private ResponseCode _handleGet(HttpListenerRequest req, HttpListenerResponse resp, string accesslog, string origin)
{
if (req.QueryString.Count > 0)
{
string host = req.QueryString["h"];
if (host == null || string.IsNullOrEmpty(host.Trim()))
{
return(ResponseCode.NotFound);
}
string form = "<form method=post onsubmit=\"result = 'submit'\"><h2>Do you want to allow {0} to print?</h2><input type=hidden name=\"host\" value=\"{0}\" /><input type=hidden name=\"status\" value=\"allow\" /><button >Allow</button><button type=button onclick=\"result = 'blocked'; window.close()\">Block</button></form>";
form = string.Format(form, host);
string html = "<html><body>";
html += "<script>var result = 'closed'; window.addEventListener('beforeunload', (event) => { if (result !== 'submit') window.opener.postMessage(result, '" + host + "'); });</script>";
html += form;
html += "</body></html>";
ServerConfig.appendLog(accesslog);
server.responseHTML(resp, html);
}
else
{
PermissionResponse json = new PermissionResponse();
json.allowed = server.config.isAllowed(origin);
ServerConfig.appendLog(accesslog);
server.responseJSON(resp, json);
}
return(ResponseCode.OK);
}
/// <summary>
/// Sets the permissions.
/// </summary>
/// <param name="request">The request.</param>
/// <returns></returns>
public PermissionResponse SetPermissions(PermissionRequest request)
{
var response = new PermissionResponse();
var permissionEntity = request.Permission;
if (request.Action != PersistType.Delete)
{
if (!permissionEntity.Validate())
{
foreach (var error in permissionEntity.ValidationErrors)
{
response.Message += error + Environment.NewLine;
}
response.Acknowledge = AcknowledgeType.Failure;
return(response);
}
}
try
{
if (request.Action == PersistType.Insert)
{
permissionEntity.PermissionId = PermissionDao.InsertPermission(permissionEntity);
if (permissionEntity.PermissionId == 0)
{
response.Acknowledge = AcknowledgeType.Failure;
return(response);
}
}
else if (request.Action == PersistType.Update)
{
response.Message = PermissionDao.UpdatePermission(permissionEntity);
if (response.Message != null)
{
response.Acknowledge = AcknowledgeType.Failure;
return(response);
}
}
else
{
var permissionForDelete = PermissionDao.GetPermission(request.PermissionId);
response.Message = PermissionDao.DeletePermission(permissionForDelete);
if (response.Message != null)
{
response.Acknowledge = AcknowledgeType.Failure;
response.RowsAffected = 0;
return(response);
}
response.RowsAffected = 1;
}
}
catch (Exception ex)
{
response.Acknowledge = AcknowledgeType.Failure;
response.Message = ex.Message;
return(response);
}
response.PermissionId = permissionEntity != null ? permissionEntity.PermissionId : 0;
return(response);
}
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId)
{
var model = new PermissionResponse();
var allPermissions = new List <RoleClaimsResponse>();
#region GetPermissions
allPermissions.GetPermissions(typeof(Permissions.Users), roleId);
allPermissions.GetPermissions(typeof(Permissions.Roles), roleId);
allPermissions.GetPermissions(typeof(Permissions.Products), roleId);
allPermissions.GetPermissions(typeof(Permissions.Brands), roleId);
#endregion
var role = await _roleManager.FindByIdAsync(roleId);
if (role != null)
{
model.RoleId = role.Id;
model.RoleName = role.Name;
var claims = await _roleManager.GetClaimsAsync(role);
var allClaimValues = allPermissions.Select(a => a.Value).ToList();
var roleClaimValues = claims.Select(a => a.Value).ToList();
var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList();
foreach (var permission in allPermissions)
{
if (authorizedClaims.Any(a => a == permission.Value))
{
permission.Selected = true;
}
}
}
model.RoleClaims = allPermissions;
return(Result <PermissionResponse> .Success(model));
}
private static void HandleResult(string activityCode, Action <IPermissionResult> callback, GuestControllerResult <PermissionResponse> result)
{
if (!result.Success)
{
callback(MakeGenericFailure());
return;
}
PermissionResponse response = result.Response;
if (response.error != null || response.data == null)
{
callback(GuestControllerErrorParser.GetPermissionResult(response.error) ?? MakeGenericFailure());
return;
}
ActivityApprovalStatus activityApprovalStatus = ActivityApprovalStatusConverter.Convert(response.data.approvalStatus);
if (response.data.activityCode != activityCode || activityApprovalStatus == ActivityApprovalStatus.Unknown)
{
