albert/kreta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

init

Browse source
This commit is contained in:
skidoodle 2024-03-13 00:33:46 +01:00
commit e124a47765
19374 changed files with 9806149 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
KretaWeb/Security/ApiCsokkentettGondviseloAccessAttribute.cs Normal file
View file

@ -0,0 +1,24 @@
using System.Net;
using System.Net.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
using Kreta.BusinessLogic.Helpers.SystemSettings;
using Kreta.Web.Helpers;
namespace Kreta.Web.Security
{
public class ApiCsokkentettGondviseloAccessAttribute : ActionFilterAttribute
{
public ApiCsokkentettGondviseloAccessAttribute() { }
public override void OnActionExecuting(HttpActionContext actionContext)
{
var result = new SystemSettingsHelper(ConnectionTypeExtensions.GetOrganizationConnectionType()).GetSystemSettingValue<bool>(Enums.RendszerBeallitasTipusEnum.Csokkentett_gondviselok_kezelese);
if (!result)
{
actionContext.Response = new HttpResponseMessage(HttpStatusCode.Unauthorized);
}
}
}
}

38
KretaWeb/Security/ApiFeatureAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,38 @@
using System;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class ApiFeatureAuthorizeAttribute : AuthorizeAttribute
{
private readonly string[] featureNames;
public ApiFeatureAuthorizeAttribute(params string[] features)
{
featureNames = features;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (IsAuthorized(actionContext))
return;
HandleUnauthorizedRequest(actionContext);
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
return AuthorizeHelper.CheckFeatureAccess(featureNames);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
}
}
}

79
KretaWeb/Security/ApiRoleClaimsAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,79 @@
using System;
using System.Net;
using System.Net.Http;
using System.Security.Claims;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using Kreta.BusinessLogic.Security;
using Kreta.Enums;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class ApiRoleClaimsAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimValue;
private bool allowAll;
public ApiRoleClaimsAuthorizeAttribute(bool allowAll = false)
{
this.allowAll = allowAll;
SetInstance(KretaSecurityActions.Demand, new SzerepkorTipusEnum[] { });
}
public ApiRoleClaimsAuthorizeAttribute(params SzerepkorTipusEnum[] claimValue)
{
SetInstance(KretaSecurityActions.Demand, claimValue);
}
public ApiRoleClaimsAuthorizeAttribute(KretaSecurityActions type, params SzerepkorTipusEnum[] claimValue)
{
SetInstance(type, claimValue);
}
private void SetInstance(KretaSecurityActions type, params SzerepkorTipusEnum[] values)
{
claimValue = AuthorizeHelper.ConvertRolesToAuthorizeProperty(type, values);
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (SkipAuthorization(actionContext))
return;
if (IsAuthorized(actionContext))
return;
HandleUnauthorizedRequest(actionContext);
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
if (HttpContext.Current == null)
return false;
if (HttpContext.Current.User == null)
return false;
var principal = HttpContext.Current.User as ClaimsPrincipal;
if (allowAll)
{
var identity = ClaimManager.GetClaimIdentity();
if (identity == null)
return false;
return principal.Identity.IsAuthenticated;
}
return AuthorizeHelper.CheckRoleAccess(claimValue, principal);
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
}
private static bool SkipAuthorization(HttpActionContext actionContext)
{
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
}
}
}

57
KretaWeb/Security/ApiRolePackageAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,57 @@
using System;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using Kreta.BusinessLogic.Security;
namespace Kreta.Web.Security
{
public class ApiRolePackageDenyAuthorizeAttribute : ApiRolePackageAuthorizeAttribute
{
public ApiRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(KretaSecurityActions.Deny, claimValue) { }
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class ApiRolePackageAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimPackages;
private KretaSecurityActions actionType = KretaSecurityActions.Demand;
public ApiRolePackageAuthorizeAttribute(params string[] claimValue)
{
claimPackages = claimValue;
}
public ApiRolePackageAuthorizeAttribute(KretaSecurityActions type, params string[] claimValue)
{
claimPackages = claimValue;
actionType = type;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (IsAuthorized(actionContext))
return;
HandleUnauthorizedRequest(actionContext);
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
if (actionType == KretaSecurityActions.Deny)
{
result = !result;
}
return result;
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
}
}
}

50
KretaWeb/Security/ApiSessionAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,50 @@
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
using Kreta.Framework;
using Kreta.Web.Controllers.Logic;
namespace Kreta.Web.Security
{
public class ApiSessionAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(HttpActionContext actionContext)
{
//TODO ezt itt ki kellene szedni, ellenorzo keszitesekor
if (actionContext.ControllerContext.ControllerDescriptor.ControllerName == "Mobile")
{
return;
}
if (SkipAuthorization(actionContext))
{
return;
}
if (IsAuthorized(actionContext))
{
SessionHandler.UpdateSessionTime();
}
else
{
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Unauthorized);
}
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
string sessionId = ClaimData.SessionId;
if (sessionId != null)
{
return SDAServer.Instance.SessionManager.IsSessionAlive(sessionId);
}
return false;
}
private static bool SkipAuthorization(HttpActionContext actionContext)
{
return actionContext.ActionDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0
|| actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes<AllowAnonymousAttribute>().Count > 0;
}
}
}

48
KretaWeb/Security/ApiValidateAjaxAntiForgeryToken.cs Normal file
View file

@ -0,0 +1,48 @@
using System;
using System.Linq;
using System.Net.Http;
using System.Web.Helpers;
using System.Web.Http;
using System.Web.Http.Controllers;
namespace Kreta.Web.Security
{
/// <summary>
/// Validálja az Ajax hívások esetén a tokent csak az Ajaxhelper.js által küldött ajax hívás tartalmazza a tokent
/// </summary>
[AttributeUsage(AttributeTargets.Method | AttributeTargets.Class, AllowMultiple = false, Inherited = true)]
public sealed class ApiValidateAjaxAntiForgeryToken : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var headerToken = actionContext
.Request
.Headers
.GetValues("X-Request-Verification-Token")
.FirstOrDefault();
var cookieToken = actionContext
.Request
.Headers
.GetCookies()
.Select(c => c[AntiForgeryConfig.CookieName])
.FirstOrDefault();
if (cookieToken == null || headerToken == null)
{
return false;
}
try
{
AntiForgery.Validate(cookieToken.Value, headerToken);
}
catch
{
return false;
}
return base.IsAuthorized(actionContext);
}
}
}

132
KretaWeb/Security/AuthorizeHelper.cs Normal file
View file

@ -0,0 +1,132 @@
using System;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Net;
using System.Security.Claims;
using System.Web.Mvc;
using Kreta.BusinessLogic.Helpers;
using Kreta.BusinessLogic.Security;
using Kreta.Core.FeatureToggle;
using Kreta.Enums;
using Kreta.Framework;
using Kreta.Resources;
using Kreta.Web.Helpers;
using AuthorizationContext = System.Web.Mvc.AuthorizationContext;
namespace Kreta.Web.Security
{
public class AuthorizeHelper
{
public static string[] ConvertRolesToAuthorizeProperty(KretaSecurityActions type, SzerepkorTipusEnum[] claimValue)
{
var pramList = new List<string>();
if (type.Equals(KretaSecurityActions.Deny))
{
var allEnum = GetAllRole();
foreach (SzerepkorTipusEnum item in claimValue)
{
allEnum.Remove(item);
}
pramList = allEnum.Select(e => e.ToString()).ToList();
}
else
{
pramList = claimValue.Select(e => e.ToString()).ToList();
}
return pramList.ToArray();
}
public static List<SzerepkorTipusEnum> GetAllRole()
{
return Enum.GetValues(typeof(SzerepkorTipusEnum)).Cast<SzerepkorTipusEnum>().ToList();
}
public static void MvcRequestAuthorizeFail(AuthorizationContext filterContext)
{
var url = new UrlHelper(filterContext.RequestContext);
var redirectUrl = string.Empty;
if (filterContext.HttpContext.Request.IsAjaxRequest())
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, ErrorResource.NincsJogaAzOldalMegtekintesehez);
return;
}
if (ClaimData.FelhasznaloSzerepkor == SzerepkorTipusEnum.Adminisztrator)
{
redirectUrl = "~/Adminisztracio/RendszerHibaErtesites";
}
//loginnál, ha nem várja meg, amíg átírányírjuk, akkor nem lesz szerepköre
else if (ClaimData.FelhasznaloSzerepkor == SzerepkorTipusEnum.Nincs_beallitva)
{
redirectUrl = "~/Adminisztracio/SzerepkorValaszto";
}
else
{
redirectUrl = url.Action("AccessDenied", "ErrorHandler", new { area = string.Empty });
}
filterContext.Result = new RedirectResult(redirectUrl);
}
public static bool CheckRoleAccess(string[] claimValue, ClaimsPrincipal principal)
{
var claimType = KretaClaimTypes.KretaFelhasznaloSzerepkor;
bool access = claimValue == null ? principal.ClaimExists(claimType) : principal.ClaimExists(claimType, claimValue);
return access;
}
public static bool CheckPackageAccess(string[] claimValue)
{
var packages = ClaimData.FelhasznaloSzerepCsomagok;
bool access = false;
foreach (var item in claimValue)
{
if (packages.Contains(item))
{
access = true;
break;
}
}
return access;
}
public static bool CheckFeatureAccess(string[] featureNames)
{
var featureContext = DependencyResolver.Current.GetService<IFeatureContext>();
bool access = false;
foreach (var item in featureNames)
{
if (featureContext.IsEnabled(item, instituteId: ClaimData.IntezmenyAzonosito))
{
access = true;
break;
}
}
return access;
}
public static DataRow CheckMaintenanceInProgress(string featureName)
{
try
{
var helper = new AdminHelper(ConnectionTypeExtensions.GetSessionConnectionType());
var result = helper.GetFeatureMaintenanceDashboardUzenet(featureName);
if (result.Tables[0].Rows.Count > 0)
{
return result.Tables[0].Rows[0];
}
}
catch (Exception ex)
{
SDAServer.Instance.Logger.ExceptionThrown(ex);
}
return null;
}
}
}

