public async Task <Group> AddUsersToGroup(Group group, IEnumerable <User> usersToAdd)
{
var groupEntity = await AuthorizationDbContext.Groups.SingleOrDefaultAsync(g =>
g.Name == group.Name &&
g.TenantId == group.TenantId &&
g.IdentityProvider == group.IdentityProvider &&
!g.IsDeleted);
if (groupEntity == null)
{
throw new NotFoundException <Group>($"Could not find {typeof(Group).Name} entity with ID {group.Name}");
}
var groupUsers = new List <GroupUser>();
foreach (var user in usersToAdd)
{
group.Users.Add(user);
var groupUser = new GroupUser
{
GroupId = groupEntity.GroupId,
IdentityProvider = user.IdentityProvider,
SubjectId = user.SubjectId
};
AuthorizationDbContext.GroupUsers.Add(groupUser);
groupUsers.Add(groupUser);
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.ChildEntityCreatedEvent, group.Id.ToString(), group));
return(group);
}
public async Task <Group> Add(Group group)
{
var groupNameMatches = AuthorizationDbContext.Groups
.Where(g => !g.IsDeleted &&
g.Name == group.GroupIdentifier.GroupName).Select(e => e.ToModel()).ToList();
if (groupNameMatches.Any())
{
if (group.SourceEquals(GroupConstants.CustomSource))
{
throw new AlreadyExistsException <Group>(
$"Could not create group name {group.Name}. A group with the same name exists as a Custom group or a Directory group.");
}
if (groupNameMatches.Any(g =>
new GroupIdentifierComparer().Equals(g.GroupIdentifier, group.GroupIdentifier)))
{
throw new AlreadyExistsException <Group>(
$"Group {group.GroupIdentifier} already exists. Please use a different GroupName, IdentityProvider, or TenantId.");
}
}
group.Id = Guid.NewGuid();
var groupEntity = group.ToEntity();
AuthorizationDbContext.Groups.Add(groupEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.EntityCreatedEvent, group.Id.ToString(), groupEntity.ToModel()));
return(groupEntity.ToModel());
}
public async Task <Role> Add(Role role)
{
role.Id = Guid.NewGuid();
var roleEntity = role.ToEntity();
roleEntity.SecurableItem =
AuthorizationDbContext.SecurableItems.First(s => !s.IsDeleted && s.Name == role.SecurableItem);
if (role.ChildRoles.Any())
{
var childRoles = await AuthorizationDbContext.Roles.Where(r => role.ChildRoles.Contains(r.RoleId))
.ToListAsync();
foreach (var childRole in childRoles)
{
childRole.ParentRole = roleEntity;
}
}
AuthorizationDbContext.Roles.Add(roleEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Role>(EventTypes.EntityCreatedEvent, role.Id.ToString(), roleEntity.ToModel()));
return(roleEntity.ToModel());
}
public async Task <Role> AddPermissionsToRole(Role role, ICollection <Permission> allowPermissions,
ICollection <Permission> denyPermissions)
{
// TODO: handle case where role.Id may not exist in Roles table
foreach (var permission in allowPermissions)
{
AuthorizationDbContext.RolePermissions.Add(new RolePermission
{
RoleId = role.Id,
PermissionId = permission.Id,
PermissionAction = PermissionAction.Allow
});
role.Permissions.Add(permission);
}
foreach (var permission in denyPermissions)
{
AuthorizationDbContext.RolePermissions.Add(new RolePermission
{
RoleId = role.Id,
PermissionId = permission.Id,
PermissionAction = PermissionAction.Deny
});
role.Permissions.Add(permission);
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Role>(EventTypes.EntityUpdatedEvent, role.Id.ToString(), role));
return(role);
}
public async Task <Role> RemovePermissionsFromRole(Role role, Guid[] permissionIds)
{
var roleEntity = await AuthorizationDbContext.Roles
.Include(r => r.RolePermissions)
.SingleOrDefaultAsync(r =>
r.RoleId == role.Id &&
!r.IsDeleted);
if (roleEntity == null)
{
throw new NotFoundException <Role>($"Could not find {typeof(Role).Name} entity with ID {role.Id}");
}
foreach (var permissionId in permissionIds)
{
var rolePermissionToRemove = roleEntity.RolePermissions.Single(
rp => rp.RoleId == roleEntity.RoleId &&
rp.PermissionId == permissionId);
rolePermissionToRemove.IsDeleted = true;
AuthorizationDbContext.RolePermissions.Update(rolePermissionToRemove);
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Role>(EventTypes.EntityUpdatedEvent, role.Id.ToString(), role));
return(roleEntity.ToModel());
}
