You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Connected.Framework/Connected.Security/Permissions/IPermission.cs

79 lines
3.0 KiB

2 years ago
using Connected.Data;
namespace Connected.Security.Permissions;
/// <summary>
/// Specifies the state of each permission entry.
/// </summary>
public enum PermissionValue
{
/// <summary>
/// Permission is not set on the entry. This is a default value
/// of each permission entry.
/// </summary>
NotSet = 0,
/// <summary>
/// Evidence does have a claim for the specified resource.
/// </summary>
Allow = 1,
/// <summary>
/// Evidence does not have a claim for the specified resource.
/// </summary>
Deny = 2
}
/// <summary>
/// Represents the permission entry for the specific resource.
/// </summary>
/// <remarks>
/// Environment's assets are protected by <see cref="IApiAuthorizationMiddleware"/>. The implementation of each
/// policy is based on the <see cref="AuthorizationAttribute{TPolicy}"/> which usually provides the Action,
/// which can be set to assets. The most common assets are <see cref="Sys.Api.IApiService"/> methods. Assets or
/// <see cref="Component"/> define the <see cref="Method"/> which along with Action represents the basics of the permission.
/// The <see cref="IApiAuthorizationMiddleware"/> implementation contains the logic what claims are needed to perform each action. Additionally,
/// policy tipically provides a set of claims on which permissions can be set. Permissions are based on descriptors, which can be
/// User, Role or any other registered implementation of the <see cref="IPermissionDescriptor"/> interface. Descriptor provides a set of
/// schemas, usually users and roles and that concludes the permission's component model.
/// </remarks>
public interface IPermission : IPrimaryKey<int>
{
/// <summary>
/// The id of the evidence to which permission is bound to. This is
/// typically provided by <see cref="IAuthorizationMiddleware"/>.
/// </summary>
string Evidence { get; }
/// <summary>
/// The type of the evidence to which permission is bound to. This is
/// typically provided by <see cref="IAuthorizationMiddleware"/>.
/// </summary>
string Schema { get; }
/// <summary>
/// The claim to which permission is bound to. This is typically
/// provided by <see cref="IApiAuthorizationMiddleware"/>.
/// </summary>
string Claim { get; }
/// <summary>
/// The primary key of the entity. Can be null if permission is not record based.
/// </summary>
string? PrimaryKey { get; }
/// <summary>
/// The entity to which permission is bound to. Can be null if permission is
/// environment wide and not bound to a specific entity.
/// </summary>
string? Entity { get; }
/// <summary>
/// The actual value of the permission.
/// </summary>
PermissionValue Value { get; }
/// <summary>
/// The component to which permission is bound to. This is important for advanced
/// permission models, for example where admins require the specific permission to be
/// set on a specific service method but the policy is shared between many different
/// services.
/// </summary>
string? Component { get; }
/// <summary>
/// The component's method for advanced permission models.
/// </summary>
string? Method { get; }
}