static void RevokeOperationRight(string operation, string path, string name)
{
AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey);
Uri uri = ServiceBusEnvironment.CreateServiceUri("http", @namespace, path);
AccessControlList list = NamespaceAccessControl.GetAccessControlList(uri, settings);
IdentityReference identityReference = IdentityReference.CreateServiceIdentityReference(name);
if (operation.Equals("Send", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Send));
if (existing != null)
{
if (existing.Inherited)
{
Console.Error.WriteLine("Cannot revoke inherited rules.");
return;
}
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else if (operation.Equals("Listen", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Listen));
if (existing != null)
{
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else if (operation.Equals("Manage", StringComparison.OrdinalIgnoreCase))
{
AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Manage));
if (existing != null)
{
list.RemoveRule(existing);
list.SaveChanges();
}
else
{
Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name);
}
}
else
{
Console.Error.WriteLine("Unknown operation '{0}'", operation);
}
}
public void Post([FromBody] AccessControlPolicyInsertCommand command)
{
bool IsResourceRequired = false;
if (command.Target.Contains("\"Resource."))
{
IsResourceRequired = true;
}
var accessControlRules = new List <AccessControlRule>();
foreach (var rule in command.Rules)
{
var condition = _conditionalExpressionService.Parse(rule.Condition);
var accessControlRule = new AccessControlRule()
{
Id = rule.RuleID,
Effect = rule.Effect,
Condition = condition
};
accessControlRules.Add(accessControlRule);
if (!IsResourceRequired)
{
IsResourceRequired = rule.Condition.Contains("\"Resource.");
}
}
var target = _conditionalExpressionService.Parse(command.Target);
var accessControlModel = new AccessControlPolicy()
{
PolicyId = command.PolicyID,
CollectionName = command.CollectionName,
Action = command.Action,
Description = command.Description,
RuleCombining = command.RuleCombining,
Target = target,
Rules = accessControlRules,
IsAttributeResourceRequired = IsResourceRequired
};
_accessControlPolicyRepository.Add(accessControlModel);
}
public static void Run()
{
try
{
// ExStart:ManageAccessRule
GoogleTestUser User2 = new GoogleTestUser("user", "email address", "password", "clientId", "client secret");
string accessToken;
string refreshToken;
GoogleOAuthHelper.GetAccessToken(User2, out accessToken, out refreshToken);
using (IGmailClient client = GmailClient.GetInstance(accessToken, User2.EMail))
{
// Retrieve list of calendars for the current client
ExtendedCalendar[] calendarList = client.ListCalendars();
// Get first calendar id and retrieve list of AccessControlRule for the first calendar
string calendarId = calendarList[0].Id;
AccessControlRule[] roles1 = client.ListAccessRules(calendarId);
// Create a local access control rule and Set rule properties
AccessControlRule rule = new AccessControlRule();
rule.Role = AccessRole.reader;
rule.Scope = new AclScope(AclScopeType.user, User2.EMail);
// Insert new rule for the calendar. It returns the newly created rule
AccessControlRule createdRule = client.CreateAccessRule(calendarId, rule);
// Confirm if local created rule and returned rule are equal
if ((rule.Role == createdRule.Role) && (rule.Scope.Type == createdRule.Scope.Type) && (rule.Scope.Value.ToLower() == createdRule.Scope.Value.ToLower()))
{
Console.WriteLine("local rule and returned rule after creation are equal");
}
else
{
Console.WriteLine("Rule could not be created successfully");
return;
}
// Get list of rules
AccessControlRule[] roles2 = client.ListAccessRules(calendarId);
// Current list length should be 1 more than the earlier one
if (roles1.Length + 1 == roles2.Length)
{
Console.WriteLine("List lengths are ok");
}
else
{
Console.WriteLine("List lengths are not ok");
return;
}
// Change rule and Update the rule for the selected calendar
createdRule.Role = AccessRole.writer;
AccessControlRule updatedRule = client.UpdateAccessRule(calendarId, createdRule);
// Check if returned access control rule after update is ok
if ((createdRule.Role == updatedRule.Role) && (createdRule.Id == updatedRule.Id))
{
Console.WriteLine("Rule is updated successfully");
}
else
{
Console.WriteLine("Rule is not updated");
return;
}
// Retrieve individaul rule against a calendar
AccessControlRule fetchedRule = client.FetchAccessRule(calendarId, createdRule.Id);
//Check if rule parameters are ok
if ((updatedRule.Id == fetchedRule.Id) && (updatedRule.Role == fetchedRule.Role) && (updatedRule.Scope.Type == fetchedRule.Scope.Type) && (updatedRule.Scope.Value.ToLower() == fetchedRule.Scope.Value.ToLower()))
{
Console.WriteLine("Rule parameters are ok");
}
else
{
Console.WriteLine("Rule parameters are not ok");
}
// Delete particular rule against a given calendar and Retrieve the all rules list for the same calendar
client.DeleteAccessRule(calendarId, createdRule.Id);
AccessControlRule[] roles3 = client.ListAccessRules(calendarId);
// Check that current rules list length should be equal to the original list length before adding and deleting the rule
if (roles1.Length == roles3.Length)
{
Console.WriteLine("List lengths are same");
}
else
{
Console.WriteLine("List lengths are not equal");
return;
}
}
// ExEnd:ManageAccessRule
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
}
