//[TestMethod]
public void TestCreateDatabase()
{
using (var context = new CamModel(@"Data Source=(LocalDb)\v11.0;Initial Catalog=TestCam;Integrated Security=True"))
{
Database.SetInitializer <CamModel>(new DropCreateDatabaseAlways <CamModel>());
context.Database.Initialize(true);
}
}
/// <summary>
/// Returns a query to retrieve user dto's from the cam model.
/// </summary>
/// <param name="context">The context to query.</param>
/// <param name="queryOperator">The query operator.</param>
/// <returns>The query to retrieve the users.</returns>
public static IQueryable <UserDTO> CreateGetUsersQuery(CamModel context, QueryableOperator <UserDTO> queryOperator)
{
Contract.Requires(context != null, "The context must not be null.");
Contract.Requires(queryOperator != null, "The query operator must not be null.");
var query = context.UserAccounts.Select(x => new UserDTO
{
AdGuid = x.AdGuid,
DisplayName = x.DisplayName,
FirstName = x.FirstName,
PrincipalId = x.PrincipalId,
LastName = x.LastName,
Email = x.EmailAddress,
});
query = query.Apply(queryOperator);
return(query);
}
/// <summary>
/// Returns the permissions for the principal with the given id.
/// </summary>
/// <param name="context">The context to query.</param>
/// <param name="principalId">The id of the principal.</param>
/// <returns>The permissions for the principal with the given id.</returns>
public static IQueryable <SimplePermission> CreateGetSimpleResourceAuthorizationsByPrincipalId(CamModel context, int principalId)
{
Contract.Requires(context != null, "The context must not be null.");
//Get permission assignments for the principal by principal id
var permissionAssignmentQuery = from permissionAssignment in context.PermissionAssignments
join resource in context.Resources
on permissionAssignment.ResourceId equals resource.ResourceId
where permissionAssignment.PrincipalId == principalId
group permissionAssignment by new
{
PrincipalId = permissionAssignment.PrincipalId,
PermissionId = permissionAssignment.PermissionId,
ResourceId = permissionAssignment.ResourceId,
ForeignResourceId = resource.ForeignResourceId,
ResourceTypeId = resource.ResourceTypeId
} into g
select new SimplePermission
{
PrincipalId = g.Key.PrincipalId,
PermissionId = g.Key.PermissionId,
ResourceId = g.Key.ResourceId,
ForeignResourceId = g.Key.ForeignResourceId,
ResourceTypeId = g.Key.ResourceTypeId,
IsAllowed = !(g.Count(x => !x.IsAllowed) > 0)
};
//get permissions based on roles by principal id
var roleResourcePermissionQuery = from roleResourcePermission in context.RoleResourcePermissions
join resource in context.Resources
on roleResourcePermission.ResourceId equals resource.ResourceId
join principalRole in context.PrincipalRoles
on roleResourcePermission.RoleId equals principalRole.RoleId
join role in context.Roles
on roleResourcePermission.RoleId equals role.RoleId
where principalRole.PrincipalId == principalId &&
role.IsActive
group roleResourcePermission by new
{
PrincipalId = principalRole.PrincipalId,
PermissionId = roleResourcePermission.PermissionId,
ResourceId = roleResourcePermission.ResourceId,
ForeignResourceId = resource.ForeignResourceId,
ResourceTypeId = resource.ResourceTypeId
} into g
select new SimplePermission
{
PrincipalId = g.Key.PrincipalId,
PermissionId = g.Key.PermissionId,
ResourceId = g.Key.ResourceId,
ForeignResourceId = g.Key.ForeignResourceId,
ResourceTypeId = g.Key.ResourceTypeId,
IsAllowed = true
};
var sendToSevisPermissionQuery = from principal in context.Principals
let hasSevisUserAccounts = principal.SevisAccounts.Count() > 0
let sendToSevisPermission = context.Permissions.Where(x => x.PermissionId == Permission.SEND_TO_SEVIS_ID).FirstOrDefault()
let applicationResource = sendToSevisPermission != null ? sendToSevisPermission.Resource : null
where sendToSevisPermission != null &&
sendToSevisPermission.ResourceId.HasValue &&
hasSevisUserAccounts &&
principal.PrincipalId == principalId
select new SimplePermission
{
PrincipalId = principal.PrincipalId,
PermissionId = sendToSevisPermission.PermissionId,
ResourceId = applicationResource.ResourceId,
ForeignResourceId = applicationResource.ForeignResourceId,
ResourceTypeId = applicationResource.ResourceTypeId,
IsAllowed = true,
};
//get the union of the two queries
var unionQuery = from groupedPermission in permissionAssignmentQuery.Union(roleResourcePermissionQuery).Union(sendToSevisPermissionQuery)
group groupedPermission by new
{
PrincipalId = groupedPermission.PrincipalId,
PermissionId = groupedPermission.PermissionId,
ResourceId = groupedPermission.ResourceId,
ForeignResourceId = groupedPermission.ForeignResourceId,
ResourceTypeId = groupedPermission.ResourceTypeId
} into g
select new SimplePermission
{
PrincipalId = g.Key.PrincipalId,
PermissionId = g.Key.PermissionId,
ResourceId = g.Key.ResourceId,
ForeignResourceId = g.Key.ForeignResourceId,
ResourceTypeId = g.Key.ResourceTypeId,
IsAllowed = !(g.Count(x => !x.IsAllowed) > 0)
};
return(unionQuery);
}
/// <summary>
/// Creates a query to retrieve resource authorizations that are granted by a role and inherited by the parent resource.