public async Task Delete(Permission permission)
{
var permissionEntity = await AuthorizationDbContext.Permissions
.Include(p => p.RolePermissions)
.Include(p => p.UserPermissions)
.SingleOrDefaultAsync(p =>
p.PermissionId == permission.Id &&
!p.IsDeleted);
if (permissionEntity == null)
{
throw new NotFoundException <Permission>(
$"Could not find {typeof(Permission).Name} entity with ID {permission.Id}");
}
permissionEntity.IsDeleted = true;
foreach (var rolePermission in permissionEntity.RolePermissions)
{
rolePermission.IsDeleted = true;
}
foreach (var userPermission in permissionEntity.UserPermissions)
{
userPermission.IsDeleted = true;
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Permission>(EventTypes.EntityDeletedEvent, permission.Id.ToString(), permissionEntity.ToModel()));
}
public WeatherForecastController(ILogger <WeatherForecastController> logger, IInitJobs initJob, DataContext data, AuthorizationDbContext dataContex)
{
_logger = logger;
_initJob = initJob;
_dataContext = dataContex;
dataContext = data;
}
public async Task <User> DeleteRolesFromUser(User user, IList <Role> roles)
{
var roleIds = roles.Select(r => r.Id);
var roleUsers =
AuthorizationDbContext.RoleUsers.Where(
ru => ru.SubjectId == user.SubjectId &&
ru.IdentityProvider == user.IdentityProvider &&
!ru.IsDeleted &&
roleIds.Contains(ru.RoleId));
foreach (var roleUser in roleUsers)
{
var roleToRemove = roles.FirstOrDefault(r => r.Id == roleUser.RoleId);
if (roleToRemove != null)
{
user.Roles.Remove(roleToRemove);
roleUser.IsDeleted = true;
}
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <User>(EventTypes.ChildEntityDeletedEvent, user.Id, user));
return(user);
}
public async Task Delete(Group group)
{
var groupEntity = await AuthorizationDbContext.Groups
.Include(g => g.GroupRoles)
.Include(g => g.GroupUsers)
.SingleOrDefaultAsync(g => g.GroupId == Guid.Parse(group.Id));
if (groupEntity == null)
{
throw new NotFoundException <Group>($"Could not find {typeof(Group).Name} entity with ID {group.Name}");
}
groupEntity.IsDeleted = true;
foreach (var groupRole in groupEntity.GroupRoles)
{
if (!groupRole.IsDeleted)
{
groupRole.IsDeleted = true;
}
}
foreach (var groupUser in groupEntity.GroupUsers)
{
if (!groupUser.IsDeleted)
{
groupUser.IsDeleted = true;
}
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.EntityDeletedEvent, group.Id, groupEntity.ToModel()));
}
public AccountController(
UserManager <IdentityUser> userManager,
AuthorizationDbContext applicationDbContext)
{
_userManager = userManager;
_applicationDbContext = applicationDbContext;
}
public async Task <Group> RemoveChildGroups(Group group, IEnumerable <Group> childGroups)
{
var childGroupList = childGroups.ToList();
var childGroupIds = childGroupList.Select(g => g.Id);
var childGroupEntities = AuthorizationDbContext.ChildGroups.Where(cg => !cg.IsDeleted && cg.ParentGroupId == group.Id && childGroupIds.Contains(cg.ChildGroupId));
foreach (var childGroup in childGroupList)
{
var childToRemove = group.Children.FirstOrDefault(c => c.Name == childGroup.Name);
if (childToRemove == null)
{
continue;
}
group.Children.Remove(childToRemove);
var childToRemoveEntity = childGroupEntities.FirstOrDefault(cg => cg.ParentGroupId == group.Id && cg.ChildGroupId == childGroup.Id);
if (childToRemoveEntity != null)
{
childToRemoveEntity.IsDeleted = true;
}
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.ChildEntityDeletedEvent, group.Id.ToString(), group));
return(group);
}
public async Task Delete(Role role)
{
var roleEntity = await AuthorizationDbContext.Roles
.Include(r => r.RolePermissions)
.Include(r => r.GroupRoles)
.SingleOrDefaultAsync(r =>
r.RoleId == role.Id &&
!r.IsDeleted);
if (roleEntity == null)
{
throw new NotFoundException <Role>($"Could not find {typeof(Role).Name} entity with ID {role.Id}");
}
roleEntity.IsDeleted = true;
foreach (var rolePermission in roleEntity.RolePermissions)
{
rolePermission.IsDeleted = true;
}
foreach (var groupRole in roleEntity.GroupRoles)
{
groupRole.IsDeleted = true;
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Role>(EventTypes.EntityDeletedEvent, role.Id.ToString(), roleEntity.ToModel()));
}
