inabox/InABox.Core/Security/Security.cs

using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.ComponentModel;
using System.Linq;
using System.Reflection;
using System.Security;
using System.Threading.Tasks;
using InABox.Clients;

namespace InABox.Core
{
    public static class Security
    {
        private static ISecurityDescriptor[]? _descriptors;
        private static GlobalSecurityToken[]? _globaltokens;
        private static Dictionary<Guid, SecurityToken[]> _grouptokens = new Dictionary<Guid, SecurityToken[]>();
        private static Dictionary<Guid, UserSecurityToken[]> _usertokens = new Dictionary<Guid, UserSecurityToken[]>();

        public static IEnumerable<ISecurityDescriptor> Descriptors
        {
            get
            {
                if (_descriptors == null)
                {
                    ISecurityDescriptor[] GetTokens(params Task<ISecurityDescriptor[]>[] tasks)
                    {
                        Task.WaitAll(tasks);
                        return CoreUtils.Concatenate(tasks.ToArray(x => x.Result));
                    }

                    var custom = Task.Run(() =>
                    {
                        return CoreUtils.Entities.Where(x => !x.IsGenericType && x.HasInterface<ISecurityDescriptor>())
                            .Select(x => Activator.CreateInstance(x) as ISecurityDescriptor)
                            .NotNull()
                            .ToArray();
                    });

                    bool Overridden(Type @class, Func<EntitySecurityAttribute, Type?> getToken)
                    {
                        return @class.GetCustomAttribute<EntitySecurityAttribute>() is EntitySecurityAttribute attr && getToken(attr) != null;
                    }

                    var auto = Task.Run(() =>
                    {
                        var entities = CoreUtils.Entities.Where( x => !x.IsGenericType && x.IsSubclassOf(typeof(Entity))).ToArray();
                        var view = Task.Run(() =>
                        {
                            return entities
                                .Where(x => !Overridden(x, x => x.CanView))
                                .Select(x => GetAutoToken(x, typeof(CanView<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var edit = Task.Run(() =>
                        {
                            return entities
                                .Where(x => !Overridden(x, x => x.CanEdit))
                                .Select(x => GetAutoToken(x, typeof(CanEdit<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var delete = Task.Run(() =>
                        {
                            return entities
                                .Where(x => !Overridden(x, x => x.CanDelete))
                                .Select(x => GetAutoToken(x, typeof(CanDelete<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var issues = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IIssues)))
                                .Select(x => GetAutoToken(x, typeof(CanManageIssues<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var exports = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IExportable)))
                                .Select(x => GetAutoToken(x, typeof(CanExport<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var imports = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IImportable)))
                                .Select(x => GetAutoToken(x, typeof(CanImport<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var merges = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IMergeable)))
                                .Select(x => GetAutoToken(x, typeof(CanMerge<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var posts = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IPostable)))
                                .Select(x => GetAutoToken(x, typeof(CanPost<>)))
                                .NotNull()
                                .ToArray();
                        });
                        var configPosts = Task.Run(() =>
                        {
                            return entities.Where(x => x.GetInterfaces().Contains(typeof(IPostable)))
                                .Select(x => GetAutoToken(x, typeof(CanConfigurePost<>)))
                                .NotNull()
                                .ToArray();
                        });
                        return GetTokens(view, edit, delete, issues, exports, merges, posts, configPosts);
                    });
                    _descriptors = GetTokens(custom, auto);
                    Array.Sort(_descriptors, CoreUtils.OrderBy((ISecurityDescriptor x) => x.Type).ThenBy(x => x.Code));
                }

                return _descriptors;
            }
        }

        public static void Reset()
        {
            _globaltokens = null;
            _grouptokens.Clear();
            _usertokens.Clear();
            _descriptors = null;
        }

