diff options
| author | Jake Mannens <jake@asger.xyz> | 2023-09-29 17:46:47 +1000 |
|---|---|---|
| committer | Jake Mannens <jake@asger.xyz> | 2023-09-29 17:57:21 +1000 |
| commit | e0cf80a5d0e2d6898b611892a331aa917b9370d9 (patch) | |
| tree | 75809891d57e687a246233f52feead273a1eca7d /Services | |
| parent | c5ff0b57a12b605a5ae5ae8a92ce7a4e8eaec77a (diff) | |
Finalised security service
Diffstat (limited to 'Services')
| -rw-r--r-- | Services/PrincipalProvider.cs | 12 | ||||
| -rw-r--r-- | Services/SecurityService.cs | 29 |
2 files changed, 30 insertions, 11 deletions
diff --git a/Services/PrincipalProvider.cs b/Services/PrincipalProvider.cs index 0c35007..d37e8c0 100644 --- a/Services/PrincipalProvider.cs +++ b/Services/PrincipalProvider.cs @@ -8,6 +8,9 @@ public interface IPrincipalProvider { public IGroup[] GetGroups(IPrincipal principal); public IGroup[] GetGroups(IPrincipal principal, bool recurse); + public IGroup[] GetGroups(SecurityIdentifier sid); + public IGroup[] GetGroups(SecurityIdentifier sid, bool recurse); + public bool ValidatePassword(IUser user, string password); } @@ -16,8 +19,13 @@ public abstract class PrincipalProvider : IPrincipalProvider { public abstract IUser? GetUser(string name); public abstract IGroup? GetGroup(string name); - public IGroup[] GetGroups(IPrincipal principal) => GetGroups(principal, false); - public abstract IGroup[] GetGroups(IPrincipal principal, bool recurse); + public IGroup[] GetGroups(IPrincipal principal) => + GetGroups(principal.Sid, false); + public IGroup[] GetGroups(IPrincipal principal, bool recurse) => + GetGroups(principal.Sid, recurse); + + public IGroup[] GetGroups(SecurityIdentifier sid) => GetGroups(sid, false); + public abstract IGroup[] GetGroups(SecurityIdentifier sid, bool recurse); public abstract bool ValidatePassword(IUser user, string password); } diff --git a/Services/SecurityService.cs b/Services/SecurityService.cs index 48f2d3e..e365266 100644 --- a/Services/SecurityService.cs +++ b/Services/SecurityService.cs @@ -4,7 +4,19 @@ using System.Data; namespace HyperBooru.Services; -public class SecurityService { +public interface ISecurityService { + public IEnumerable<HBObject> Filter( + IEnumerable<HBObject> objects, + IPrincipal principal, + ulong permissions); + + public IEnumerable<HBObject> Filter<T>( + IEnumerable<HBObject> objects, + IPrincipal principal, + T permissions) where T : Enum; +} + +public class SecurityService : ISecurityService { private IDbContextFactory<HBContext> dbFactory; private MemoryCache<SidStruct, IGroup[]> membershipCache; @@ -21,10 +33,10 @@ public class SecurityService { // TODO: preload the principal cache membershipCache = new() { - MaxItems = 1000, - MaxAge = TimeSpan.FromMinutes(10), - DataSource = (SidStruct sid) => { - } + MaxItems = 1000, + MaxAge = TimeSpan.FromMinutes(10), + DataSource = (SidStruct sid) => + principalProvider.GetGroups(new SecurityIdentifier(sid), true) }; aclCache = new() { @@ -70,10 +82,9 @@ public class SecurityService { ulong permissions = 0; - var principals = GetGroupMemberShip(principal) - .Cast<IPrincipal>() - .Concat(new[] { principal }) - .Select(p => p.Sid) + var principals = membershipCache[principal.Sid.SidStruct] + .Select(g => g.Sid) + .Concat(new[] { principal.Sid }) .ToArray(); var allowRules = acl.Rules.Where(r => r.Action == AclRuleAction.Allow); |