public async Task <Group> AddRolesToGroup(Group group, IEnumerable <Role> rolesToAdd)
{
var groupEntity = await AuthorizationDbContext.Groups.SingleOrDefaultAsync(g =>
g.Name == group.Name &&
g.TenantId == group.TenantId &&
g.IdentityProvider == group.IdentityProvider &&
!g.IsDeleted);
if (groupEntity == null)
{
throw new NotFoundException <Group>($"Could not find {typeof(Group).Name} entity with ID {group.Name}");
}
foreach (var role in rolesToAdd)
{
group.Roles.Add(role);
AuthorizationDbContext.GroupRoles.Add(new GroupRole
{
GroupId = groupEntity.GroupId,
RoleId = role.Id
});
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.ChildEntityCreatedEvent, group.Id.ToString(), group));
return(group);
}
public MultiTenantUserStore(AuthorizationDbContext context, IHttpContextAccessor httpContextAccessor) : base(context)
{
if (httpContextAccessor == null)
{
throw new ArgumentNullException(nameof(httpContextAccessor));
}
TenantId = httpContextAccessor.HttpContext?.GetTenantContext <Tenant>()?.Tenant?.Id ?? Guid.Empty;
}
public EntityFrameworkClientUsersRepository(AuthorizationDbContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
this.context = context;
}
public EventController(ILogger <EventController> logger,
AuthorizationDbContext dbContext,
UserManager <ApplicationUser> manager,
IHttpContextAccessor httpContextAccessor)
{
this.Logger = logger;
this.DbContext = dbContext;
this.UserManager = manager;
this.HttpContextAccessor = httpContextAccessor;
}
private void LoadChildrenRecursive(SecurableItem securableItem)
{
AuthorizationDbContext.Entry(securableItem)
.Collection(s => s.SecurableItems)
.Load();
foreach (var childSecurableItem in securableItem.SecurableItems)
{
LoadChildrenRecursive(childSecurableItem);
}
}
public async Task <User> Add(User user)
{
var userEntity = user.ToEntity();
AuthorizationDbContext.Users.Add(userEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <User>(EventTypes.EntityCreatedEvent, user.Id, userEntity.ToModel()));
return(userEntity.ToModel());
}
// private readonly IRepository<IdentityUserClaim<int>, int> claimsRepository;
public AuthService(IMapper mapper,
UserManager <User> userManager,
SignInManager <User> signInManager,
IJWTService jWTService,
AuthorizationDbContext authorizationDb)
{
_mapper = mapper;
_signInManager = signInManager;
_userManager = userManager;
_jwtService = jWTService;
_authdbContext = authorizationDb;
}
public AuthenticationProvider(
UserManager <UserEntity> userMgr,
SignInManager <UserEntity> signMgr,
AuthorizationDbContext dbContext,
AppSettings appSettings,
IMapper mapper)
{
this._userMgr = userMgr;
this._signMgr = signMgr;
this._appSettings = appSettings;
this._dbContext = dbContext;
this._mapper = mapper;
}
public SeedDb(ApplicationDbContext applicationDbContext,
ILogger <SeedDb> logger,
UserManager <ApplicationUser> userManager,
AuthorizationDbContext authorizationDbContext
)
{
this.applicationDbContext = applicationDbContext;
this.logger = logger;
this.userManager = userManager;
this.authorizationDbContext = authorizationDbContext;
applicationDbContext.Database.Migrate();
authorizationDbContext.Database.Migrate();
}
public async Task <Group> AddUserToGroup(Group group, User user)
{
var groupUser = new GroupUser
{
GroupId = Guid.Parse(group.Id),
SubjectId = user.SubjectId,
IdentityProvider = user.IdentityProvider
};
AuthorizationDbContext.GroupUsers.Add(groupUser);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.ChildEntityCreatedEvent, group.Id, group));
return(group);
}
private void LoadChildrenRecursive(SecurableItem securableItem)
{
if (securableItem.IsDeleted)
{
return;
}
AuthorizationDbContext.Entry(securableItem)
.Collection(s => s.SecurableItems)
.Load();
foreach (var childSecurableItem in securableItem.SecurableItems.Where(p => !p.IsDeleted))
{
LoadChildrenRecursive(childSecurableItem);
}
}
public async Task <Permission> Add(Permission permission)
{
permission.Id = Guid.NewGuid();
var permissionEntity = permission.ToEntity();
permissionEntity.SecurableItem =
AuthorizationDbContext.SecurableItems.First(s => !s.IsDeleted && s.Name == permission.SecurableItem);