1362
KretaWeb/Security/ClaimData.cs Normal file
View file

File diff suppressed because it is too large Load diff

675
KretaWeb/Security/ClaimManager.cs Normal file
View file

@ -0,0 +1,675 @@
using System;
using System.Collections.Generic;
using System.Data;
using System.Linq;
using System.Security.Claims;
using System.Security.Principal;
using System.Web;
using Kreta.BusinessLogic.Classes;
using Kreta.BusinessLogic.HelperClasses;
using Kreta.BusinessLogic.Helpers;
using Kreta.BusinessLogic.Helpers.SystemSettings;
using Kreta.BusinessLogic.Security;
using Kreta.Core.ConnectionType;
using Kreta.Enums;
using Kreta.Enums.ManualEnums;
using Kreta.Framework.Security;
using Kreta.KretaServer.SystemSettings;
using Microsoft.AspNet.Identity;
using Microsoft.Owin.Security;
using Newtonsoft.Json;
namespace Kreta.Web.Security
{
public class ClaimManager
{
public static event ClaimSigninEventHandler ClaimSignin;
public static ClaimsIdentity SignIn(LoginInfo loginInfo, bool idpLoginEnabled = false)
{
var claims = new List<Claim>();
claims.Add(new Claim(KretaClaimTypes.BelepesiNev, loginInfo.BelepesiNev));
claims.Add(new Claim(KretaClaimTypes.FelhasznaloNev, loginInfo.NyomtatasiNev));
claims.Add(new Claim(KretaClaimTypes.FelhasznaloId, loginInfo.FelhasznaloId.ToString()));
claims.Add(new Claim(KretaClaimTypes.SessionId, loginInfo.SessionID));
claims.Add(new Claim(KretaClaimTypes.AntiForgeryToken, Guid.NewGuid().ToString()));
if (loginInfo.GondviseloId.HasValue)
{
claims.Add(new Claim(KretaClaimTypes.GondviseloId, loginInfo.GondviseloId.Value.ToString()));
if (loginInfo.UtolsoBelepesIdeje == null)
{
new JelszoLinkHelper(new OrganizationConnectionType(loginInfo.FelhasznaloId, loginInfo.IntezmenyId, loginInfo.IntezmenyAzonosito, loginInfo.AktivTanevId), loginInfo.GondviseloId.Value).DeleteLink();
}
}
claims.Add(new Claim(KretaClaimTypes.KretaFelhasznaloSzerepkor, nameof(SzerepkorTipusEnum.Nincs_beallitva)));
DoClaimSigninEvent(claims, loginInfo);
var identity = new ClaimsIdentity(new GenericIdentity($"{loginInfo.BelepesiNev ?? string.Empty}/{loginInfo.IntezmenyAzonosito ?? string.Empty}"), claims, DefaultAuthenticationTypes.ApplicationCookie, null, null);
if (!idpLoginEnabled)
{
var authmgr = HttpContext.Current.Request.GetOwinContext().Authentication;
authmgr.SignIn(identity);
}
return identity;
}
public static bool GetStatusClaimSigninEvent()
{
return ClaimSignin != null;
}
private static void DoClaimSigninEvent(List<Claim> claims, LoginInfo logininfo)
{
ClaimSignin?.Invoke(null, new ClaimSigninEventArgs(claims, logininfo));
}
public static void SignOut()
{
var authmgr = HttpContext.Current.Request.GetOwinContext().Authentication;
var identity = GetClaimIdentity();
RemoveClaim(identity, KretaClaimTypes.Package);
RemoveClaim(identity, KretaClaimTypes.PackageCacheHash);
authmgr.SignOut();
}
/// <summary>
/// Belépett felhasználóhoz tartozó összes jogosultság (claimek) lekérdezése DB-ből. Pl: Osztályfőnök, Csoportvezető, stb.
/// </summary>
/// <returns></returns>
private static List<string> GetUserClaims(FelhasznaloHelper helper)
{
var userclaims = new List<string>();
userclaims.AddRange(helper.GetFelhasznaloiJogosultsagok(ClaimData.FelhasznaloId, (int)ClaimData.FelhasznaloSzerepkor));
return userclaims;
}
private static List<string> GetFelhasznaloResources(SzerepkorTipusEnum szerepkor)
{
var resourceList = new List<string>();
if (szerepkor == SzerepkorTipusEnum.Ellenorzo)
{
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.A_felhasznalok_nem_valtoztathatjak_meg_a_jelszavukat_az_elektronikus_ellenorzoben, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Ellenorzo.Resources.A_felhasznalok_nem_valtoztathatjak_meg_a_jelszavukat_az_elektronikus_ellenorzoben);
}
}
if (ClaimData.IsOsztalyfonok)
{
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_modosithatja_osztalyaba_jaro_tanulok_adatait, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_modosithatja_osztalyaba_jaro_tanulok_adatait);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_megtekintheti_modosithatja_osztalyaba_jaro_tanulok_szocialis_tanugyi_es_SNI_BTM_adatait, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_megtekintheti_modosithatja_osztalyaba_jaro_tanulok_szocialis_tanugyi_es_SNI_BTM_adatait);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_megtekintheti_kezelheti_az_osztalyaba_jaro_tanulok_vallasi_adatait, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_megtekintheti_kezelheti_az_osztalyaba_jaro_tanulok_vallasi_adatait);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_megtekintheti_modosithatja_osztalyaba_jaro_tanulok_sportoloi_adatait, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_megtekintheti_kezelheti_az_osztalyaba_jaro_tanulok_sportoloi_adatait);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_megtekintheti_modosithatja_osztalyaba_jaro_tanulok_zaradekat, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_megtekintheti_modosithatja_osztalyaba_jaro_tanulok_zaradekat);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_kiegeszitheti_osztalyaba_jaro_tanulok_ki_vagy_atsorolsasi_zaradekat, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Osztalyfonok.Resources.Osztalyfonok_kiegeszitheti_osztalyaba_jaro_tanulok_vegzaradekat);
}
}
if (ClaimData.FelhasznaloSzerepCsomagok.Contains(KretaClaimPackages.TanuloKezelese.ClaimValue))
{
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Tanulo_sajatos_nevelesi_igenyenek_szocialis_es_tanugyi_adatainak_kezelese, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.TanuloKezelese.Resources.Tanulo_sajatos_nevelesi_igenyenek_szocialis_es_tanugyi_adatainak_kezelese);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Tanulo_vallasi_adatainak_kezelese, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.TanuloKezelese.Resources.Tanulo_vallasi_adatainak_kezelese);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Tanulo_sportoloi_adatainak_kezelese, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.TanuloKezelese.Resources.Tanulo_sportoloi_adatainak_kezelese);
}
}
if (ClaimData.FelhasznaloSzerepCsomagok.Contains(KretaClaimPackages.Tanar.ClaimValue))
{
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Pedagogusok_sajat_orarendjeiket_modosithatjak_az_elektronikus_naploban, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Tanar.Resources.Pedagogusok_sajat_orarendjeiket_modosithatjak_az_elektronikus_naploban);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Pedagogusok_csak_az_eloirt_helyettesiteseiket_regisztralhatjak_a_haladasi_naploban, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Tanar.Resources.Pedagogusok_csak_az_eloirt_helyettesiteseiket_regisztralhatjak_a_haladasi_naploban);
}
if (SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.A_haladasi_naploba_orankent_csak_egy_tanora_rogzitheto, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
resourceList.Add(KretaClaimPackages.Tanar.Resources.A_haladasi_naploba_orankent_csak_egy_tanora_rogzitheto);
}
}
return resourceList;
}
/// <summary>
/// Jogosultság beállítása.
/// </summary>
/// <param name="szerepkor"></param>
public static void SetFelhasznaloSzerepkorClaim(List<SzerepkorTipusEnum> szerepkorok, List<SzerepkorTipusEnum> eugyintezesESLSzerepkorok = null)
{
var connectionType = new SessionConnectionType(ClaimData.SessionId, ClaimData.FelhasznaloId, ClaimData.IntezmenyId, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value);
if (szerepkorok.Any())
{
AddClaim(KretaClaimTypes.KretaFelhasznaloSzerepkor, szerepkorok[0].ToString());
}
var felhasznaloHelper = new FelhasznaloHelper(connectionType);
List<string> claims = GetUserClaims(felhasznaloHelper);
if (ClaimData.IsDefaultAdminUser && SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Is_Csokkentett_Admin_Jog, ClaimData.IntezmenyAzonosito, ClaimData.SelectedTanevID.Value))
{
claims = new List<string> { KretaClaimPackages.IsCsokkentettAdminJog.ClaimValue };
string temp = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, temp);
return;
}
if (ClaimData.GondviseloId.HasValue)
{
var isCsokkentettGondviselo = felhasznaloHelper.IsCsokkentettGondviselo(ClaimData.GondviseloId.Value);
if (isCsokkentettGondviselo)
{
// ha csökkentett gondviselő, akkor nem lehet semmilyen más joga!