/// </summary>
/// <param name="context">The context to query.</param>
/// <returns>The query to retrieve all ResourceAuthroizations from the Cam.</returns>
public static IQueryable <SimpleResourceAuthorization> CreateGetResourceAuthorizationsByInheritedRolePermissionsQuery(CamModel context)
{
Contract.Requires(context != null, "The context must not be null.");
var query = from resource in context.Resources
join roleResourcePermission in context.RoleResourcePermissions
on resource.ParentResourceId equals roleResourcePermission.ResourceId
join permission in context.Permissions
on roleResourcePermission.PermissionId equals permission.PermissionId
join role in context.Roles
on roleResourcePermission.RoleId equals role.RoleId
join principalRole in context.PrincipalRoles
on roleResourcePermission.RoleId equals principalRole.RoleId
where role.IsActive &&
resource.ResourceTypeId == permission.ResourceTypeId
select new SimpleResourceAuthorization
{
AssignedOn = principalRole.AssignedOn,
IsAllowed = true,
IsGrantedByInheritance = true,
IsGrantedByPermission = false,
IsGrantedByRole = true,
PermissionId = permission.PermissionId,
PrincipalId = principalRole.PrincipalId,
ResourceId = resource.ResourceId,
RoleId = roleResourcePermission.RoleId,
};
return(query);
}
/// <summary>
/// Returns a query to retrieve a resource by foreign resource id and resource type id.
/// </summary>
/// <param name="context">The context to query.</param>
/// <param name="foreignResourceId">The foreign resource id.</param>
/// <param name="resourceTypeId">The resource type id.</param>
/// <returns>The query to retrieve the resource.</returns>
public static IQueryable <Resource> CreateGetResourceByForeignResourceIdQuery(CamModel context, int foreignResourceId, int resourceTypeId)
{
Contract.Requires(context != null, "The context must not be null.");
var query = from resource in context.Resources
where
resource.ResourceTypeId == resourceTypeId &&
resource.ForeignResourceId == foreignResourceId
select resource;
return(query);
}
/// <summary>
/// Creates a query to get the possible permissions for a resource in CAM. If the resourceId has a value, then
/// permissions designated specifically for that resource will also be included in the query.
/// </summary>
/// <param name="context">The context to query.</param>
/// <param name="resourceType">The resource type.</param>
/// <param name="resourceId">The resource id. Or null, if resource type permissions only should be included.</param>
/// <returns>The query to retrieve resource permissions dtos.</returns>
public static IQueryable <ResourcePermissionDTO> CreateGetResourcePermissionsQuery(CamModel context, string resourceType, int?resourceId)
{
Contract.Requires(context != null, "The context must not be null.");
Contract.Requires(ResourceType.GetStaticLookup(resourceType) != null, "The resource type must be valid.");
var resourceTypeId = ResourceType.GetStaticLookup(resourceType).Id;
var query = from p in context.Permissions
where (p.ResourceTypeId == resourceTypeId || p.ParentResourceTypeId == resourceTypeId) &&
!p.ResourceId.HasValue
select new ResourcePermissionDTO
{
PermissionDescription = p.PermissionDescription,
PermissionId = p.PermissionId,
PermissionName = p.PermissionName,
};
if (resourceId.HasValue)
{
var resourceIdPermissionsQuery = from p in context.Permissions
let resource = p.Resource
where resource.ResourceId == resourceId.Value
select new ResourcePermissionDTO
{
PermissionDescription = p.PermissionDescription,
PermissionId = p.PermissionId,
PermissionName = p.PermissionName
};
query = query.Union(resourceIdPermissionsQuery);
}
query = query.OrderBy(x => x.PermissionName);
return(query);
}
/// <summary>
/// Returns a query to return a resource authorization info dto that contains information regarding a resource and it's principals related to it. For example,
/// use this query to determine the last revised on date for a resource and all of it's permissions.
/// </summary>
/// <param name="context">The context to query.</param>
/// <returns>The info dto.</returns>
public static IQueryable <ResourceAuthorizationInfoDTO> CreateGetResourceAuthorizationInfoDTOQuery(CamModel context, string resourceType, int foreignResourceId)
{
Contract.Requires(context != null, "The context must not be null.");
Contract.Requires(resourceType != null, "The resource type must not be null.");
var query = CreateGetResourceAuthorizationsQuery(context);
query = query.Where(x => x.IsAllowed && x.ResourceType == resourceType && x.ForeignResourceId == foreignResourceId);
var groupedQuery = from resourceAuthorization in query
group resourceAuthorization by resourceAuthorization.ResourceId into g
select new ResourceAuthorizationInfoDTO
{
AllowedPrincipalsCount = g.Select(x => x.PrincipalId).Distinct().Count(),
LastRevisedOn = g.Max(x => x.AssignedOn)
};
return(groupedQuery);
}
/// <summary>
/// Returns a filtered and sorted query of resource authorizations currently in the cam granted by both permissions and roles.