callback(MakeGenericFailure());
}
else
{
callback(new PermissionResult(success: true, activityApprovalStatus));
}
}
public static void ApprovePermission(AbstractLogger logger, IGuestControllerClient guestControllerClient, string activityCode, string childSwid, ActivityApprovalStatus desiredStatus, Action <IPermissionResult> callback)
{
if (string.IsNullOrEmpty(childSwid) || string.IsNullOrEmpty(activityCode) || desiredStatus == ActivityApprovalStatus.Pending || desiredStatus == ActivityApprovalStatus.Unknown)
{
callback(new PermissionFailedInvalidResult());
return;
}
try
{
ApprovePermissionRequest approvePermissionRequest = new ApprovePermissionRequest();
approvePermissionRequest.activityCode = activityCode;
approvePermissionRequest.approvalStatus = ActivityApprovalStatusConverter.Convert(desiredStatus);
approvePermissionRequest.swid = childSwid;
ApprovePermissionRequest request = approvePermissionRequest;
guestControllerClient.ApprovePermission(request, childSwid, delegate(GuestControllerResult <PermissionResponse> r)
{
if (!r.Success)
{
callback(MakeGenericFailure());
}
else
{
PermissionResponse response = r.Response;
if (response.error != null || response.data == null)
{
callback(ParseError(response));
}
else
{
string activityCode2 = response.data.activityCode;
ActivityApprovalStatus activityApprovalStatus = ActivityApprovalStatusConverter.Convert(response.data.approvalStatus);
if (activityCode2 != activityCode || activityApprovalStatus != desiredStatus)
{
callback(new PermissionFailedInvalidResult());
}
else
{
callback(new PermissionResult(success: true, activityApprovalStatus));
}
}
}
});
}
catch (Exception ex)
{
logger.Critical("Unhandled exception: " + ex);
callback(MakeGenericFailure());
}
}
/// <summary>
/// Gets the permissions.
/// </summary>
/// <param name="request">The request.</param>
/// <returns></returns>
public PermissionResponse GetPermissions(PermissionRequest request)
{
var response = new PermissionResponse();
if (request.LoadOptions.Contains("Permissions"))
{
response.Permissions = request.LoadOptions.Contains("Active") ? PermissionDao.GetPermissions(request.IsActive) : PermissionDao.GetPermissions();
}
if (request.LoadOptions.Contains("Permission"))
{
response.Permission = PermissionDao.GetPermission(request.PermissionId);
}
return(response);
}
protected override async Task OnInitializedAsync()
{
_mapper = new MapperConfiguration(c => { c.AddProfile <RoleProfile>(); }).CreateMapper();
var roleId = Id;
var result = await _roleManager.GetPermissionsAsync(roleId);
if (result.Succeeded)
{
model = result.Data;
if (model != null)
{
Description = $"{localizer["Manage"]} {model.RoleId} {model.RoleName}'s {localizer["Permissions"]}";
}
}
}
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId)
{
var model = new PermissionResponse();
var allPermissions = GetAllPermissions();
var role = await _roleManager.FindByIdAsync(roleId);
if (role != null)
{
model.RoleId = role.Id;
model.RoleName = role.Name;
var roleClaimsResult = await _roleClaimService.GetAllByRoleIdAsync(role.Id);
if (roleClaimsResult.Succeeded)
{
var roleClaims = roleClaimsResult.Data;
var allClaimValues = allPermissions.Select(a => a.Value).ToList();
var roleClaimValues = roleClaims.Select(a => a.Value).ToList();
var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList();
foreach (var permission in allPermissions)
{
if (authorizedClaims.Any(a => a == permission.Value))
{
permission.Selected = true;
var roleClaim = roleClaims.SingleOrDefault(a => a.Value == permission.Value);
if (roleClaim?.Description != null)
{
permission.Description = roleClaim.Description;
}
if (roleClaim?.Group != null)
{
permission.Group = roleClaim.Group;
}
}
}
}
else
{
model.RoleClaims = new List <RoleClaimResponse>();
return(await Result <PermissionResponse> .FailAsync(roleClaimsResult.Messages));
}
}
model.RoleClaims = allPermissions;
return(await Result <PermissionResponse> .SuccessAsync(model));
}
static async Task Main(string[] args)
{
// Create new CosmosClient to communiciate with Azure Cosmos DB
using (var cosmosClient = new CosmosClient(accountEndpoint, authKey))
{
// Create new database
Database database = await cosmosClient.CreateDatabaseIfNotExistsAsync(databaseId);
// Create new container
Container container = await database.CreateContainerIfNotExistsAsync(containerId, partitionKey);
for (int i = 0; i < 100; i++)
{
Console.WriteLine($"Run: {i}");
// This will complete successfully.
