All geek questions in one place

Enable WPF-based authorization using the Enum checkbox

I have been doing C # for a month, so please forgive the “locality” of this question, but I researched for several hours and I hit a brick wall.

I saw examples on the left and right for role-based authorization for WPF applications using IIdentity and IPrincipal .

However, I can not find much information about more permissions based on permissions , in this application, imagine that there are no groups, but just a list of permissions and users, and you can assign permission to someone.

I would like to be able to:

1) To be able to manage UI / elements based on user rights with such states as: Enabled, ReadOnly, Invisible, Collapsed (as shown here https://uiauth.codeplex.com/ )
2) Be able to indicate at the class or method level which permissions are needed (similar to http://lostechies.com/derickbailey/2011/05/24/dont-do-role-based-authorization-checks-do-activity-based-checks / )

Instead:

[PrincipalPermission(SecurityAction.Demand, Role = "Administrators")]

I need something like:

[PrincipalPermission(SecurityAction.Demand, Permission = "Can add users")]

Currently, the only way I can see how to do this is to use ICommand and put the authorization logic in CanExecute methods, using a lot of string comparisons to find out if the user has the right to perform the requested actions, such as:

 // Employee class public bool HasRight(SecurityRight right) { return employee.Permissions.Contains(right); } // Implementation, check if employee has right to continue if (employee.HasRight(db.SecurityRights.Single(sr => sr.Description == "Can edit users"))) { // Allowed to perform action } else { // User does not have right to continue throw SecurityException; }

I was told that Enum Flags might be what I'm looking for. What does the Enum [Flags] Enum attribute in C # mean?

I think I understand enum / flag / bits, but not enough to complete the implementation ...

If I have:

EmployeeModel
EmployeeViewModel
ThingTwoModel
ThingTwoViewModel
Mainview

I'm not sure where everything is going, and how to tie it all together ... here's what I still have (I understand that this is not a working example ... here's my problem!):

  [Flags] public enum Permissions { None = 0, Create = 1 << 0, Read = 1 << 1, Update = 1 << 2, Delete = 1 << 3, User = 1 << 4, Group = 1 << 5 } public static void testFlag() { Permissions p; var x = p.HasFlag(Permissions.Update) && p.HasFlag(Permissions.User); var desiredPermissions = Permissions.User | Permissions.Read | Permissions.Create; if (x & p == desiredPermissions) { //the user can be created and read by this operator } }

Thanks for any recommendations.

+1
source share
2 answers

well testFlag will not work as it is. I think you want something like ( LINQPad C # program fragment):

 void Main() { //can create user but not read the information back var userCanBeCreatedPermission = Permissions.Create | Permissions.User; //can create and readback var userCanBeCreatedAndReadBackPermission = userCanBeCreatedPermission | Permissions.Read; userCanBeCreatedPermission.HasFlag(Permissions.User).Dump(); //returns true (userCanBeCreatedPermission.HasFlag(Permissions.User) && userCanBeCreatedPermission.HasFlag(Permissions.Read)).Dump(); //returns false //alternative way of checking flags is to combine the flags and do an And mask check //the above can be written as ((userCanBeCreatedPermission & (Permissions.User | Permissions.Read)) == (Permissions.User | Permissions.Read)).Dump(); //returns false //using a variable to have combined permissions for readibility & using And mask: var desiredPermissions = Permissions.User | Permissions.Read; //checking with user that has both Create & Read permissions ((userCanBeCreatedAndReadBackPermission & desiredPermissions) == desiredPermissions).Dump(); // returns true because the user information can be read back by this user ((userCanBeCreatedAndReadBackPermission & Permissions.Delete) == Permissions.Delete).Dump(); // returns false because the user can't be deleted } [Flags] public enum Permissions { None = 0, Create = 1 << 0, Read = 1 << 1, Update = 1 << 2, Delete = 1 << 3, User = 1 << 4, Group = 1 << 5 }

Does this answer your question?

+1
source

Final Solution (.linq):

 void Main() { // Permissions definition var userCreate = new Authorization<User>(Permissions.Create); var userRead = new Authorization<User>(Permissions.Read); var carrotCreate = new Authorization<Carrot>(Permissions.Create); var carrotRead = new Authorization<Carrot>(Permissions.Read); // User var user = new User(); // User has no permissions yet if(user.IsAuthorized<User>(Permissions.Create)) "I can create User".Dump(); else "No creating User for me".Dump(); // Now user can Create users user.Authorizations.Add(userCreate); if(user.IsAuthorized<User>(Permissions.Create)) "I can create User".Dump(); else "No creating User for me".Dump(); // User can read carrots user.Authorizations.Add(carrotRead); if(user.IsAuthorized<Carrot>(Permissions.Create)) "I can create carrots".Dump(); else "No creating carrots for me".Dump(); if(user.IsAuthorized<Carrot>(Permissions.Read)) "I can read carrots".Dump(); else "No reading carrots for me".Dump(); // User can now create carrots user.Authorizations.Add(carrotCreate); if(user.IsAuthorized<Carrot>(Permissions.Create)) "I can create carrots".Dump(); else "No creating carrots for me".Dump(); } [Flags] public enum Permissions : ulong { Create = 1 << 0, Read = 1 << 1, Update = 1 << 2, Delete = 1 << 3 } public abstract class Auth{ } public class Authorization<T> : Auth { public Authorization(Permissions permissions){ this.Permissions = permissions; } public Permissions Permissions {get;set;} } public class Carrot{ public int Id{get; set;} } public class User{ public User(){ Authorizations = new List<Auth>(); } public List<Auth> Authorizations{get; set;} public bool IsAuthorized<T>(Permissions permission){ foreach(var auth in Authorizations) if(auth is Authorization<T>){ var a = auth as Authorization<T>; if(a.Permissions == permission) return true; } return false; } }
+1
source

Source: https://habr.com/ru/post/952376/

More articles:


All Articles