claims = new List<string> { KretaClaimPackages.CsokkentettGondviselo.ClaimValue };
string temp = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, temp);
return;
}
claims.Add(KretaClaimPackages.Gondviselo.ClaimValue);
//ToDo: bool-t adjon vissza!
DataSet SZMKOsztalyok = new OsztalyHelper(connectionType).GetSZMKOsztalyok(ClaimData.GondviseloId.Value);
if (SZMKOsztalyok.Tables[0].Rows.Count != 0)
{
claims.Add(KretaClaimPackages.SZMKKepviselo.ClaimValue);
}
}
if (ClaimData.FeltarGondviseloEnabled)
{
AddIsFeltaGondviseloOrTanuloClaimPackegeIfNeeded(connectionType, claims);
}
//ToDo: átszervezni!
if (eugyintezesESLSzerepkorok?.Count > 0)
{
eugyintezesESLSzerepkorok.ForEach(x =>
{
if (nameof(SzerepkorTipusEnum.eUgyintezo) == x.ToString())
{
claims.Add(KretaClaimPackages.eUgyintezo.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.Alairo) == x.ToString())
{
claims.Add(KretaClaimPackages.Alairo.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.Penztaros) == x.ToString())
{
claims.Add(KretaClaimPackages.Penztaros.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.PenzugyiAdmin) == x.ToString())
{
claims.Add(KretaClaimPackages.PenzugyiAdmin.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.BelepokartyaAdmin) == x.ToString())
{
claims.Add(KretaClaimPackages.BelepokartyaAdmin.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.LeltarConcerned) == x.ToString())
{
claims.Add(KretaClaimPackages.LeltarConcerned.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.EtkezesiAdmin) == x.ToString())
{
claims.Add(KretaClaimPackages.EtkezesiAdmin.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.EtkezesiEllenorzo) == x.ToString())
{
claims.Add(KretaClaimPackages.EtkezesiEllenorzo.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.TeremberletJelenletEllenorzo) == x.ToString())
{
claims.Add(KretaClaimPackages.TeremberletJelenletEllenorzo.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.alkalmazott) == x.ToString())
{
claims.Add(KretaClaimPackages.Alkalmazott.ClaimValue);
}
if (nameof(SzerepkorTipusEnum.FokuszMonitoring) == x.ToString())
{
claims.Add(KretaClaimPackages.FokuszMonitoring.ClaimValue);
}
});
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.GazdasagiUgyintezo))
{
claims.Add(KretaClaimPackages.GazdasagiUgyintezo.ClaimValue);
if (ClaimData.IsKlebelsberg)
{
claims.Add(KretaClaimPackages.KKGazdasagiUgyintezo.ClaimValue);
}
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.IskolaEgeszsegugyiKoordinator))
{
claims.Add(KretaClaimPackages.IskolaEgeszsegugyiKoordinator.ClaimValue);
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.Vedono))
{
claims.Add(KretaClaimPackages.Vedono.ClaimValue);
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.Iskolaorvos))
{
claims.Add(KretaClaimPackages.Iskolaorvos.ClaimValue);
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.Konyvtaros))
{
var helper = new IntezmenyConfigHelper(connectionType);
if (helper.GetIntezmenyConfig<bool>(IntezmenyConfigModulEnum.Konyvtar, IntezmenyConfigTipusEnum.IsEnabled)
&& !ClaimData.GondviseloId.HasValue)
{
claims.Add(KretaClaimPackages.Konyvtaros.ClaimValue);
}
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.IskolaEgeszsegugyiAsszisztens))
{
claims.Add(KretaClaimPackages.IskolaEgeszsegugyiAsszisztens.ClaimValue);
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.IskolaEgeszsegugyiLekerdezo))
{
claims.Add(KretaClaimPackages.IskolaEgeszsegugyiLekerdezo.ClaimValue);
}
if (ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.KerdoivKitolto_KerdoivKezelo))
{
claims.Add(KretaClaimPackages.KerdoivKitolto_KerdoivKezelo.ClaimValue);
}
if (ClaimData.IsSzakkepzoIntezmeny && ClaimData.FelhasznaloSzerepkorok.ContainsKey(SzerepkorTipusEnum.Dualis_Admin))
{
claims.Add(KretaClaimPackages.Dualis_Admin.ClaimValue);
}
if (ClaimData.IsDefaultAdminUser)
{
claims.Add(KretaClaimPackages.IsDefaultAdminUser.ClaimValue);
}
List<string> isModosithatjaOsztfoMulasztasokatJogosultak = new List<string>
{
KretaClaimPackages.Osztalyfonok.ClaimValue,
KretaClaimPackages.SzuperOsztalyfonok.ClaimValue,
KretaClaimPackages.CsoportVezeto.ClaimValue,
KretaClaimPackages.Evfolyamfelelos.ClaimValue
};
if (claims.Intersect(isModosithatjaOsztfoMulasztasokatJogosultak).Any()
&& SystemSettingsManager.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyfonok_Modosithatjae_Tanulok_Mulasztasi_Adatait, ClaimData.IntezmenyAzonosito, ClaimData.AktivTanevID.Value))
{
claims.Add(KretaClaimPackages.IsModosithatjaOsztfoMulasztasokat.ClaimValue);
}
var systemSettingsHelper = new SystemSettingsHelper(connectionType);
AddTanarAdhatMagatartasSzorgalomJegyetClaimPackegeIfNeeded(systemSettingsHelper, claims);
var tanarHelper = new TanarHelper(connectionType);
AddFelhasznaloMunkakoreNemTiltoListasClaimPackegeIfNeeded(systemSettingsHelper, tanarHelper, claims);
AddEllenorzobenLathatoOsztalyatlagClaimPackegeIfNeeded(systemSettingsHelper, claims);
var alkalmazottHelper = new AlkalmazottHelper(connectionType);
AddLEPClaimPackegeIfNeeded(systemSettingsHelper, alkalmazottHelper, claims);
bool isVegzosEvfolyamTanuloja;
isVegzosEvfolyamTanuloja = felhasznaloHelper.GetVegzosEvfolyamTanulojaByUserId(ClaimData.FelhasznaloId);
var pedagogusok_sajat_orarendjeiket_modosithatjak_az_elektronikus_naploban = systemSettingsHelper.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Pedagogusok_sajat_orarendjeiket_modosithatjak_az_elektronikus_naploban);
if (pedagogusok_sajat_orarendjeiket_modosithatjak_az_elektronikus_naploban && claims.Contains(KretaClaimPackages.Naplo.ClaimValue))
{
claims.Add(KretaClaimPackages.TanarOrarendSzerkesztes.ClaimValue);
}
if (claims.Contains(KretaClaimPackages.Ellenorzo.ClaimValue))
{
var felevi_jegyek_megjelenesenek_datuma = systemSettingsHelper.GetSystemSettingValue<DateTime?>(RendszerBeallitasTipusEnum.Felevi_jegyek_megjelenesenek_datuma);
var ev_vegi_jegyek_megjelenesenek_datuma = systemSettingsHelper.GetSystemSettingValue<DateTime?>(RendszerBeallitasTipusEnum.Ev_vegi_jegyek_megjelenesenek_datuma);
var ev_vegi_jegyek_megjelenesenek_datuma_vegzos = systemSettingsHelper.GetSystemSettingValue<DateTime?>(RendszerBeallitasTipusEnum.Ev_vegi_jegyek_megjelenesenek_datuma_vegzos);
if (felevi_jegyek_megjelenesenek_datuma <= DateTime.Now)
{
claims.Add(KretaClaimPackages.FeleviJegy.ClaimValue);
}
if (ev_vegi_jegyek_megjelenesenek_datuma <= DateTime.Now && !isVegzosEvfolyamTanuloja)
{
claims.Add(KretaClaimPackages.EvvegiJegy.ClaimValue);
}
if (ev_vegi_jegyek_megjelenesenek_datuma_vegzos <= DateTime.Now && isVegzosEvfolyamTanuloja)
{
claims.Add(KretaClaimPackages.EvvegiVegzosJegy.ClaimValue);
}
}
var ds = alkalmazottHelper.GetInfoForLoginAlkalmazott();
if (ds.Tables[0].Rows.Count > 0)
{
claims.Add(KretaClaimPackages.Alkalmazott.ClaimValue);
if (SDAConvert.ToBooleanFromTF(ds.Tables[0].Rows[0]["C_DIAKOLIMPIA"]))
{
claims.Add(KretaClaimPackages.DiakolimpiaKezelo.ClaimValue);
}
var fokuszEnabled = new List<int> { (int)VezetoiOraszamokTipusEnum.Intezmenyvezeto, (int)VezetoiOraszamokTipusEnum.IntezmenyvezetoHelyettes };
if (fokuszEnabled.Contains(SDAConvert.ToInt32(ds.Tables[0].Rows[0]["C_VEZETOIORASZAMOK"])))
{
claims.Add(KretaClaimPackages.FokuszMonitoring.ClaimValue);
}
var iskolaorEnabled = new List<int> { (int)MunkakorTipusEnum.iskolaor };
if (iskolaorEnabled.Contains(SDAConvert.ToInt32(ds.Tables[0].Rows[0]["C_MUNKAKORTIPUSA"])))
{
claims.Add(KretaClaimPackages.IskolaOr.ClaimValue);
}
if (SDAConvert.ToInt32(ds.Tables[0].Rows[0]["C_MUNKAKORTIPUSA"]) == (int)MunkakorTipusEnum.portas)
{
claims.Add(KretaClaimPackages.IsPortas.ClaimValue);
}
if (ClaimData.IsSelectedTanev20_21OrLater && ClaimData.IsSzakkepzoIntezmeny && SDAConvert.ToBooleanFromTF(ds.Tables[0].Rows[0]["C_ISSZAKOKTATASERTFELELOS"]))
{
claims.Add(KretaClaimPackages.IsSzakiranyuOktatasertFelelos.ClaimValue);
}
if (ClaimData.IsSelectedTanev20_21OrLater && ClaimData.IsSzakkepzoIntezmeny && SDAConvert.ToBooleanFromTF(ds.Tables[0].Rows[0]["C_ISDUALISKEPZOHELYIOKTATO"]))
{
claims.Add(KretaClaimPackages.IsDualisKepzohelyiOktato.ClaimValue);
}
var naploSzerepkoros = ClaimData.FelhasznaloSzerepkorok.Any(x => x.Key == SzerepkorTipusEnum.Naplo);
var adminSzerepkoros = ClaimData.FelhasznaloSzerepkorok.Any(x => x.Key == SzerepkorTipusEnum.Adminisztrator);
