-
Notifications
You must be signed in to change notification settings - Fork 0
/
UserPermission.cs
174 lines (136 loc) · 4.24 KB
/
UserPermission.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
namespace ExampleWebApp.Backend.WebApi.Types;
public enum UserPermission
{
/// <summary>
/// Change another user roles.
/// </summary>
ChangeUserRoles,
/// <summary>
/// Can create another user with "admin" role.
/// </summary>
CreateAdminUser,
/// <summary>
/// Can create another user with "advanced" role.
/// </summary>
CreateAdvancedUser,
/// <summary>
/// Can create another user with "normal" role.
/// </summary>
CreateNormalUser,
/// <summary>
/// Change its own email (without need to validate).
/// </summary>
ChangeOwnEmail,
/// <summary>
/// Change its own password (by reset).
/// </summary>
ChangeOwnPassword,
/// <summary>
/// Change email of another user which max role is "normal".
/// </summary>
ChangeNormalUserEmail,
/// <summary>
/// Change email of another user which max role is "advanced".
/// </summary>
ChangeAdvancedUserEmail,
/// <summary>
/// Change email of another user which max role is "admin".
/// </summary>
ChangeAdminUserEmail,
/// <summary>
/// Reset password of another user which max role is "normal".
/// </summary>
ResetNormalUserPassword,
/// <summary>
/// Reset password of another user which max role is "advanced".
/// </summary>
ResetAdvancedUserPassword,
/// <summary>
/// Reset password of another user which max role is "normal".
/// </summary>
ResetAdminUserPassword,
/// <summary>
/// Edit lockout of another user which max role is "admin".
/// </summary>
LockoutAdminUser,
/// <summary>
/// Edit lockout of another user which max role is "advanced".
/// </summary>
LockoutAdvancedUser,
/// <summary>
/// Edit lockout of another user which max role is "normal".
/// </summary>
LockoutNormalUser,
/// <summary>
/// Delete user which max role is "admin".
/// </summary>
DeleteAdminUser,
/// <summary>
/// Delete user which max role is "advanced".
/// </summary>
DeleteAdvancedUser,
/// <summary>
/// Delete user which max role is "normal".
/// </summary>
DeleteNormalUser,
/// <summary>
/// Disable user which max role is "admin".
/// </summary>
DisableAdminUser,
/// <summary>
/// Disable user which max role is "advanced".
/// </summary>
DisableAdvancedUser,
/// <summary>
/// Disable user which max role is "normal".
/// </summary>
DisableNormalUser,
/// <summary>
/// Generate an email with a reset password token.
/// </summary>
ResetLostPassword
}
public static class Toolkit
{
/// <summary>
/// Compile-time (static) permissions related to roles
/// </summary>
public static HashSet<UserPermission> PermissionsFromRoles(HashSet<string> roles)
{
var permHs = new HashSet<UserPermission>();
if (roles.Contains(ROLE_admin))
{
foreach (var perm in Enum.GetValues<UserPermission>())
permHs.Add(perm);
}
if (roles.Contains(ROLE_advanced))
{
permHs.Add(UserPermission.CreateNormalUser);
permHs.Add(UserPermission.ChangeOwnEmail);
permHs.Add(UserPermission.ChangeOwnPassword);
permHs.Add(UserPermission.ChangeNormalUserEmail);
permHs.Add(UserPermission.ResetNormalUserPassword);
permHs.Add(UserPermission.LockoutNormalUser);
permHs.Add(UserPermission.DeleteNormalUser);
permHs.Add(UserPermission.DisableNormalUser);
permHs.Add(UserPermission.ResetLostPassword);
}
if (roles.Contains(ROLE_normal))
{
permHs.Add(UserPermission.ChangeOwnEmail);
permHs.Add(UserPermission.ChangeOwnPassword);
permHs.Add(UserPermission.ResetLostPassword);
}
return permHs;
}
/// <summary>
/// Retrieve max role from given list of roles.
/// </summary>
public static string? MaxRole(IEnumerable<string> roles)
{
if (roles.Contains(ROLE_admin)) return ROLE_admin;
if (roles.Contains(ROLE_advanced)) return ROLE_advanced;
if (roles.Contains(ROLE_normal)) return ROLE_normal;
return null;
}
}