the-poolz / acl.net.core Goto Github PK

Let's use Where() function instead of FirstOrDefault here:

May be better use SHA-256 algorithm instead of AES? We don't need to recover input data. I think in our system better use one-way algorithm.

https://chat.openai.com/share/d72e2304-dff0-4872-8ecf-387c57ef4f5e

• First comment of #47
• Second comment of #47

This table will contain users tokens

add badges

Using environment for stored secret it's bad idea. Better add ISecretProvider interface

@Lomet Can you add this repository to sonarcloud?

Add ctor with one parameter context. And initialize default implementations of IUserManager and IResourceManager

Right now: Roles contain UserId
Need to be: User contain RoleId

I think it's better because right now in table Roles be many duplicate roles, and because of this many duplicates in Resources table

Add one new override of IsPermitted and IsPermittedAsync functions.
In these methods need to call GetResourceByName or GetResourceByNameAsync

public virtual bool IsPermitted(TUser user, string resource);
public virtual async Task<bool> IsPermittedAsync(TUser user, string resource)

It's need for prevent call two methods in AclManager

var resource = resourceManager.GetResourceByName(resourceName);
return resourceManager.IsPermitted(user, resource);

Reason - don't supported, split by two package

Make new PK (Name + RoleId). (This PK can make user in his context)
It's allow situation when DB contain two resources with the same name, but with different role.

Example:

Roles:

1. AdminRole
2. SuperAdminRole

Resources:

1. Name=OnlyAdminResource, RoleId = AdminRole
2. Name=OnlyAdminResource, RoleId = SuperAdminRole

In this example, we allow only AdminRole and SuperAdminRole, to call OnlyAdminResource

Also, need to update ResourceManager in overrides which receive IEnumerable<TResource> resources need to check if these resources has the same name. This move need to prevent this situation:

Roles:

1. UserRole
2. AdminRole

Resources:

1. Name=PublicResource, RoleId = UserRole
2. Name=AdminResource, RoleId = AdminRole

User call PublicResource and AdminResource with override which receive IEnumerable<TResource> resources and receive true because least one resource allow (in this situation allowed PublicResource)

Change AclDbContext<TKey, TUser> to AclDbContext<TKey>
Change AclManager<TKey, TUser> to AclManager<TKey>

If user need to override one of the tables, he can use <TKey, TUser, TRole, TResource> overload

• Delete MsSql.cs
• Delete UserId from User

split AclManager into two separate classes, UserManager and ResourceManager

• Acl.Net.Core.Database
• Acl.Net.Core.Managers

• Remove exist Acl.cs. Instead of this, we write AclManager who will contain only needed methods.
• Remove Backend.cs. Instead of this, we write DataProvider who will contain only needed methods.
• Remove Interfaces folder.
• Remove Utils.cs.
• Remove table/entity Permission.
• Remove fields from tables/entities who don't need. Example: User = string[] RoleNames.
• Remove RoleParentNotFoundException.cs

Add new property Name for model User and implement new override of method IsPermitted in AclManager

public virtual bool IsPermitted(TUser user, string resourceName)

public virtual bool IsPermitted(string userName, TResource resource)

public virtual bool IsPermitted(TUser user, TResource resource)

Add the same overrides, but for IsPermittedAsync

• Add interface IUserManager for possible override default UserManager
• Add interface IResourceManager for possible override default ResourceManager