var feltarEszkozMenedzserSzerepkoros = ClaimData.FelhasznaloSzerepkorok.Any(x => x.Key == SzerepkorTipusEnum.FELTAR_EszkozMenedzser);
if (ClaimData.FeltarAlkalmazottEnabled && (naploSzerepkoros || (adminSzerepkoros && feltarEszkozMenedzserSzerepkoros)))
{
claims.Add(KretaClaimPackages.IsFeltarAlkalmazott.ClaimValue);
}
}
var feladatKategoriaList = new FeladatEllatasiHelyHelper(connectionType).GetFeladatKategoriakForLogin(ClaimData.AktivTanevID.Value, ClaimData.KovTanevID);
if (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue) && feladatKategoriaList.Contains(OktNevelesiKategoriaEnum.AlapfokuMuveszetoktatas))
{
claims.Add(KretaClaimPackages.AMImodul.ClaimValue);
}
if (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue) && feladatKategoriaList.Contains(OktNevelesiKategoriaEnum.Kollegium))
{
claims.Add(KretaClaimPackages.KollegiumModul.ClaimValue);
}
if (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue) && feladatKategoriaList.Contains(OktNevelesiKategoriaEnum.Felnottkepzes))
{
claims.Add(KretaClaimPackages.FelnottkepzesModul.ClaimValue);
}
if (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue) && feladatKategoriaList.Contains(OktNevelesiKategoriaEnum.EGYMI))
{
claims.Add(KretaClaimPackages.EGYMIModul.ClaimValue);
}
claims.Add(KretaClaimPackages.TanuloKezelese.ClaimValue); //Egyelőre alapból megkapja mindenki a "TanuloKezelese" package-et
string claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
AddClaim(KretaClaimTypes.PackageCacheHash, claimsString.GetHashCode().ToString());
var resources = szerepkorok.Any() ? GetFelhasznaloResources(szerepkorok[0]) : new List<string>();
AddClaim(KretaClaimTypes.Resource, JsonConvert.SerializeObject(resources));
if (!ClaimData.IsNaploAdministrator && alkalmazottHelper.IsKozossegiSzolgalatKezelo())
{
claims.Add(KretaClaimPackages.IsKozossegiSzolgalatKezelo.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
if (!claims.Contains(KretaClaimPackages.Tanulo.ClaimValue) && !claims.Contains(KretaClaimPackages.Gondviselo.ClaimValue) && !claims.Contains(KretaClaimPackages.CsokkentettGondviselo.ClaimValue))
{
claims.Add(KretaClaimPackages.TavolletIgenylo.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
IntezmenyCO intezmenyiAdatok = new IntezmenyHelper(connectionType).GetIntezmenyiAdatok();
if (intezmenyiAdatok.IsCsakLepKezelo)
{
if (!claims.Contains(KretaClaimPackages.IsLEPKezelo.ClaimValue))
{ claims.Add(KretaClaimPackages.IsLEPKezelo.ClaimValue); }
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
AddClaim(KretaClaimTypes.CsokkentettTanuloLEP, System.IO.File.ReadAllText(System.Web.HttpContext.Current.Server.MapPath(@"~\Configuration\CsokkentettTanuloLEPJson.json")));
}
if (ClaimData.IsOnlyAlkalmazott)
{
claims.Add(KretaClaimPackages.IsOnlyAlkalmozott.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
if (ClaimData.IsSzirIntezmeny)
{
claims.Add(KretaClaimPackages.IsSzirIntezmeny.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
if (ClaimData.IsSzakkepzoIntezmeny)
{
claims.Add(KretaClaimPackages.IsSzakkepzoIntezmeny.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
if (ClaimData.IsArchivIntezmeny)
{
if (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue))
{
ClaimData.IsArchivAdminUser = true;
}
//Semmilyen másik Claim-je nem lehet ilyenkor
claims.Clear();
claims.Add(KretaClaimPackages.IsArchivIntezmeny.ClaimValue);
claimsString = JsonConvert.SerializeObject(claims);
AddClaim(KretaClaimTypes.Package, claimsString);
}
}
public static void AddClaim(string claimType, string claimValue)
{
var identity = GetClaimIdentity();
AddClaimToIdentity(identity, claimType, claimValue);
}
public static void AddClaim(ClaimsIdentity identity, string claimType, string claimValue)
{
AddClaimToIdentity(identity, claimType, claimValue);
}
private static void AddClaimToIdentity(ClaimsIdentity identity, string claimType, string claimValue)
{
if (!identity.IsAuthenticated)
return;
RemoveClaim(identity, claimType);
if (claimValue == null)
return;
identity.AddClaim(new Claim(claimType, claimValue));
var authenticationManager = HttpContext.Current.GetOwinContext().Authentication;
authenticationManager.AuthenticationResponseGrant = new AuthenticationResponseGrant(new ClaimsPrincipal(identity), new AuthenticationProperties() { IsPersistent = false }); // ha IsPersistent true akkor belépve marad a felhasználó
}
private static void RemoveClaim(ClaimsIdentity identity, string claimType)
{
var claims = identity.FindClaims(claimType);
foreach (var tipus in claims)
{
identity.RemoveClaim(tipus);
}
}
public static ClaimsIdentity GetClaimIdentity()
{
return HttpContext.Current.User.Identity as ClaimsIdentity;
}
public static bool HasPackage(params string[] values)
{
var packages = ClaimData.FelhasznaloSzerepCsomagok;
bool result = false;
foreach (string value in values)
{
if (packages.Contains(value))
{
result = true;
break;
}
}
return result;
}
private static void AddTanarAdhatMagatartasSzorgalomJegyetClaimPackegeIfNeeded(SystemSettingsHelper systemSettingsHelper, List<string> claims)
{
var tanarAdhatMagatartasSzorgalomJegyet = !systemSettingsHelper.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Magatartas_Szorgalom_Ertekeles_Csak_Ofokent);
if (tanarAdhatMagatartasSzorgalomJegyet && claims.Contains(KretaClaimPackages.Tanar.ClaimValue) && !claims.Contains(KretaClaimPackages.Osztalyfonok.ClaimValue) && !claims.Contains(KretaClaimPackages.SzuperOsztalyfonok.ClaimValue)) //Ofőknek másképp
{
claims.Add(KretaClaimPackages.TanarAdhatMagatartasSzorgalomJegyet.ClaimValue);
}
}
private static void AddLEPClaimPackegeIfNeeded(SystemSettingsHelper systemSettingsHelper, AlkalmazottHelper helper, List<string> claims)
{
var IsLEPKezelo = systemSettingsHelper.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Lazar_Ervin_Program_kezelese);
if (IsLEPKezelo && (claims.Contains(KretaClaimPackages.Adminisztrator.ClaimValue)
|| claims.Contains(KretaClaimPackages.Szuperadmin.ClaimValue)
|| claims.Contains(KretaClaimPackages.SzuperOsztalyfonok.ClaimValue)
|| claims.Contains(KretaClaimPackages.Osztalyfonok.ClaimValue)
|| helper.IsLEPKezelo()))
{
claims.Add(KretaClaimPackages.IsLEPKezelo.ClaimValue);
}
}
private static void AddFelhasznaloMunkakoreNemTiltoListasClaimPackegeIfNeeded(SystemSettingsHelper systemSettingsHelper, TanarHelper tanarHelper, List<string> claims)
{
var tiltottMunkakorok = systemSettingsHelper.GetSystemSettingValue<List<int>>(RendszerBeallitasTipusEnum.Alkalmazottak_lathatjak_a_diakok_adatait);
if (claims.Contains(KretaClaimPackages.Tanar.ClaimValue))
{
var tanarAdatok = tanarHelper.GetTanarAdatok(ClaimData.FelhasznaloId);
if (!tanarAdatok.MunkaKor.HasValue || tiltottMunkakorok.Count == 0 || !tiltottMunkakorok.Contains(tanarAdatok.MunkaKor.Value))
{
claims.Add(KretaClaimPackages.FelhasznaloMunkakoreNemTiltoListas.ClaimValue);
}
}
}
private static void AddEllenorzobenLathatoOsztalyatlagClaimPackegeIfNeeded(SystemSettingsHelper systemSettingsHelper, List<string> claims)
{
var ellenorzobenLathatoOsztalyatlag = systemSettingsHelper.GetSystemSettingValue<bool>(RendszerBeallitasTipusEnum.Osztalyatlag_megjelenitese_az_ellenorzo_feluleten);
if (ellenorzobenLathatoOsztalyatlag && claims.Contains(KretaClaimPackages.Ellenorzo.ClaimValue))
{
claims.Add(KretaClaimPackages.EllenorzobenLathatoOsztalyatlag.ClaimValue);
}
}
private static void AddIsFeltaGondviseloOrTanuloClaimPackegeIfNeeded(SessionConnectionType connectionType, List<string> claims)
{
if (claims.Contains(KretaClaimPackages.Gondviselo.ClaimValue) && ClaimData.GondviseloId.HasValue
&& new GondviseloHelper(connectionType).IsGondviseloTanuloinakEvfolyamTipusaLetezik(ClaimData.GondviseloId.Value, Core.Constants.FeltarEvfolyamList))
{
claims.Add(KretaClaimPackages.IsFeltarGondviselo.ClaimValue);
}
else if (claims.Contains(KretaClaimPackages.Tanulo.ClaimValue) && new TanuloHelper(connectionType).IsTanuloFeltarEvfolyamos())
{
claims.Add(KretaClaimPackages.IsFeltarTanulo.ClaimValue);
}
}
}
public delegate void ClaimSigninEventHandler(object sender, ClaimSigninEventArgs e);
public class ClaimSigninEventArgs : EventArgs
{
public ClaimSigninEventArgs(List<Claim> claims, LoginInfo loginInfo)
{
Claims = claims;
LoginInfo = loginInfo;
}
public List<Claim> Claims { get; set; }
public LoginInfo LoginInfo { get; set; }
}
}