var authKeyItemId = await CreateItemAsync(container);
var authKeyItem = await ReadItemAsync(container, authKeyItemId);
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
User user = userResponse.User;
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container);
PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties);
using (var tokenCosmosClient = new CosmosClient(accountEndpoint, permissionResponse.Resource.Token))
{
var tokenContainer = tokenCosmosClient.GetContainer(databaseId, containerId);
// This will fail.
var tokenItemId = await CreateItemAsync(tokenContainer);
// This will succeed.
var tokenItem = await ReadItemAsync(tokenContainer, authKeyItemId);
}
}
}
}
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId)
{
var model = new PermissionResponse();
var allPermissions = new List <RoleClaimsResponse>();
#region GetPermissions
allPermissions.GetPermissions(typeof(Permissions.Users), roleId);
allPermissions.GetPermissions(typeof(Permissions.Roles), roleId);
allPermissions.GetPermissions(typeof(Permissions.Products), roleId);
allPermissions.GetPermissions(typeof(Permissions.Brands), roleId);
allPermissions.GetPermissions(typeof(Permissions.Preferences), roleId);
//You could have your own method to refactor the below line, maybe by using Reflection and fetch directly from a class, else assume that Admin has all the roles assigned and retreive the Admin's roles here via the DB/Identity.RoleClaims table.
allPermissions.Add(new RoleClaimsResponse {
Value = "Permissions.Communication.Chat", Type = ApplicationClaimTypes.Permission
});
#endregion GetPermissions
var role = await _roleManager.FindByIdAsync(roleId);
if (role != null)
{
model.RoleId = role.Id;
model.RoleName = role.Name;
var claims = await _roleManager.GetClaimsAsync(role);
var allClaimValues = allPermissions.Select(a => a.Value).ToList();
var roleClaimValues = claims.Select(a => a.Value).ToList();
var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList();
foreach (var permission in allPermissions)
{
if (authorizedClaims.Any(a => a == permission.Value))
{
permission.Selected = true;
}
}
}
model.RoleClaims = allPermissions;
return(await Result <PermissionResponse> .SuccessAsync(model));
}
//Verify if user is permitted access before granting and writing an access time entry
private async void VerifyAccess(string userId)
{
PermissionResponse rep = new PermissionResponse();
rep.UserId = userId;
RestService service = new RestService();
LocationsResponse[] locations = await service.PostUserPermissions(rep);
bool permissionFound = false;
for (int i = 0; i < locations.Length; i++)
{
Console.WriteLine($"Location: {locations[i]}");
if (locations[i].Location == App.LOCATION_ID.ToString())
{
permissionFound = true;
break;
}
}
if (permissionFound)
{
Device.BeginInvokeOnMainThread(async() => {
await Xamarin.Forms.Application.Current.MainPage.DisplayAlert("Success", "Successfully scanned", "OK");
});
SetAccessTimeResponse accessRep = new SetAccessTimeResponse();
accessRep.userId = userId;
accessRep.locationId = App.LOCATION_ID;
service.PostTimeRequest <SetAccessTimeResponse>(accessRep);
}
else
{
Device.BeginInvokeOnMainThread(async() => {
await Xamarin.Forms.Application.Current.MainPage.DisplayAlert("Permission Violation", "You are not permitted entry", "OK");
});
}
}
public IActionResult Authorize([FromBody] PermissionRequest permission)
{
var response = new PermissionResponse {
Result = ResultType.Error
};
var permissionRecord = _permissionService.GetPermissionRecordBySystemName(permission.PermissionSystemName);
if (permissionRecord is null)
{
return(Ok(response));
}
var isAuthorize = _permissionService.Authorize(permissionRecord);
if (!isAuthorize)
{
return(Ok(response));
}
response.Result = ResultType.Success;
return(Ok(response));
}