        public static void CheckTokens(Guid userId, Guid securityID)
        {
            var userTask = !_usertokens.ContainsKey(userId)
                ? Client.QueryAsync(
                    Filter<UserSecurityToken>.Where(x => x.User.ID).IsEqualTo(ClientFactory.UserGuid),
                    Columns.None<UserSecurityToken>().Add(x => x.Descriptor).Add(x => x.Enabled))
                : null;
            var groupTask = !_grouptokens.ContainsKey(securityID)
                ?  Client.QueryAsync(
                    Filter<SecurityToken>.Where(x => x.Group.ID).IsEqualTo(ClientFactory.UserSecurityID),
                    Columns.None<SecurityToken>().Add(x => x.Descriptor).Add(x => x.Enabled))
                : null;
            var globalTask = _globaltokens is null
                ? Client.QueryAsync(
                    null,
                    Columns.None<GlobalSecurityToken>().Add(x => x.Descriptor).Add(x => x.Enabled))
                : null;
            if (userTask is null && groupTask is null && globalTask is null) return;

            CoreUtils.WaitAllNotNull(userTask, groupTask, globalTask);
            if(userTask != null)
            {
                _usertokens.Add(userId, userTask.Result.ToArray<UserSecurityToken>());
            }
            if(groupTask != null)
            {
                _grouptokens.Add(securityID, groupTask.Result.ToArray<SecurityToken>());
            }
            if(globalTask != null)
            {
                _globaltokens = globalTask.Result.ToArray<GlobalSecurityToken>();
            }
        }
        
        private static ISecurityDescriptor? GetAutoToken(Type _class, Type type)
        {
            var basetype = typeof(AutoSecurityDescriptor<,>);
            var actiontype = type.MakeGenericType(_class);
            var descriptortype = basetype.MakeGenericType(_class, actiontype);
            var descriptor = (Activator.CreateInstance(descriptortype) as ISecurityDescriptor)!;
            return descriptor;
            // if (!_descriptors.Any(x => string.Equals(x.Code, descriptor.Code)))
            //     _descriptors.Add(descriptor);
        }

        private static bool IsAllowedInternal(ISecurityDescriptor descriptor, Guid userGuid, Guid securityId)
        {
            // If you're not logged in, you can't do jack!
            if (userGuid == Guid.Empty)
                return false;

            CheckTokens(userGuid, securityId);
            
            // First Check for a matching User Token (override)
            var usertoken = _usertokens[userGuid].FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
            if (usertoken != null)
                return usertoken.Enabled;

            // If not found, fall back to the Group Token
            var grouptoken = _grouptokens[securityId].FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
            if (grouptoken != null)
                return grouptoken.Enabled;

            // Still not found? fall back to the Global Token
            var globaltoken = _globaltokens.FirstOrDefault(x => x.Descriptor.Equals(descriptor.Code));
            if (globaltoken != null)
                return globaltoken.Enabled;

            // Aaand finally, just return the default for the descriptor
            return descriptor.Value;
        }

        public static bool IsAllowed(Type T, Guid userGuid, Guid securityId)
        {
            var descriptor = (Activator.CreateInstance(T) as ISecurityDescriptor)!;
            try
            {
                if(IsAllowedInternal(descriptor, userGuid, securityId))
                {
                    if(descriptor is IDependentSecurityDescriptor dependent)
                    {
                        return dependent.DependsOn.All(x => IsAllowed(x, userGuid, securityId));
                    }
                    else
                    {
                        return true;
                    }
                }
                else
                {
                    return false;
                }
            }
            catch (Exception e)
            {
                Logger.Send(LogType.Error, "", string.Format("*** Unknown Error: {0}\n{1}", e.Message, e.StackTrace));
                return false;
            }
        }

        public static bool IsAllowed<T>(Guid userGuid, Guid securityId) where T : ISecurityDescriptor, new() 
            => IsAllowed(typeof(T), userGuid, securityId);

        public static bool IsAllowed<T>() where T : ISecurityDescriptor, new()
            => IsAllowed<T>(ClientFactory.UserGuid, ClientFactory.UserSecurityID);

        public static bool IsAllowed(Type T) 
            => IsAllowed(T, ClientFactory.UserGuid, ClientFactory.UserSecurityID);

        private static Type CreateAutoDescriptor(Type TAction, Type TEntity)
        {
            return typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, TAction.MakeGenericType(TEntity));
        }