14
KretaWeb/Security/ClaimNotFoundException.cs Normal file
View file

@ -0,0 +1,14 @@
using System;
namespace Kreta.Web.Security
{
public class ClaimNotFoundException : Exception
{
public string ClaimType { get; set; }
public ClaimNotFoundException(string claimType)
{
ClaimType = claimType;
}
}
}

375
KretaWeb/Security/ClaimsIdentityExtensions.cs Normal file
View file

@ -0,0 +1,375 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Kreta.BusinessLogic.Security;
using Kreta.Framework.Security;
using Newtonsoft.Json;
namespace Kreta.Web.Security
{
/// <summary>
/// Extension methods for ClaimsIdentity
/// </summary>
public static class ClaimsIdentityExtensions
{
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="predicate">The search predicate.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsIdentity identity, Predicate<Claim> predicate)
{
Claim claim = identity.FindClaims(predicate).FirstOrDefault();
return claim != null;
}
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsIdentity identity, string claimType)
{
return identity.ClaimExists(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsIdentity identity, string claimType, string value)
{
return identity.ClaimExists(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(value, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsIdentity identity, string claimType, string value, string issuer)
{
return identity.ClaimExists(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="identity">The principal.</param>
/// <param name="predicate">The search predicate.</param>
public static void DemandClaim(this ClaimsIdentity identity, Predicate<Claim> predicate)
{
if (!identity.ClaimExists(predicate))
{
throw new SecurityException();
}
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
public static void DemandClaim(this ClaimsIdentity identity, string claimType)
{
try
{
identity.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
public static void DemandClaim(this ClaimsIdentity identity, string claimType, string value)
{
try
{
identity.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
public static void DemandClaim(this ClaimsIdentity identity, string claimType, string value, string issuer)
{
try
{
identity.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
claim.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The identity.</param>
/// <param name="predicate">The search predicate.</param>
public static void DenyClaim(this ClaimsIdentity identity, Predicate<Claim> predicate)
{
foreach (Claim claim in identity.FindClaims(predicate))
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
public static void DenyClaim(this ClaimsIdentity identity, string claimType)
{
try
{
identity.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
public static void DenyClaim(this ClaimsIdentity identity, string claimType, string value)
{
try
{
identity.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
public static void DenyClaim(this ClaimsIdentity identity, string claimType, string value, string issuer)
{
try
{
identity.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
claim.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="predicate">The search predicate.</param>
/// <returns>List of claims that match the search criteria</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsIdentity identity, Predicate<Claim> predicate)
{
return from claim in identity.Claims
where predicate(claim)
select claim;
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>List of claims that match the search criteria</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsIdentity identity, string claimType)
{
return identity.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>List of claims that match the search criteria</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsIdentity identity, string claimType, string issuer)
{
return identity.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <param name="value">The value.</param>
/// <returns>List of claims that match the search criteria</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsIdentity identity, string claimType, string issuer, string value)
{
return identity.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claim">Search claim.</param>
/// <returns>List of claims that match the search criteria</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsIdentity identity, Claim claim)
{
return identity.FindClaims(c =>
c.Type.Equals(claim.Type, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(claim.Value, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(claim.Issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Retrieves the value of a claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>The value</returns>
public static string GetClaimValue(this ClaimsIdentity identity, string claimType)
{
string value = null;
if (identity.TryGetClaimValue(claimType, out value))
{
return value;
}
throw new Exception("Claim not found exception");// ClaimNotFoundException(string.Format(CultureInfo.CurrentCulture, Messages.ClaimNotFound, claimType));
}
/// <summary>
/// Retrieves the value of a claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>The value</returns>
public static string GetClaimValue(this ClaimsIdentity identity, string claimType, string issuer)
{
string value = null;
if (identity.TryGetClaimValue(claimType, issuer, out value))
{
return value;
}
throw new Exception("Claim not found exception"); //throw new ClaimNotFoundException(string.Format(CultureInfo.CurrentCulture, Messages.ClaimNotFound, claimType));
}
/// <summary>
/// Tries to retrieve the value of a claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="claimValue">The claim value.</param>
/// <returns>The value</returns>
public static bool TryGetClaimValue(this ClaimsIdentity identity, string claimType, out string claimValue)
{
claimValue = null;
Claim claim = identity.FindClaims(claimType).FirstOrDefault();
if (claim != null)
{
claimValue = claim.Value;
return true;
}
return false;
}
/// <summary>
/// Tries to retrieve the value of a claim.
/// </summary>
/// <param name="identity">The identity.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <param name="claimValue">The claim value.</param>
/// <returns>The value</returns>
public static bool TryGetClaimValue(this ClaimsIdentity identity, string claimType, string issuer, out string claimValue)
{
claimValue = null;
Claim claim = identity.FindClaims(claimType, issuer).FirstOrDefault();
if (claim != null)
{
claimValue = claim.Value;
return true;
}
return false;
}
public static bool HasResource(this ClaimsIdentity identity, string resourceName)
{
var resourcesJSON = identity.GetClaimValue(KretaClaimTypes.Resource);
var resources = JsonConvert.DeserializeObject<List<string>>(resourcesJSON);
return resources.Contains(resourceName);
}
}
}

404
KretaWeb/Security/ClaimsPrincipalExtensions.cs Normal file
View file

@ -0,0 +1,404 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Security.Claims;
using Kreta.Framework.Security;
namespace Kreta.Web.Security
{
public static class ClaimsPrincipalExtensions
{
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="predicate">The search predicate.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsPrincipal principal, Predicate<Claim> predicate)
{
foreach (var identity in principal.Identities)
{
if (identity.ClaimExists(predicate))
{
return true;
}
}
return false;
}
/// <summary>
/// Checks whether a given claim exists
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsPrincipal principal, string claimType)
{
return principal.ClaimExists(c => c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Checks whether a given claim exists.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsPrincipal principal, string claimType, string[] value)
{
var result = false;
foreach (var item in value)
{
if (principal.ClaimExists(c => c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) && c.Value.Equals(item, StringComparison.OrdinalIgnoreCase)))
{
result = true;
break;
}
}
return result;
}
/// <summary>
/// Checks whether a given claim exists.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>true/false</returns>
public static bool ClaimExists(this ClaimsPrincipal principal, string claimType, string[] value, string issuer)
{
var result = false;
foreach (var item in value)
{
if (principal.ClaimExists(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(item, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase)))
{
result = true;
break;
}
}
return result;
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="predicate">The search predicate.</param>
public static void DemandClaim(this ClaimsPrincipal principal, Predicate<Claim> predicate)
{
foreach (Claim claim in principal.FindClaims(predicate))
{
return;
}
throw new SecurityException();
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
public static void DemandClaim(this ClaimsPrincipal principal, string claimType)
{
try
{
principal.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
public static void DemandClaim(this ClaimsPrincipal principal, string claimType, string value)
{
try
{
principal.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Demands a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
public static void DemandClaim(this ClaimsPrincipal principal, string claimType, string value, string issuer)
{
try
{
principal.DemandClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
claim.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="predicate">The search predicate.</param>
public static void DenyClaim(this ClaimsPrincipal principal, Predicate<Claim> predicate)
{
foreach (Claim claim in principal.FindClaims(predicate))
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
public static void DenyClaim(this ClaimsPrincipal principal, string claimType)
{
try
{
principal.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
public static void DenyClaim(this ClaimsPrincipal principal, string claimType, string value)
{
try
{
principal.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Denies a specific claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="value">The value.</param>
/// <param name="issuer">The issuer.</param>
public static void DenyClaim(this ClaimsPrincipal principal, string claimType, string value, string issuer)
{
try
{
principal.DenyClaim(claim =>
claim.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
claim.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
claim.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
catch (SecurityException)
{
throw new SecurityException();
}
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="predicate">A search predicate.</param>
/// <returns>A list of claims that match the search criteria.</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsPrincipal principal, Predicate<Claim> predicate)
{
foreach (ClaimsIdentity identity in principal.Identities)
{
foreach (Claim claim in identity.FindClaims(predicate))
{
yield return claim;
}
}
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>A list of claims that match the search criteria.</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsPrincipal principal, string claimType)
{
return principal.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>A list of claims that match the search criteria.</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsPrincipal principal, string claimType, string issuer)
{
return principal.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <param name="value">The value.</param>
/// <returns>A list of claims that match the search criteria.</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsPrincipal principal, string claimType, string issuer, string value)
{
return principal.FindClaims(c =>
c.Type.Equals(claimType, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(value, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Finds all instances of the specified claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claim">The claim.</param>
/// <returns>A list of claims that match the search criteria.</returns>
public static IEnumerable<Claim> FindClaims(this ClaimsPrincipal principal, Claim claim)
{
return principal.FindClaims(c =>
c.Type.Equals(claim.Type, StringComparison.OrdinalIgnoreCase) &&
c.Value.Equals(claim.Value, StringComparison.OrdinalIgnoreCase) &&
c.Issuer.Equals(claim.Issuer, StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Retrieves the value of a claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <returns>The value</returns>
public static string GetClaimValue(this ClaimsPrincipal principal, string claimType)
{
string value = null;
foreach (var identity in principal.Identities)
{
if (identity.TryGetClaimValue(claimType, out value))
{
return value;
}
}
throw new ClaimNotFoundException(claimType);
}
/// <summary>
/// Retrieves the value of a claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <returns>The value</returns>
public static string GetClaimValue(this ClaimsPrincipal principal, string claimType, string issuer)
{
string value = null;
foreach (var identity in principal.Identities)
{
if (identity.TryGetClaimValue(claimType, issuer, out value))
{
return value;
}
}
throw new ClaimNotFoundException(claimType);
}
/// <summary>
/// Tries to retrieve the value of a claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="claimValue">The claim value.</param>
/// <returns>The value</returns>
public static bool TryGetClaimValue(this ClaimsPrincipal principal, string claimType, out string claimValue)
{
claimValue = null;
Claim claim = principal.FindClaims(claimType).FirstOrDefault();
if (claim != null)
{
claimValue = claim.Value;
return true;
}
return false;
}
/// <summary>
/// Tries to retrieve the value of a claim.
/// </summary>
/// <param name="principal">The principal.</param>
/// <param name="claimType">Type of the claim.</param>
/// <param name="issuer">The issuer.</param>
/// <param name="claimValue">The claim value.</param>
/// <returns>The value</returns>
public static bool TryGetClaimValue(this ClaimsPrincipal principal, string claimType, string issuer, out string claimValue)
{
claimValue = null;
Claim claim = principal.FindClaims(claimType, issuer).FirstOrDefault();
if (claim != null)
{
claimValue = claim.Value;
return true;
}
return false;
}
/// <summary>
/// Retrieves the first identity of an ClaimsPrincipal.
/// </summary>
/// <param name="principal">The principal.</param>
/// <returns>The first IClaimsIdentity</returns>
public static ClaimsIdentity First(this ClaimsPrincipal principal)
{
return principal.Identities.ElementAt(0);
}
}
}

