From e0cf80a5d0e2d6898b611892a331aa917b9370d9 Mon Sep 17 00:00:00 2001 From: Jake Mannens Date: Fri, 29 Sep 2023 17:46:47 +1000 Subject: Finalised security service --- Services/SecurityService.cs | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) (limited to 'Services/SecurityService.cs') diff --git a/Services/SecurityService.cs b/Services/SecurityService.cs index 48f2d3e..e365266 100644 --- a/Services/SecurityService.cs +++ b/Services/SecurityService.cs @@ -4,7 +4,19 @@ using System.Data; namespace HyperBooru.Services; -public class SecurityService { +public interface ISecurityService { + public IEnumerable Filter( + IEnumerable objects, + IPrincipal principal, + ulong permissions); + + public IEnumerable Filter( + IEnumerable objects, + IPrincipal principal, + T permissions) where T : Enum; +} + +public class SecurityService : ISecurityService { private IDbContextFactory dbFactory; private MemoryCache membershipCache; @@ -21,10 +33,10 @@ public class SecurityService { // TODO: preload the principal cache membershipCache = new() { - MaxItems = 1000, - MaxAge = TimeSpan.FromMinutes(10), - DataSource = (SidStruct sid) => { - } + MaxItems = 1000, + MaxAge = TimeSpan.FromMinutes(10), + DataSource = (SidStruct sid) => + principalProvider.GetGroups(new SecurityIdentifier(sid), true) }; aclCache = new() { @@ -70,10 +82,9 @@ public class SecurityService { ulong permissions = 0; - var principals = GetGroupMemberShip(principal) - .Cast() - .Concat(new[] { principal }) - .Select(p => p.Sid) + var principals = membershipCache[principal.Sid.SidStruct] + .Select(g => g.Sid) + .Concat(new[] { principal.Sid }) .ToArray(); var allowRules = acl.Rules.Where(r => r.Action == AclRuleAction.Allow); -- cgit v1.3