AuthorizationDbContext.Permissions.Add(permissionEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Permission>(EventTypes.EntityCreatedEvent, permission.Id.ToString(), permissionEntity.ToModel()));
return(permissionEntity.ToModel());
}
public async Task Update(Role role)
{
var roleEntity = await AuthorizationDbContext.Roles
.SingleOrDefaultAsync(r =>
r.RoleId == role.Id &&
!r.IsDeleted);
if (roleEntity == null)
{
throw new NotFoundException <Role>($"Could not find {typeof(Role).Name} entity with ID {role.Id}");
}
role.ToEntity(roleEntity);
AuthorizationDbContext.Roles.Update(roleEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Role>(EventTypes.EntityUpdatedEvent, role.Id.ToString(), roleEntity.ToModel()));
}
public async Task <Group> DeleteRolesFromGroup(Group group, IEnumerable <Guid> roleIdsToDelete)
{
var groupRolesToRemove = AuthorizationDbContext.GroupRoles
.Where(gr => roleIdsToDelete.Contains(gr.RoleId) &&
gr.GroupId == group.Id &&
!gr.IsDeleted).ToList();
if (groupRolesToRemove.Count == 0)
{
throw new NotFoundException <Role>(
$"No role mappings found for group {group.Name} with the supplied role IDs");
}
var missingRoleMappings = new List <Guid>();
foreach (var groupRole in groupRolesToRemove)
{
// remove the role from the domain model
var roleToRemove = group.Roles.FirstOrDefault(r => r.Id == groupRole.RoleId);
if (roleToRemove == null)
{
missingRoleMappings.Add(groupRole.RoleId);
}
group.Roles.Remove(roleToRemove);
// mark the many-to-many DB entity as deleted
groupRole.IsDeleted = true;
AuthorizationDbContext.GroupRoles.Update(groupRole);
}
if (missingRoleMappings.Any())
{
throw new NotFoundException <Role>(
$"No role mapping(s) found for group {group.Name} with the following role IDs: {missingRoleMappings.ToString(", ")}");
}
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.ChildEntityDeletedEvent, group.Id.ToString(), group));
return(group);
}
public async Task Delete(User user)
{
var userEntity = await AuthorizationDbContext.Users
.SingleOrDefaultAsync(u =>
u.IdentityProvider == user.IdentityProvider &&
u.SubjectId == user.SubjectId &&
!u.IsDeleted);
if (userEntity == null)
{
throw new NotFoundException <User>(
$"Could not find {typeof(User).Name} User IDP = {user.IdentityProvider}, SubjectId = {user.SubjectId}");
}
userEntity.IsDeleted = true;
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <User>(EventTypes.EntityDeletedEvent, user.Id, userEntity.ToModel()));
}
public async Task Update(Client client)
{
var clientEntity = await AuthorizationDbContext.Clients
.Include(i => i.TopLevelSecurableItem)
.SingleOrDefaultAsync(c => c.ClientId == client.Id &&
!c.IsDeleted);
if (clientEntity == null)
{
throw new NotFoundException <Client>($"Could not find {typeof(Client).Name} entity with ID {client.Id}");
}
client.ToEntity(clientEntity);
AuthorizationDbContext.Clients.Update(clientEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Client>(EventTypes.EntityUpdatedEvent, client.Id, clientEntity.ToModel()));
}
public async Task Update(Group group)
{
var groupEntity = await AuthorizationDbContext.Groups
.Include(g => g.GroupRoles)
.Include(g => g.GroupUsers)
.SingleOrDefaultAsync(g => g.GroupId == group.Id);
if (groupEntity == null)
{
throw new NotFoundException <Group>($"Could not find {typeof(Group).Name} entity with ID {group.Name}");
}
group.ToEntity(groupEntity);
AuthorizationDbContext.Groups.Update(groupEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Group>(EventTypes.EntityUpdatedEvent, group.Id.ToString(), groupEntity.ToModel()));
}
public async Task Update(Permission permission)
{
var permissionEntity = await AuthorizationDbContext.Permissions
.SingleOrDefaultAsync(p =>
p.PermissionId == permission.Id &&
!p.IsDeleted);
if (permissionEntity == null)
{
throw new NotFoundException <Permission>(
$"Could not find {typeof(Permission).Name} entity with ID {permission.Id}");
}
permission.ToEntity(permissionEntity);
AuthorizationDbContext.Permissions.Update(permissionEntity);
await AuthorizationDbContext.SaveChangesAsync();
await EventService.RaiseEventAsync(new EntityAuditEvent <Permission>(EventTypes.EntityUpdatedEvent, permission.Id.ToString(), permissionEntity.ToModel()));
}