81
KretaWeb/Security/IKretaAuthorization.cs Normal file
View file

@ -0,0 +1,81 @@
using System;
using System.Collections.Generic;
using Kreta.Enums.ManualEnums;
namespace Kreta.Web.Security
{
public interface IKretaAuthorization
{
bool IsValidEvent(int eventId, CalendarOraTypeEnum calendarOraType, DateTime date);
bool IsValidOrarendiOra(int orarendiOraId, DateTime oraDatuma);
bool IsValidTanitasiOra(int tanitasiOraId);
bool IsValidNemKotottMunkaido(int nemKotottMunkaidoId);
bool IsValidOsztaly(int osztalyId);
bool IsValidCsoport(int csoportId);
bool IsValidOsztalyCsoport(int osztalyCsoportId, bool lehetTTF = false);
bool IsValidOsztalyCsoport(int osztalyCsoportId, int tantargyId);
bool IsValidOsztalyfonokTanuloja(int tanuloId);
bool IsValidTanulo(int tanuloId, bool lehetTTF = false);
bool IsValidTanulo(List<int> tanuloIdList, int osztalyCsoportId, bool lehetTTF = false);
bool IsValidTanulo(int tanuloId, int tantargyId);
bool IsValidErtekeles(int ertekelesId);
bool IsValidMagatartasSzorgalom(int magatartasSzorgalomId);
bool IsValidMulasztas(int mulasztasId);
bool IsValidIgazolas(int igazolasId);
bool IsValidKozossegiSzolgalat(int kozossegiSzolgalatId);
bool IsValidErettsegiEredmeny(int erettsegiEredmenyId);
bool IsValidSzakkepzesiMunkaszerzodes();
bool IsValidDualisOktatoCsoporthozRendeles();
bool IsValidDualisTanulok();
bool IsValidDualisCsoportok();
bool IsValidTanuloApaczai();
bool IsValidDualisHelyszinek();
bool IsValidDualisErtekelesek();
bool IsValidDualisMulasztasok();
bool IsValidDualisFeljegyzesek();
bool IsValidDualisAlkalmazottak();
bool IsValidDualisTanuloSorolas();
bool IsValidTanulasiElemImportExport();
bool IsValidTanulasiElemek();
bool IsValidDualisKepzes();
bool IsValidDualisAdminOrarend();
bool IsValidDualisElektronikusUzenetek();
bool IsValidDualisBeirasok();
bool IsValidDualisOktato();
}
}

236
KretaWeb/Security/KretaAuthorization.cs Normal file
View file

@ -0,0 +1,236 @@
using System;
using System.Collections.Generic;
using System.Web.Mvc;
using Kreta.BusinessLogic.Helpers;
using Kreta.BusinessLogic.Security;
using Kreta.Client.KGR;
using Kreta.Core;
using Kreta.Enums.ManualEnums;
using Kreta.Web.Helpers;
namespace Kreta.Web.Security
{
public class KretaAuthorization : IKretaAuthorization
{
public bool IsValidEvent(int eventId, CalendarOraTypeEnum calendarOraType, DateTime date)
{
switch (calendarOraType)
{
case CalendarOraTypeEnum.OrarendiOra:
return IsValidOrarendiOra(eventId, date);
case CalendarOraTypeEnum.TanitasiOra:
return IsValidTanitasiOra(eventId);
case CalendarOraTypeEnum.TanoranKivuliFoglalkozas:
case CalendarOraTypeEnum.TanoranKivuliNaplozottFoglalkozas:
case CalendarOraTypeEnum.TanoranKivuliTevekenyseg:
case CalendarOraTypeEnum.Egyeb:
case CalendarOraTypeEnum.UresOra:
case CalendarOraTypeEnum.TanevRendjeEsemeny:
return true;
}
return false;
}
public bool IsValidOrarendiOra(int orarendiOraId, DateTime oraDatuma)
{
if (ClaimManager.HasPackage(KretaClaimPackages.Ellenorzo.ClaimValue))
{
return AuthorizationHelper.OrarendiOra.TanuloHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), orarendiOraId, oraDatuma);
}
return true;
}
public bool IsValidTanitasiOra(int tanitasiOraId)
{
if (ClaimManager.HasPackage(KretaClaimPackages.Ellenorzo.ClaimValue))
{
return AuthorizationHelper.TanitasiOra.TanuloHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), tanitasiOraId);
}
return true;
}
public bool IsValidNemKotottMunkaido(int nemKotottMunkaidoId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.NemKotottMunkaido.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), nemKotottMunkaidoId));
public bool IsValidOsztaly(int osztalyId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.OsztalyCsoport.OsztalyfonokHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), osztalyId));
public bool IsValidCsoport(int csoportId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.OsztalyCsoport.CsoportvezetoHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), csoportId));
public bool IsValidOsztalyCsoport(int osztalyCsoportId, bool lehetTTF = false)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.OsztalyCsoport.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), osztalyCsoportId, lehetTTF));
public bool IsValidOsztalyCsoport(int osztalyCsoportId, int tantargyId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.OsztalyCsoport.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), osztalyCsoportId, tantargyId));
public bool IsValidOsztalyfonokTanuloja(int tanuloId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Tanulo.OsztalyfonokHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), tanuloId));
public bool IsValidTanulo(int tanuloId, bool lehetTTF = false)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Tanulo.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), tanuloId, lehetTTF));
public bool IsValidTanulo(List<int> tanuloIdList, int osztalyCsoportId, bool lehetTTF = false)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Tanulo.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), tanuloIdList, osztalyCsoportId, lehetTTF));
public bool IsValidTanulo(int tanuloId, int tantargyId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Tanulo.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), tanuloId, tantargyId));
public bool IsValidErtekeles(int ertekelesId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Ertekeles.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), ertekelesId));
public bool IsValidMagatartasSzorgalom(int magatartasSzorgalomId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.MagatartasSzorgalom.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), magatartasSzorgalomId));
public bool IsValidMulasztas(int mulasztasId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Mulasztas.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), mulasztasId));
public bool IsValidIgazolas(int igazolasId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.Igazolas.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), igazolasId));
public bool IsValidKozossegiSzolgalat(int kozossegiSzolgalatId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.KozossegiSzolgalat.TanarHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), kozossegiSzolgalatId));
public bool IsValidErettsegiEredmeny(int erettsegiEredmenyId)
=> AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(()
=> AuthorizationHelper.ErettsegiEredmeny.OsztalyfonokHasAccess(ConnectionTypeExtensions.GetSessionConnectionType(), erettsegiEredmenyId));
#region Duális képzés
// TODO: Ezeket ki kell szedni, hogy és az IsValidDualisKepzes függvényt kell használni mindenhol!
// Ha esetleg előfordul, hogy egyedi autorizáció kell egyes felületeket, majd azoknak kell újat felvenni.
// Minden új esetében, ahol nincs egyedi autorizáció, ott a IsValidDualisKepzes függvényt használjuk!
public bool IsValidSzakkepzesiMunkaszerzodes() => IsValidDualisKepzes();
public bool IsValidDualisOktatoCsoporthozRendeles() => IsValidDualisKepzes();
public bool IsValidDualisTanulok() => IsValidDualisKepzes();
public bool IsValidDualisTanuloSorolas() => IsValidDualisKepzes();
public bool IsValidDualisAlkalmazottak() => IsValidDualisKepzes();
public bool IsValidDualisCsoportok() => IsValidDualisKepzes();
public bool IsValidDualisHelyszinek() => IsValidDualisKepzes();
public bool IsValidDualisErtekelesek() => IsValidDualisKepzes();
public bool IsValidDualisMulasztasok() => IsValidDualisKepzes();
public bool IsValidDualisFeljegyzesek() => IsValidDualisKepzes();
public bool IsValidTanulasiElemImportExport() => IsValidDualisOktato();
public bool IsValidTanulasiElemek() => IsValidDualisOktato();
public bool IsValidDualisKepzes() => IsDualisKepzesIsEnabled &&
ClaimData.IsSzakkepzoIntezmeny &&
ClaimData.IsSelectedTanev21_22OrLater &&
!ClaimData.IsDefaultAdminUser &&
(ClaimData.FelhasznaloSzerepkor == Enums.SzerepkorTipusEnum.Dualis_Admin ||
ClaimData.FelhasznaloSzerepkor == Enums.SzerepkorTipusEnum.Adminisztrator ||
ClaimData.FelhasznaloSzerepCsomagok.Contains(KretaClaimPackages.IsSzakiranyuOktatasertFelelos.ClaimValue));
public bool IsValidDualisOktato()
{
if (!IsDualisKepzesIsEnabled || !ClaimData.IsSelectedTanev21_22OrLater || !ClaimData.IsSzakkepzoIntezmeny || ClaimData.FelhasznaloSzerepkor != Enums.SzerepkorTipusEnum.Naplo)
{
return false;
}
var szervezetId = new SzervezetHelper(ConnectionTypeExtensions.GetSessionConnectionType()).GetAlkalmazottSzervezetId(ClaimData.FelhasznaloId);
return szervezetId.IsEntityId();
}
private bool IsDualisKepzesIsEnabled => new IntezmenyConfigHelper(ConnectionTypeExtensions.GetSystemConnectionType()).GetIntezmenyConfig<bool>(IntezmenyConfigModulEnum.DualisKepzes, IntezmenyConfigTipusEnum.IsEnabled);
public bool IsValidDualisAdminOrarend() => IsValidDualisKepzes();
public bool IsValidDualisElektronikusUzenetek() => IsValidDualisOktato();
public bool IsValidDualisBeirasok() => IsValidDualisOktato();
#endregion Duális képzés
public bool IsValidTanuloApaczai()
{
if (!ClaimData.IsSelectedTanev21_22OrLater)
{
return false;
}
var connection = ConnectionTypeExtensions.GetSessionConnectionType();
var tanuloHelper = new TanuloHelper(connection);
var tanuloApaczaiHelper = new TanuloApaczaiHelper(connection);
var apaczaiMenuVisibility = tanuloHelper.CheckApaczaiMenuVisibility(ClaimData.IsSelectedTanev20_21OrLater, ClaimData.IsSelectedTanev21_22OrLater);
try
{
var kgrClient = (IKGRClient)DependencyResolver.Current.GetService(typeof(IKGRClient));
var tanuloVanPalyazata = new TanuloApaczaiHelper(connection).GetPalyazat(kgrClient, ClaimData.FelhasznaloIdpEgyediAzonosito).Id > 0;
if (tanuloVanPalyazata)
{
return true;
}
else
{
var tanulonakVanElfogadottPalyazataMasikIntezmenyben = tanuloApaczaiHelper.HasElfogadottPalyazatMasikIntezmenyByOktatasiAzonosito(kgrClient, ClaimData.IntezmenyGuid.Value, ClaimData.FelhasznaloId);
var tanuloApaczaiSzerzodeses = tanuloHelper.GetTanuloiAdatok(ClaimData.FelhasznaloId, ClaimData.KovTanevID, ClaimData.IsSelectedTanev20_21OrLater, ClaimData.IsSelectedTanev21_22OrLater).IsApaczaiSzerzodeses;
return (tanuloApaczaiSzerzodeses && tanulonakVanElfogadottPalyazataMasikIntezmenyben) || apaczaiMenuVisibility;
}
}
catch (Exception ex)
{
return false;
}
var intezmenyConfigHelper = new IntezmenyConfigHelper(connection);
if (!intezmenyConfigHelper.GetIntezmenyConfig<bool>(IntezmenyConfigModulEnum.Apaczai, IntezmenyConfigTipusEnum.IsEnabled))
{
return false;
}
return apaczaiMenuVisibility;
}
private bool AdminVagySzuperOsztalyfonokJogosultasagEllenorzes(Func<bool> action)
{
if (ClaimManager.HasPackage(KretaClaimPackages.Adminisztrator.ClaimValue))
{
return true;
}
if (ClaimManager.HasPackage(KretaClaimPackages.Naplo.ClaimValue))
{
if (ClaimManager.HasPackage(KretaClaimPackages.SzuperOsztalyfonok.ClaimValue))
{
return true;
}
return action();
}
return false;
}
}
}