/// </summary>
/// <param name="context">The context to query.</param>
/// <param name="queryOperator">The query operator.</param>
/// <returns>The query to retrieve filterd and sorted resource authorizations granted by permissions and roles in the CAM.</returns>
public static IQueryable <ResourceAuthorization> CreateGetResourceAuthorizationsQuery(CamModel context, QueryableOperator <ResourceAuthorization> queryOperator)
{
Contract.Requires(context != null, "The context must not be null.");
var query = CreateGetResourceAuthorizationsQuery(context);
query = query.Apply(queryOperator);
return(query);
}
/// <summary>
/// Creates a query to return all resource authorizations from the given context.
/// </summary>
/// <param name="context">The context to query.</param>
/// <returns>All resource authorizations in the context.</returns>
public static IQueryable <ResourceAuthorization> CreateGetResourceAuthorizationsQuery(CamModel context)
{
Contract.Requires(context != null, "The context must not be null.");
var query = CreateGetResourceAuthorizationsByPermissionAssignmentsQuery(context)
.Union(CreateGetResourceAuthorizationsByRoleQuery(context))
.Union(CreateGetResourceAuthorizationsByInheritedPermissionAssignmentQuery(context))
.Union(CreateGetResourceAuthorizationsByInheritedRolePermissionsQuery(context));
var resourceAuthQuery = from simplePermission in query
join resource in context.Resources
on simplePermission.ResourceId equals resource.ResourceId
join permission in context.Permissions
on simplePermission.PermissionId equals permission.PermissionId
join resourceType in context.ResourceTypes
on resource.ResourceTypeId equals resourceType.ResourceTypeId
join tempUserAccount in context.UserAccounts
on simplePermission.PrincipalId equals tempUserAccount.PrincipalId into joinedUserAccounts
from joinedUserAccount in joinedUserAccounts.DefaultIfEmpty()
join tempRole in context.Roles
on simplePermission.RoleId equals tempRole.RoleId into joinedRoles
from joinedRole in joinedRoles.DefaultIfEmpty()
select new ResourceAuthorization
{
AssignedOn = simplePermission.AssignedOn,
DisplayName = joinedUserAccount != null ? joinedUserAccount.DisplayName : null,
EmailAddress = joinedUserAccount != null ? joinedUserAccount.EmailAddress : null,
ForeignResourceId = resource.ForeignResourceId,
IsAllowed = simplePermission.IsAllowed,
IsGrantedByInheritance = simplePermission.IsGrantedByInheritance,
IsGrantedByPermission = simplePermission.IsGrantedByPermission,
IsGrantedByRole = simplePermission.IsGrantedByRole,
PermissionDescription = permission.PermissionDescription,
PermissionId = simplePermission.PermissionId,
PermissionName = permission.PermissionName,
PrincipalId = simplePermission.PrincipalId,
ResourceId = simplePermission.ResourceId,
ResourceType = resourceType.ResourceTypeName,
ResourceTypeId = resource.ResourceTypeId,
RoleId = simplePermission.RoleId,
RoleName = joinedRole != null ? joinedRole.RoleName : null
};
return(resourceAuthQuery);
}
/// <summary>
/// Creates a query to retrieve all ResourceAuthorizations from the CAM granted permission assignments and inherited.
/// </summary>
/// <param name="context">The context to query.</param>
/// <returns>The query to retrieve all ResourceAuthroizations from the Cam.</returns>
public static IQueryable <SimpleResourceAuthorization> CreateGetResourceAuthorizationsByInheritedPermissionAssignmentQuery(CamModel context)
{
Contract.Requires(context != null, "The context must not be null.");
var query = from resource in context.Resources
join parentPermissionAssignment in context.PermissionAssignments
on resource.ParentResourceId equals parentPermissionAssignment.ResourceId
join permission in context.Permissions
on parentPermissionAssignment.PermissionId equals permission.PermissionId
where permission.ResourceTypeId == resource.ResourceTypeId
select new SimpleResourceAuthorization
{
AssignedOn = parentPermissionAssignment.AssignedOn,
IsAllowed = parentPermissionAssignment.IsAllowed,
IsGrantedByInheritance = true,
IsGrantedByPermission = true,
IsGrantedByRole = false,
PermissionId = permission.PermissionId,
PrincipalId = parentPermissionAssignment.PrincipalId,
ResourceId = resource.ResourceId,
RoleId = AUTHORIZATION_ASSIGNED_BY_PERMISSION_ROLE_ID,
};
return(query);
}
