritySystem.cs b/src/Framework.SecuritySystem/SecuritySystem/SecuritySystem.cs index b2bd7ab31..db53e6ab3 100644 --- a/src/Framework.SecuritySystem/SecuritySystem/SecuritySystem.cs +++ b/src/Framework.SecuritySystem/SecuritySystem/SecuritySystem.cs @@ -1,17 +1,29 @@ using Framework.SecuritySystem.ExternalSystem; +using Framework.SecuritySystem.SecurityRuleInfo; namespace Framework.SecuritySystem; public class SecuritySystem( IAccessDeniedExceptionService accessDeniedExceptionService, - IReadOnlyList permissionSystems) : ISecuritySystem + IReadOnlyList permissionSystems, + IDomainSecurityRoleExtractor domainSecurityRoleExtractor) : ISecuritySystem { - public bool HasAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule) + public bool HasAccess(DomainSecurityRule securityRule) + { + return this.HasAccess(domainSecurityRoleExtractor.ExtractSecurityRule(securityRule)); + } + + public void CheckAccess(DomainSecurityRule securityRule) + { + this.CheckAccess(domainSecurityRoleExtractor.ExtractSecurityRule(securityRule)); + } + + private bool HasAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule) { return permissionSystems.Any(v => v.GetPermissionSource(securityRule).HasAccess()); } - public void CheckAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule) + private void CheckAccess(DomainSecurityRule.RoleBaseSecurityRule securityRule) { if (!this.HasAccess(securityRule)) { diff --git a/src/Framework.SecuritySystem/SecuritySystem/SecuritySystemFactory.cs b/src/Framework.SecuritySystem/SecuritySystem/SecuritySystemFactory.cs index 1fd7711ae..7cc35ae1f 100644 --- a/src/Framework.SecuritySystem/SecuritySystem/SecuritySystemFactory.cs +++ b/src/Framework.SecuritySystem/SecuritySystem/SecuritySystemFactory.cs @@ -1,13 +1,15 @@ using Framework.SecuritySystem.ExternalSystem; +using Framework.SecuritySystem.SecurityRuleInfo; namespace Framework.SecuritySystem; public class SecuritySystemFactory( IAccessDeniedExceptionService accessDeniedExceptionService, + IDomainSecurityRoleExtractor domainSecurityRoleExtractor, IEnumerable permissionSystems) : ISecuritySystemFactory { public ISecuritySystem Create(SecurityRuleCredential securityRuleCredential) { - return new SecuritySystem(accessDeniedExceptionService, permissionSystems.Select(f => f.Create(securityRuleCredential)).ToList()); + return new SecuritySystem(accessDeniedExceptionService, permissionSystems.Select(f => f.Create(securityRuleCredential)).ToList(), domainSecurityRoleExtractor); } } diff --git a/src/__SolutionItems/CommonAssemblyInfo.cs b/src/__SolutionItems/CommonAssemblyInfo.cs index 7a33e9aea..71f64480b 100644 --- a/src/__SolutionItems/CommonAssemblyInfo.cs +++ b/src/__SolutionItems/CommonAssemblyInfo.cs @@ -4,9 +4,9 @@ [assembly: AssemblyCompany("Luxoft")] [assembly: AssemblyCopyright("Copyright © Luxoft 2009-2024")] -[assembly: AssemblyVersion("22.5.4.0")] -[assembly: AssemblyFileVersion("22.5.4.0")] -[assembly: AssemblyInformationalVersion("22.5.4.0")] +[assembly: AssemblyVersion("22.5.5.0")] +[assembly: AssemblyFileVersion("22.5.5.0")] +[assembly: AssemblyInformationalVersion("22.5.5.0")] #if DEBUG [assembly: AssemblyConfiguration("Debug")] From ec08f2783d8cd8a3965dbeddff05fa77cd3c084f Mon Sep 17 00:00:00 2001 From: "Atsuta, Ivan" Date: Fri, 25 Oct 2024 13:56:11 +0200 Subject: [PATCH 2/3] clean --- .../SecurityRule/DomainSecurityRule.cs | 9 --------- 1 file changed, 9 deletions(-) diff --git a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs index 968146388..5764788d7 100644 --- a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs +++ b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs @@ -81,7 +81,6 @@ public abstract record RoleBaseSecurityRule : DomainSecurityRule, IRoleBaseSecur public HierarchicalExpandType GetSafeExpandType () => this.CustomExpandType ?? HierarchicalExpandType.Children; - public RoleBaseSecurityRuleCustomData GetCustomData() => new(this); public bool EqualsCustoms(RoleBaseSecurityRule other) { @@ -99,14 +98,6 @@ public bool EqualsCustoms(RoleBaseSecurityRule other) public static implicit operator RoleBaseSecurityRule(RoleBaseSecurityRule[] securityRules) => securityRules.ToSecurityRule(); } - public record RoleBaseSecurityRuleCustomData(HierarchicalExpandType? CustomExpandType, SecurityRuleCredential? CustomCredential, SecurityPathRestriction? CustomRestriction) : IRoleBaseSecurityRuleCustomData - { - public RoleBaseSecurityRuleCustomData(IRoleBaseSecurityRuleCustomData roleBaseSecurityRule) - :this(roleBaseSecurityRule.CustomExpandType, roleBaseSecurityRule.CustomCredential, roleBaseSecurityRule.CustomRestriction) - { - } - } - public interface IRoleBaseSecurityRuleCustomData { public HierarchicalExpandType? CustomExpandType { get; } From 9e86e7f555bb156e36badaac2532a3efb3b39fed Mon Sep 17 00:00:00 2001 From: "Atsuta, Ivan" Date: Fri, 25 Oct 2024 14:18:01 +0200 Subject: [PATCH 3/3] upd --- .../SecurityRule/DomainSecurityRule.cs | 2 ++ .../Expanders/RootSecurityRuleExpande.cs | 7 +++---- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs index 5764788d7..c4056a40b 100644 --- a/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs +++ b/src/Framework.SecuritySystem.Abstract/SecurityRule/DomainSecurityRule.cs @@ -154,6 +154,8 @@ public override string ToString() => this.SecurityRoles.Count == 1 /// Список развёрнутых ролей public record ExpandedRolesSecurityRule(DeepEqualsCollection SecurityRoles) : RoleBaseSecurityRule { + public static ExpandedRolesSecurityRule Empty { get; } = Create([]); + public override string ToString() => this.SecurityRoles.Count == 1 ? this.SecurityRoles.Single().Name : $"[{this.SecurityRoles.Join(", ", sr => sr.Name)}]"; diff --git a/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs b/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs index b78b84c53..e013e7418 100644 --- a/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs +++ b/src/Framework.SecuritySystem/Expanders/RootSecurityRuleExpande.cs @@ -50,10 +50,9 @@ public ExpandedRolesSecurityRule FullRoleExpand(RoleBaseSecurityRule securityRul return ExpandedRolesSecurityRule.Create(securityRoleSource.SecurityRoles).TryApplyCustoms(securityRule); case RoleGroupSecurityRule roleGroupSecurityRule: - - return ExpandedRolesSecurityRule - .Create(roleGroupSecurityRule.Children.SelectMany(c => this.FullRoleExpand(c).SecurityRoles)) - .TryApplyCustoms(securityRule); + return roleGroupSecurityRule.Children.Select(this.FullRoleExpand) + .Aggregate(ExpandedRolesSecurityRule.Empty, (r1, r2) => r1 + r2) + .TryApplyCustoms(securityRule); case OperationSecurityRule operationSecurityRule: return this.Expand(this.Expand(operationSecurityRule));