public async Task PermissionTests(bool directMode)
{
CosmosClient client = directMode ? DirectCosmosClient : GatewayCosmosClient;
Database database = client.GetDatabase(DatabaseId);
List <string> createdPermissionIds = new List <string>();
List <string> createdContainerIds = new List <string>();
string userId = Guid.NewGuid().ToString();
UserCore user = null;
try
{
UserResponse createUserResponse = await database.CreateUserAsync(userId);
Assert.AreEqual(HttpStatusCode.Created, createUserResponse.StatusCode);
user = (UserInlineCore)createUserResponse.User;
ContainerResponse createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk");
Container container = createContainerResponse.Container;
PermissionResponse permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission1", PermissionMode.All, container));
createdContainerIds.Add(createContainerResponse.Container.Id);
createdPermissionIds.Add(permissionResponse.Permission.Id);
createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk");
container = createContainerResponse.Container;
permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission2", PermissionMode.All, container));
createdContainerIds.Add(createContainerResponse.Container.Id);
createdPermissionIds.Add(permissionResponse.Permission.Id);
createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk");
container = createContainerResponse.Container;
permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission3", PermissionMode.All, container));
createdContainerIds.Add(createContainerResponse.Container.Id);
createdPermissionIds.Add(permissionResponse.Permission.Id);
//Read All
List <PermissionProperties> results = await this.ToListAsync(
user.GetPermissionQueryStreamIterator,
user.GetPermissionQueryIterator <PermissionProperties>,
null,
CosmosBasicQueryTests.RequestOptions
);
CollectionAssert.IsSubsetOf(createdPermissionIds, results.Select(x => x.Id).ToList());
//Basic query
List <PermissionProperties> queryResults = await this.ToListAsync(
user.GetPermissionQueryStreamIterator,
user.GetPermissionQueryIterator <PermissionProperties>,
"select * from T where STARTSWITH(T.id, \"BasicQueryPermission\")",
CosmosBasicQueryTests.RequestOptions
);
CollectionAssert.AreEquivalent(createdPermissionIds, queryResults.Select(x => x.Id).ToList());
}
finally
{
foreach (string id in createdPermissionIds)
{
await user.GetPermission(id).DeleteAsync();
}
foreach (string id in createdContainerIds)
{
await database.GetContainer(id).DeleteContainerAsync();
}
await user?.DeleteAsync();
}
}
// </Main>
// <RunDemoAsync>
private static async Task RunDemoAsync(
CosmosClient client,
Database database)
{
//--------------------------------------------------------------------------------------------------
// We need Two Containers, Two Users, and some permissions for this sample,
// So let's go ahead and set these up initially
//--------------------------------------------------------------------------------------------------
// Get, or Create, two separate Containers
Container container1 = await database.CreateContainerAsync(
id : "Container1",
partitionKeyPath : "/AccountNumber");
Container container2 = await database.CreateContainerAsync(
id : "Container2",
partitionKeyPath : "/AccountNumber");
// Insert two documents in to col1
SalesOrder salesOrder1 = new SalesOrder()
{
Id = "order1",
AccountNumber = "partitionKey1"
};
await container1.CreateItemAsync <SalesOrder>(
salesOrder1,
new PartitionKey(salesOrder1.AccountNumber));
SalesOrder salesOrder2 = new SalesOrder()
{
Id = "order2",
AccountNumber = "pk2"
};
await container1.CreateItemAsync <SalesOrder>(
salesOrder2,
new PartitionKey(salesOrder2.AccountNumber));
// Create a user
User user1 = await database.CreateUserAsync("Thomas Andersen");
// Get an existing user and permission.
