Browse files

RavenDB-324 - Adding a way to define admin/readonly per database

  • Loading branch information...
1 parent d0a7bc1 commit 1abdfb2b9dbc7183d36e639298c808c21167128d @ayende ayende committed May 29, 2012
View
7 Bundles/Raven.Bundles.Authentication/AuthenticationUser.cs
@@ -10,7 +10,9 @@ public class AuthenticationUser
public string Name { get; set; }
public string Id { get; set; }
public bool Admin { get; set; }
- public string[] AllowedDatabases { get; set; }
+ public string[] AllowedDatabases { get; set; }
+
+ public UserDatabaseAccess[] Databases { get; set; }
protected string HashedPassword { get; private set; }
@@ -48,5 +50,6 @@ public bool ValidatePassword(string maybePwd)
{
return HashedPassword == GetHashedPassword(maybePwd);
}
- }
+
+ }
}
View
89 Bundles/Raven.Bundles.Authentication/AuthorizeClient.cs
@@ -1,36 +1,55 @@
-using Raven.Database;
-using Raven.Database.Server.Security.OAuth;
-using Raven.Abstractions.Extensions;
-using System.Linq;
-
-namespace Raven.Bundles.Authentication
-{
- public class AuthenticateClient : IAuthenticateClient
- {
- public bool Authenticate(DocumentDatabase currentStore, string username, string password, out AccessTokenBody.DatabaseAccess[] allowedDatabases)
- {
- allowedDatabases = new AccessTokenBody.DatabaseAccess[0];
-
- var jsonDocument = currentStore.Get("Raven/Users/"+username, null);
- if (jsonDocument == null)
- {
- return false;
- }
-
- var user = jsonDocument.DataAsJson.JsonDeserialization<AuthenticationUser>();
-
- var validatePassword = user.ValidatePassword(password);
- if (validatePassword)
- {
- allowedDatabases = user.AllowedDatabases.Select(tenantId=> new AccessTokenBody.DatabaseAccess
- {
- TenantId = tenantId,
- Admin = user.Admin
- }).ToArray();
- }
-
- return validatePassword;
- }
-
- }
+using System.Collections.Generic;
+using Raven.Database;
+using Raven.Database.Server.Security.OAuth;
+using Raven.Abstractions.Extensions;
+using System.Linq;
+
+namespace Raven.Bundles.Authentication
+{
+ public class AuthenticateClient : IAuthenticateClient
+ {
+ public bool Authenticate(DocumentDatabase currentStore, string username, string password, out AccessTokenBody.DatabaseAccess[] allowedDatabases)
+ {
+ allowedDatabases = new AccessTokenBody.DatabaseAccess[0];
+
+ var jsonDocument = currentStore.Get("Raven/Users/" + username, null);
+ if (jsonDocument == null)
+ {
+ return false;
+ }
+ var user = jsonDocument.DataAsJson.JsonDeserialization<AuthenticationUser>();
+
+ var validatePassword = user.ValidatePassword(password);
+ if (!validatePassword)
+ return false;
+
+ var dbs = Enumerable.Empty<AccessTokenBody.DatabaseAccess>();
+ if (user.AllowedDatabases != null)
+ {
+ var accesses = user.AllowedDatabases.Select(tenantId => new AccessTokenBody.DatabaseAccess
+ {
+ TenantId = tenantId,
+ Admin = user.Admin,
+ ReadOnly = false
+ });
+ dbs = dbs.Concat(accesses);
+ }
+
+ if (user.Databases != null)
+ {
+ var accesses = user.Databases.Select(x => new AccessTokenBody.DatabaseAccess
+ {
+ Admin = user.Admin | x.Admin,
+ ReadOnly = x.ReadOnly,
+ TenantId = x.Name
+ });
+ dbs = dbs.Concat(accesses);
+ }
+
+ allowedDatabases = dbs.ToArray();
+
+ return true;
+ }
+
+ }
}
View
1 Bundles/Raven.Bundles.Authentication/Raven.Bundles.Authentication.csproj
@@ -59,6 +59,7 @@
<Compile Include="AuthenticationUser.cs" />
<Compile Include="AuthorizeClient.cs" />
<Compile Include="EnsureAtLeastOneUserExists.cs" />
+ <Compile Include="UserDatabaseAccess.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\Raven.Abstractions\Raven.Abstractions.csproj">
View
9 Bundles/Raven.Bundles.Authentication/UserDatabaseAccess.cs
@@ -0,0 +1,9 @@
+namespace Raven.Bundles.Authentication
+{
+ public class UserDatabaseAccess
+ {
+ public bool ReadOnly { get; set; }
+ public bool Admin { get; set; }
+ public string Name { get; set; }
+ }
+}

0 comments on commit 1abdfb2

Please sign in to comment.