nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-06-25 13:18:48 -05:00
Code
bitwarden/src/Admin/Services/AccessControlService.cs
Henrik 8bac7f0145
[PM-14476] Avoid multiple lookups in dictionaries (#4973) 
* Avoid multiple lookups in dictionaries

* Consistency in fallback to empty CollectionIds

* Readability at the cost of lines changed

* Readability

* Changes after running dotnet format
2025-06-02 11:18:28 -05:00

67 lines
1.8 KiB
C#
Raw Blame History

using System.Security.Claims;
using Bit.Admin.Enums;
using Bit.Admin.Utilities;
using Bit.Core.Settings;
namespace Bit.Admin.Services;
public class AccessControlService : IAccessControlService
{
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly IConfiguration _configuration;
private readonly IGlobalSettings _globalSettings;
public AccessControlService(
IHttpContextAccessor httpContextAccessor,
IConfiguration configuration,
IGlobalSettings globalSettings)
{
_httpContextAccessor = httpContextAccessor;
_configuration = configuration;
_globalSettings = globalSettings;
}
public bool UserHasPermission(Permission permission)
{
if (_globalSettings.SelfHosted)
{
return true;
}
var userRole = GetUserRoleFromClaim();
if (string.IsNullOrEmpty(userRole) || !RolePermissionMapping.RolePermissions.TryGetValue(userRole, out var rolePermissions))
{
return false;
}
return rolePermissions.Contains(permission);
}
public string GetUserRole(string userEmail)
{
var roles = _configuration.GetSection("adminSettings:role").GetChildren();
if (roles == null || !roles.Any())
{
return null;
}
userEmail = userEmail.ToLowerInvariant();
var userRole = roles.FirstOrDefault(s => (s.Value != null ? s.Value.ToLowerInvariant().Split(',').Contains(userEmail) : false));
if (userRole == null)
{
return null;
}
return userRole.Key.ToLowerInvariant();
}
private string GetUserRoleFromClaim()
{
return _httpContextAccessor.HttpContext?.User?.Claims?
.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
}
}
View Git Blame Copy Permalink