// This is a client side reference and does no verification against Cosmos DB.
user1 = database.GetUser("Thomas Andersen");
// Verify the user exists
UserProperties userProperties = await user1.ReadAsync();
//Add the read permission to the user and validate the user can
//read only the container it has access to
await ValidateReadPermissions(
client.Endpoint.OriginalString,
database.Id,
container1,
user1);
// Insert one item in to container 2
SalesOrder salesOrder3 = new SalesOrder()
{
Id = "doc3",
AccountNumber = "partitionKey"
};
await container2.CreateItemAsync <SalesOrder>(
salesOrder3,
new PartitionKey(salesOrder3.AccountNumber));
// Create a new user
User user2 = await database.CreateUserAsync("Robin Wakefield");
//Add the all permission to the user for a single item and validate the user can
//only access the single item
await ValidateAllPermissionsForItem(
client.Endpoint.OriginalString,
database.Id,
container2,
user2,
salesOrder3);
// Add read permission to user1 on container 2 so query has multiple results
PermissionResponse permissionUser1Container2Response = await user1.CreatePermissionAsync(
new PermissionProperties(
id : "permissionUser1Container2",
permissionMode : PermissionMode.Read,
container : container2));
Permission permissionUser1Container2 = permissionUser1Container2Response;
PermissionProperties user1Container2Properties = permissionUser1Container2Response;
Console.WriteLine();
Console.WriteLine($"Created {permissionUser1Container2.Id} with resource URI: {user1Container2Properties.ResourceUri}");
// Get an existing permission and token
permissionUser1Container2 = user1.GetPermission("permissionUser1Container2");
// Get an existing permission properties
user1Container2Properties = await permissionUser1Container2.ReadAsync();
Console.WriteLine($"Read existing {permissionUser1Container2.Id} with resource URI: {user1Container2Properties.ResourceUri}");
// All user1's permissions in a List
List <PermissionProperties> user1Permissions = new List <PermissionProperties>();
FeedIterator <PermissionProperties> feedIterator = user1.GetPermissionQueryIterator <PermissionProperties>();
while (feedIterator.HasMoreResults)
{
FeedResponse <PermissionProperties> permissions = await feedIterator.ReadNextAsync();
user1Permissions.AddRange(permissions);
}
}
public async Task CRUDTest()
{
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
User user = userResponse.User;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, user.Id);
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, containerResponse.Container);
PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties);
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode);
Assert.IsNotNull(permissionResponse.Resource.Token);
SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink);
PermissionProperties newPermissionProperties = new PermissionProperties(permissionId, PermissionMode.All, containerResponse.Container);
permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(newPermissionProperties);
//Backend returns Created instead of OK
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(newPermissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode);
SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink);
permissionResponse = await user.GetPermission(permissionId).ReadAsync();
Assert.AreEqual(HttpStatusCode.OK, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink);
permissionResponse = await user.GetPermission(permissionId).DeleteAsync();
Assert.AreEqual(HttpStatusCode.NoContent, permissionResponse.StatusCode);
try
{
permissionResponse = await user.GetPermission(permissionId).ReadAsync();
Assert.Fail();
}
catch (CosmosException ex)
{
Assert.AreEqual(HttpStatusCode.NotFound, ex.StatusCode);
}
permissionId = Guid.NewGuid().ToString();
permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, containerResponse.Container);
permissionResponse = await user.CreatePermissionAsync(permissionProperties);
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode);
Assert.IsNotNull(permissionResponse.Resource.Token);
newPermissionProperties = new PermissionProperties(permissionId, PermissionMode.All, containerResponse.Container);
permissionResponse = await user.UpsertPermissionAsync(newPermissionProperties);
Assert.AreEqual(HttpStatusCode.OK, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(newPermissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode);
}
public async Task ItemResourcePermissionTest()
{
//create user
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, userResponse.Resource.Id);
User user = userResponse.User;
//create resource
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Container container = containerResponse.Container;
string itemId = Guid.NewGuid().ToString();
PartitionKey partitionKey = new PartitionKey(itemId);
ItemResponse <dynamic> itemRespnose = await container.CreateItemAsync <dynamic>(new { id = itemId }, partitionKey);
Assert.AreEqual(HttpStatusCode.Created, itemRespnose.StatusCode);
//create permission
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container, partitionKey, itemId);
PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties);
PermissionProperties permission = permissionResponse.Resource;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permission.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);
//delete resource with PermissionMode.Read
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
{
Container tokenContainer = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId);
ItemResponse <dynamic> readPermissionItem = await tokenContainer.ReadItemAsync <dynamic>(itemId, partitionKey);
Assert.AreEqual(itemId, readPermissionItem.Resource.id.ToString());
try
{
ItemResponse <dynamic> response = await tokenContainer.DeleteItemAsync <dynamic>(
itemId,
partitionKey);
Assert.Fail();
}
catch (CosmosException ex)
{
Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode);
}
}
//update permission to PermissionMode.All
permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container);
permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties);
permission = permissionResponse.Resource;
//delete resource with PermissionMode.All
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
{
using (FeedIterator <dynamic> feed = tokenCosmosClient
.GetDatabase(this.cosmosDatabase.Id)
.GetContainer(containerId)
.GetItemQueryIterator <dynamic>(new QueryDefinition("select * from t")))
{
while (feed.HasMoreResults)
{
FeedResponse <dynamic> response = await feed.ReadNextAsync();
Assert.IsNotNull(response);
}
}
}
}
public async Task ContainerPartitionResourcePermissionTest(ConnectionMode connectionMode)
{
CosmosClientOptions cosmosClientOptions = new CosmosClientOptions()
{
ConnectionMode = connectionMode
};
CosmosClient cosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions);
Database database = await cosmosClient.CreateDatabaseIfNotExistsAsync("PermissionTest");
//create user
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, userResponse.Resource.Id);
User user = userResponse.User;
//create resource
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await database.CreateContainerAsync(
id : containerId,
partitionKeyPath : "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Container container = containerResponse.Container;
// Create items to read
ToDoActivity itemAccess = ToDoActivity.CreateRandomToDoActivity();
ToDoActivity itemNoAccess = ToDoActivity.CreateRandomToDoActivity();
await container.CreateItemAsync <ToDoActivity>(
itemAccess,
new PartitionKey(itemAccess.id));
await container.CreateItemAsync <ToDoActivity>(
itemNoAccess,
new PartitionKey(itemNoAccess.id));
//create permission
string permissionId = Guid.NewGuid().ToString();
PartitionKey partitionKey = new PartitionKey(itemAccess.id);
PermissionProperties permissionProperties = new PermissionProperties(
permissionId,
PermissionMode.Read,
container,
partitionKey);
PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties);
PermissionProperties permission = permissionResponse.Resource;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permission.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token))
{
Container tokenContainer = tokenCosmosClient.GetContainer(database.Id, containerId);
await tokenContainer.ReadItemAsync <ToDoActivity>(itemAccess.id, new PartitionKey(itemAccess.id));
try
{
await tokenContainer.ReadItemAsync <ToDoActivity>(itemNoAccess.id, new PartitionKey(itemNoAccess.id));
Assert.Fail();
}
catch (CosmosException ex)
{
Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode);
}
QueryRequestOptions queryRequestOptions = new QueryRequestOptions()
{
PartitionKey = new PartitionKey(itemAccess.id)
};
FeedIterator <ToDoActivity> feedIterator = tokenContainer.GetItemQueryIterator <ToDoActivity>(
queryText: "select * from T",
requestOptions: queryRequestOptions);
List <ToDoActivity> result = new List <ToDoActivity>();
while (feedIterator.HasMoreResults)
{
FeedResponse <ToDoActivity> toDoActivities = await feedIterator.ReadNextAsync();
result.AddRange(toDoActivities);
}
Assert.AreEqual(1, result.Count);
// Test query with no service interop via gateway query plan to replicate x32 app
ContainerInternal containerCore = (ContainerInlineCore)tokenContainer;
MockCosmosQueryClient mock = new MockCosmosQueryClient(
clientContext: containerCore.ClientContext,
cosmosContainerCore: containerCore,
forceQueryPlanGatewayElseServiceInterop: true);
Container tokenGatewayQueryPlan = new ContainerInlineCore(
containerCore.ClientContext,
(DatabaseInternal)containerCore.Database,
containerCore.Id,
mock);
FeedIterator <ToDoActivity> feedIteratorGateway = tokenGatewayQueryPlan.GetItemQueryIterator <ToDoActivity>(
queryText: "select * from T",
requestOptions: queryRequestOptions);
List <ToDoActivity> resultGateway = new List <ToDoActivity>();
while (feedIteratorGateway.HasMoreResults)
{
FeedResponse <ToDoActivity> toDoActivities = await feedIteratorGateway.ReadNextAsync();
resultGateway.AddRange(toDoActivities);
}
Assert.AreEqual(1, resultGateway.Count);
}
}
public async Task ContainerResourcePermissionTest()
{
//create user
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId);