        #region CanView

        private static Type CanViewSecurityDescriptor(Type T)
        {
            var security = T.GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanView ?? CreateAutoDescriptor(typeof(CanView<>), T);
        }
        private static Type CanViewSecurityDescriptor<T>()
            where T : Entity, new()
        {
            var security = typeof(T).GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanView ?? typeof(AutoSecurityDescriptor<T, CanView<T>>);
        }

        public static bool CanView<TEntity>(Guid userGuid, Guid securityId) where TEntity : Entity, new()
        {
            return IsAllowed(CanViewSecurityDescriptor<TEntity>(), userGuid, securityId);
        }

        public static bool CanView(Type TEntity)
        {
            return IsAllowed(CanViewSecurityDescriptor(TEntity));
        }
        public static bool CanView<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed(CanViewSecurityDescriptor<TEntity>());
        }

        #endregion

        #region CanEdit

        private static Type CanEditSecurityDescriptor(Type T)
        {
            var security = T.GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanEdit ?? CreateAutoDescriptor(typeof(CanEdit<>), T);
        }
        private static Type CanEditSecurityDescriptor<T>()
            where T : Entity, new()
        {
            var security = typeof(T).GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanEdit ?? typeof(AutoSecurityDescriptor<T, CanEdit<T>>);
        }

        public static bool CanEdit(Type TEntity, Guid userGuid, Guid securityId)
        {
            return IsAllowed(CanEditSecurityDescriptor(TEntity), userGuid, securityId);
        }
        public static bool CanEdit<TEntity>(Guid userGuid, Guid securityId) where TEntity : Entity, new()
        {
            return IsAllowed(CanEditSecurityDescriptor<TEntity>(), userGuid, securityId);
        }

        public static bool CanEdit(Type TEntity)
        {
            return IsAllowed(CanEditSecurityDescriptor(TEntity));
        }
        public static bool CanEdit<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed(CanEditSecurityDescriptor<TEntity>());
        }

        #endregion

        public static bool CanImport<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanImport<TEntity>>>();
        }

        public static bool CanExport<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanExport<TEntity>>>();
        }

        public static bool CanMerge<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanMerge<TEntity>>>();
        }

        public static bool CanPost<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanPost<TEntity>>>();
        }

        public static bool CanConfigurePost<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanConfigurePost<TEntity>>>();
        }

        #region CanDelete

        private static Type CanDeleteSecurityDescriptor(Type T)
        {
            var security = T.GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanDelete ?? CreateAutoDescriptor(typeof(CanDelete<>), T);
        }
        private static Type CanDeleteSecurityDescriptor<T>()
            where T : Entity, new()
        {
            var security = typeof(T).GetCustomAttribute<EntitySecurityAttribute>();
            return security?.CanDelete ?? typeof(AutoSecurityDescriptor<T, CanDelete<T>>);
        }

        public static bool CanDelete<TEntity>() where TEntity : Entity, new()
        {
            return IsAllowed(CanDeleteSecurityDescriptor<TEntity>());
        }
        
        public static bool CanDelete(Type TEntity)
        {
            return IsAllowed(CanDeleteSecurityDescriptor(TEntity));
        }

        #endregion

        public static bool CanManageIssues(Type TEntity)
        {
            return IsAllowed(typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, typeof(CanManageIssues<>).MakeGenericType(TEntity)));
        }

        public static bool CanManageIssues<TEntity>() where TEntity : Entity, IIssues, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanManageIssues<TEntity>>>();
        }
        
        public static bool CanManageProblems(Type TEntity)
        {
            return IsAllowed(typeof(AutoSecurityDescriptor<,>).MakeGenericType(TEntity, typeof(CanManageProblems<>).MakeGenericType(TEntity)));
        }

        public static bool CanManageProblems<TEntity>() where TEntity : Entity, IProblems, new()
        {
            return IsAllowed<AutoSecurityDescriptor<TEntity, CanManageProblems<TEntity>>>();
        }
    }
}