29
KretaWeb/Security/LocalRequestOnlyAttribute.cs Normal file
View file

@ -0,0 +1,29 @@
using System.Threading;
using System.Threading.Tasks;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Kreta.Web.Security
{
/// <summary>
/// Allow only local requests
/// </summary>
public class LocalRequestOnlyAttribute : ActionFilterAttribute
{
/// <summary>
/// Authorization event
/// </summary>
/// <param name="actionContext">Context of the current action</param>
/// <param name="cancellationToken">Cancellation token</param>
/// <returns></returns>
public override Task OnActionExecutingAsync(HttpActionContext actionContext, CancellationToken cancellationToken)
{
if (!actionContext.RequestContext.IsLocal)
{
actionContext.Response = new System.Net.Http.HttpResponseMessage(System.Net.HttpStatusCode.Forbidden);
}
return base.OnActionExecutingAsync(actionContext, cancellationToken);
}
}
}

25
KretaWeb/Security/MvcCsokkentettGondviseloAccessAttribute.cs Normal file
View file

@ -0,0 +1,25 @@
using System.Net;
using System.Web;
using System.Web.Mvc;
using Kreta.BusinessLogic.Helpers.SystemSettings;
using Kreta.Web.Helpers;
namespace Kreta.Web.Security
{
public class MvcCsokkentettGondviseloAccessAttribute : ActionFilterAttribute
{
public MvcCsokkentettGondviseloAccessAttribute() { }
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var result = new SystemSettingsHelper(ConnectionTypeExtensions.GetOrganizationConnectionType()).GetSystemSettingValue<bool>(Enums.RendszerBeallitasTipusEnum.Csokkentett_gondviselok_kezelese);
if (!result)
{
filterContext.Result = new EmptyResult();
HttpContext.Current.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
HttpContext.Current.Response.End();
}
}
}
}

51
KretaWeb/Security/MvcFeatureAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,51 @@
using System;
using System.Web;
using System.Web.Mvc;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class MvcFeatureAuthorizeAttribute : AuthorizeAttribute
{
private readonly string[] featureNames;
public MvcFeatureAuthorizeAttribute(params string[] features)
{
featureNames = features;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return AuthorizeHelper.CheckFeatureAccess(featureNames);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
}
}

42
KretaWeb/Security/MvcFeatureMaintenanceAttribute.cs Normal file
View file

@ -0,0 +1,42 @@
using System;
using System.Web.Mvc;
using Kreta.BusinessLogic.Classes;
using Kreta.Web.Models;
namespace Kreta.Web.Security
{
/// <summary>
/// "Karbantartás"-hoz használható attribute, ami
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = false, Inherited = true)]
public class MvcFeatureMaintenanceAttribute : ActionFilterAttribute
{
private readonly string _featureName;
public MvcFeatureMaintenanceAttribute(string featureName)
{
_featureName = featureName;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var result = AuthorizeHelper.CheckMaintenanceInProgress(_featureName);
if (result != null && !string.IsNullOrWhiteSpace(SDAConvert.ToString(result["C_TARTALOM"])))
{
var view = new PartialViewResult
{
ViewName = "~/Views/HibaOldal/MaintenancePartial.cshtml",
ViewData = new ViewDataDictionary<MaintenanceModel>(new MaintenanceModel()
{
Title = SDAConvert.ToString(result["C_CIM"]),
Message = SDAConvert.ToString(result["C_TARTALOM"])
})
};
filterContext.Result = view;
return;
}
base.OnActionExecuting(filterContext);
}
}
}

85
KretaWeb/Security/MvcResourceAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,85 @@
using System;
using System.Security.Claims;
using System.Web;
using System.Web.Mvc;
using AuthorizationContext = System.Web.Mvc.AuthorizationContext;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = true)]
public class MvcResourceAuthorizeAttribute : AuthorizeAttribute
{
private string resource;
private string action;
private string[] additionalResources;
public MvcResourceAuthorizeAttribute()
{
}
public MvcResourceAuthorizeAttribute(string action, string resource, params string[] additionalResources)
{
this.action = action;
this.resource = resource;
this.additionalResources = additionalResources;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
return CheckAccess(action, resource, additionalResources);
}
public bool IsAuthorized(HttpContextBase httpContext)
{
return AuthorizeCore(httpContext);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new HttpUnauthorizedResult();
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
private static bool CheckAccess(string claimType, string resource, params string[] additionalResources)
{
var principal = HttpContext.Current.User as ClaimsPrincipal;
return CheckAccess(
principal,
claimType,
resource,
additionalResources);
}
private static bool CheckAccess(ClaimsPrincipal principal, string claimType, string resource, params string[] additionalResources)
{
bool access = resource == null ? principal.ClaimExists(claimType) : principal.ClaimExists(claimType, new[] { resource });
return access;
}
}
}