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, userResponse.Resource.Id);
User user = userResponse.User;
//create resource
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
Container container = containerResponse.Container;
//create permission
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container);
PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties);
PermissionProperties permission = permissionResponse.Resource;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(permissionId, permission.Id);
Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode);
//delete resource with PermissionMode.Read
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
{
try
{
ContainerResponse response = await tokenCosmosClient
.GetDatabase(this.cosmosDatabase.Id)
.GetContainer(containerId)
.DeleteContainerAsync();
Assert.Fail();
}
catch (CosmosException ex)
{
Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode);
}
}
//update permission to PermissionMode.All
permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container);
permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties);
permission = permissionResponse.Resource;
//delete resource with PermissionMode.All
using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token))
{
ContainerResponse response = await tokenCosmosClient
.GetDatabase(this.cosmosDatabase.Id)
.GetContainer(containerId)
.DeleteContainerAsync();
Assert.AreEqual(HttpStatusCode.NoContent, response.StatusCode);
}
}
public async Task ValidateAzureKeyCredentialDirectModeUpdateAsync()
{
string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
AzureKeyCredential masterKeyCredential = new AzureKeyCredential(authKey);
using (CosmosClient client = new CosmosClient(
endpoint,
masterKeyCredential))
{
string databaseName = Guid.NewGuid().ToString();
try
{
Cosmos.Database database = client.GetDatabase(databaseName);
ResponseMessage responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode);
{
// Random key: Next set of actions are expected to fail => 401 (UnAuthorized)
masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())));
responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode);
string diagnostics = responseMessage.Diagnostics.ToString();
Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString());
}
{
// Resetting back to master key => 404 (NotFound)
masterKeyCredential.Update(authKey);
responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode);
}
// Test with resource token interchageability
masterKeyCredential.Update(authKey);
database = await client.CreateDatabaseAsync(databaseName);
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await database.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
{
// Resource token with ALL permissoin's
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
Cosmos.User user = userResponse.User;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, user.Id);
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.All, client.GetContainer(databaseName, containerId));
PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties);
Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(Cosmos.PermissionMode.All, permissionResponse.Resource.PermissionMode);
Assert.IsNotNull(permissionResponse.Resource.Token);
SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink);
// Valdiate ALL on contianer
masterKeyCredential.Update(permissionResponse.Resource.Token);
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.ReadContainerStreamAsync();
Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Created, responseMessage.StatusCode); // Read Only resorce token
}
// Reset to master key for new permission creation
masterKeyCredential.Update(authKey);
{
// Resource token with Read-ONLY permissoin's
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
Cosmos.User user = userResponse.User;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, user.Id);
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.Read, client.GetContainer(databaseName, containerId));
PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties);
//Backend returns Created instead of OK
Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(Cosmos.PermissionMode.Read, permissionResponse.Resource.PermissionMode);
// Valdiate read on contianer
masterKeyCredential.Update(permissionResponse.Resource.Token);
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.ReadContainerStreamAsync();
Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Forbidden, responseMessage.StatusCode); // Read Only resorce token
}
{
// Reset to master key for new permission creation
masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())));
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode); // Read Only resorce token
string diagnostics = responseMessage.Diagnostics.ToString();
Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString());
}
}
finally
{
// Reset to master key for clean-up
masterKeyCredential.Update(authKey);
await TestCommon.DeleteDatabaseAsync(client, client.GetDatabase(databaseName));
}
}
}