115
KretaWeb/Security/MvcRoleClaimsAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,115 @@
using System;
using System.Security.Claims;
using System.Web;
using System.Web.Mvc;
using Kreta.BusinessLogic.Security;
using Kreta.Enums;
using Kreta.Web.Areas.Adminisztracio.Controllers;
using Kreta.Web.Configuration;
using Kreta.Web.Controllers;
using AuthorizationContext = System.Web.Mvc.AuthorizationContext;
namespace Kreta.Web.Security
{
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class MvcRoleClaimsAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimValue;
private bool allowAll;
public MvcRoleClaimsAuthorizeAttribute(bool allowAll = false)
{
this.allowAll = allowAll;
SetInstance(KretaSecurityActions.Demand, new SzerepkorTipusEnum[] { });
}
public MvcRoleClaimsAuthorizeAttribute(params SzerepkorTipusEnum[] claimValue)
{
SetInstance(KretaSecurityActions.Demand, claimValue);
}
public MvcRoleClaimsAuthorizeAttribute(KretaSecurityActions type, params SzerepkorTipusEnum[] claimValue)
{
SetInstance(type, claimValue);
}
private void SetInstance(KretaSecurityActions type, SzerepkorTipusEnum[] value)
{
claimValue = AuthorizeHelper.ConvertRolesToAuthorizeProperty(type, value);
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (SkipAuthorization(filterContext))
return;
if (AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public bool IsAuthorized(HttpContextBase httpContext)
{
return AuthorizeCore(httpContext);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (HttpContext.Current == null)
return false;
if (HttpContext.Current.User == null)
return false;
var principal = HttpContext.Current.User as ClaimsPrincipal;
if (allowAll)
{
var identity = ClaimManager.GetClaimIdentity();
if (identity == null)
return false;
return principal.Identity.IsAuthenticated;
}
return AuthorizeHelper.CheckRoleAccess(claimValue, principal);
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
private bool SkipAuthorization(AuthorizationContext filterContext)
{
var idpConfiguration = DependencyResolver.Current.GetService<IIdpConfiguration>();
if (idpConfiguration.LoginEnabled)
{
if (filterContext.Controller is HomeController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
return true;
}
else
{
if (filterContext.Controller is LoginController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
return true;
}
bool result = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
return result;
}
}
}

95
KretaWeb/Security/MvcRolePackageAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,95 @@
using System;
using System.Web;
using System.Web.Mvc;
using Kreta.BusinessLogic.Security;
using Kreta.Enums.ManualEnums;
namespace Kreta.Web.Security
{
public class MvcRolePackageAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
{
public MvcRolePackageAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
public MvcRolePackageAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }
public override KretaSecurityActions ActionType()
{
return KretaSecurityActions.Demand;
}
}
public class MvcRolePackageDenyAuthorizeAttribute : MvcRolePackageBaseAuthorizeAttribute
{
public MvcRolePackageDenyAuthorizeAttribute(TanevEnum tanev, params string[] claimValue) : base(tanev, claimValue) { }
public MvcRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(TanevEnum.AktTanev, claimValue) { }
public override KretaSecurityActions ActionType()
{
return KretaSecurityActions.Deny;
}
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public abstract class MvcRolePackageBaseAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimPackages;
TanevEnum tanev;
public abstract KretaSecurityActions ActionType();
public MvcRolePackageBaseAuthorizeAttribute(TanevEnum tanev = TanevEnum.AktTanev, params string[] claimValue)
{
claimPackages = claimValue;
this.tanev = tanev;
}
public override void OnAuthorization(AuthorizationContext filterContext)
{
if ((tanev == TanevEnum.Mind
|| (tanev == TanevEnum.AktTanev && ClaimData.IsActivTanev)
|| (tanev == TanevEnum.KovTanev && ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID)
|| (tanev == TanevEnum.AktEsLezartTanev && ClaimData.SelectedTanevID.Value != ClaimData.KovTanevID)
|| (tanev == TanevEnum.AktEsKovTanev && (ClaimData.IsActivTanev || ClaimData.SelectedTanevID.Value == ClaimData.KovTanevID))
|| ActionType() == KretaSecurityActions.Deny)
&& AuthorizeCore(filterContext.HttpContext))
{
HttpCachePolicyBase cache = filterContext.HttpContext.Response.Cache;
cache.SetProxyMaxAge(new TimeSpan(0L));
cache.AddValidationCallback(new HttpCacheValidateHandler(CacheValidateHandler), null);
}
else
{
HandleUnauthorizedRequest(filterContext);
}
}
public bool IsAuthorized(HttpContextBase httpContext)
{
return AuthorizeCore(httpContext);
}
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
if (ActionType() == KretaSecurityActions.Deny)
{
result = !result;
}
return result;
}
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
AuthorizeHelper.MvcRequestAuthorizeFail(filterContext);
}
protected override HttpValidationStatus OnCacheAuthorization(HttpContextBase httpContext)
{
return !AuthorizeCore(httpContext) ? HttpValidationStatus.IgnoreThisRequest : HttpValidationStatus.Valid;
}
private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
{
validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
}
}
}

126
KretaWeb/Security/MvcSessionAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,126 @@
using System;
using System.Linq;
using System.Net;
using System.Web.Mvc;
using Kreta.Enums.ManualEnums;
using Kreta.Framework;
using Kreta.Web.Areas.Adminisztracio.Controllers;
using Kreta.Web.Classes;
using Kreta.Web.Configuration;
using Kreta.Web.Controllers;
using Kreta.Web.Controllers.Logic;
namespace Kreta.Web.Security
{
public class MvcSessionAuthorizeAttribute : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (SkipExistsOrganization(filterContext))
{
return;
}
if (SkipAuthorization(filterContext))
{
return;
}
if (AuthorizeSessionVariables())
{
if (filterContext.Controller is LayoutController && filterContext.ActionDescriptor.ActionName.Equals("GetRemainingTime"))
return;
SessionHandler.UpdateSessionTime();
}
else
{
if (!filterContext.HttpContext.Request.IsAjaxRequest())
{
if (filterContext.HttpContext.Request.Headers.AllKeys.Contains(Enums.ManualEnums.KliensTipusEnum.Mobile.ToString()))
{
filterContext.Result = new HttpStatusCodeResult((int)CustomHTTPStatusEnum.NincsBelepve);
}
else
{
var url = new UrlHelper(filterContext.RequestContext);
var idpConfiguration = DependencyResolver.Current.GetService<IIdpConfiguration>();
if (idpConfiguration.LoginEnabled)
{
MasterLayoutLogic.LogOut();
filterContext.Result = new RedirectResult(url.Action("Index", "Home", new { area = string.Empty }));
}
else
{
filterContext.Result = new RedirectResult(url.Action("Index", "Login", new { area = "Adminisztracio" }));
}
}
}
else
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Unauthorized);
filterContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
}
}
}
private bool AuthorizeSessionVariables()
{
if (!ClaimData.IsAuthenticated)
return false;
if (!SDAServer.Instance.SessionManager.IsSessionAlive(ClaimData.SessionId))
return false;
return true;
}
private bool SkipAuthorization(AuthorizationContext filterContext)
{
var idpConfiguration = DependencyResolver.Current.GetService<IIdpConfiguration>();
if (idpConfiguration.LoginEnabled)
{
if (filterContext.Controller is HomeController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
{
if (ClaimData.IsAuthenticated && !SDAServer.Instance.SessionManager.IsSessionAlive(ClaimData.SessionId))
return false;
return true;
}
}
else
{
if (filterContext.Controller is LoginController && filterContext.ActionDescriptor.ActionName.Equals("Index"))
return true;
}
return (IsAllowAnonymous(filterContext) || IsMvcSiteMapCalls(filterContext));
}
private static bool IsAllowAnonymous(AuthorizationContext filterContext)
{
bool result = filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true)
|| filterContext.ActionDescriptor.ControllerDescriptor.IsDefined(typeof(AllowAnonymousAttribute), inherit: true);
return result;
}
private static bool IsMvcSiteMapCalls(AuthorizationContext filterContext)
{
return filterContext.HttpContext.Request is MvcSiteMapProvider.Web.Mvc.SiteMapHttpRequest;
}
/// <summary>
/// Megvizsgáljuk, hogy létezik-e az URL-ben megadott intézmény azonosító. Ha nem, akkor hiba!
/// A bejelentkezési oldalra sem szabad irányítani.
/// </summary>
/// <param name="filterContext"></param>
/// <returns></returns>
static bool SkipExistsOrganization(AuthorizationContext filterContext)
{
bool letezoIntezmeny = KretaServer.KretaServer.Instance.GetOsszesIntezmeny().Contains(LoginManager.OrganizationIdentifier, StringComparer.InvariantCultureIgnoreCase);
if (letezoIntezmeny == false && filterContext.RequestContext.RouteData.Values["controller"].ToString() != "HibaOldal")
{
throw new InvalidConfigurationException($"Az intézmény nem létezik: {LoginManager.OrganizationIdentifier}");
}
return false;
}
}
}

48
KretaWeb/Security/MvcValidateAjaxAntiForgeryToken.cs Normal file
View file

@ -0,0 +1,48 @@
using System;
using System.Linq;
using System.Net;
using System.Web.Helpers;
using System.Web.Mvc;
namespace Kreta.Web.Security
{
/// <summary>
/// Validálja az Ajax hívások esetén a tokent csak az Ajaxhelper.js álltal küldött ajax hívás tartalmazza a tokent
/// </summary>
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class MvcValidateAjaxAntiForgeryToken : AuthorizeAttribute
{
public override void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext?.HttpContext?.Request.Headers != null)
{
var headerToken = filterContext.HttpContext
.Request
.Headers
.GetValues("X-Request-Verification-Token");
var cookieToken = filterContext.HttpContext
.Request
.Cookies[AntiForgeryConfig.CookieName];
if (cookieToken == null || headerToken == null)
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
}
else
{
try
{
AntiForgery.Validate(cookieToken.Value, headerToken.FirstOrDefault());
}
catch
{
filterContext.Result = new HttpStatusCodeResult(HttpStatusCode.Forbidden, Resources.ErrorResource.NincsJogaAzOldalMegtekintesehez);
}
}
}
}
}
}