/// <summary>
/// Checks whether a user is authorized to access a sample query with a given action.
/// </summary>
/// <param name="policies">The list of category of policies.</param>
/// <param name="userPrincipalName">The User Principal Name of the user who is seeking authorization confirmation.</param>
/// <param name="categoryName">The category which the authorization confirmation is been requested for.</param>
/// <param name="httpMethodName">The http action to be performed on the category.</param>
/// <returns>True if user is authorized or false if user is not authorized.</returns>
public static bool IsUserAuthorized(SampleQueriesPolicies policies, string userPrincipalName,
string categoryName, string httpMethodName)
{
if (policies == null || policies.CategoryPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(policies), "The list of policies cannot be null or empty.");
}
if (string.IsNullOrEmpty(userPrincipalName))
{
throw new ArgumentNullException(nameof(userPrincipalName), "The user principal name cannot be null or empty.");
}
if (string.IsNullOrEmpty(categoryName))
{
throw new ArgumentNullException(nameof(categoryName), "The category name cannot be null or empty.");
}
if (string.IsNullOrEmpty(httpMethodName))
{
throw new ArgumentNullException(nameof(httpMethodName), "The http method name cannot be null or empty.");
}
bool isAuthorized =
policies.CategoryPolicies.Exists(x => x.CategoryName.ToLower() == categoryName.ToLower() &&
x.UserClaims.Exists(y => y.UserPrincipalName.ToLower() == userPrincipalName.ToLower() &&
y.UserPermissions.Exists(z => z.Name.ToLower() == httpMethodName.ToLower() && z.Value == true)));
return(isAuthorized);
}
public async Task <IActionResult> RemoveUserClaim([FromQuery] string userPrincipalName, [FromQuery] string categoryName)
{
try
{
/* Validate whether authenticated user is samples administrator */
string authenticatedUserPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(authenticatedUserPrincipalName);
if (!isAdmin)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to remove the user claim.")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
if (string.IsNullOrEmpty(userPrincipalName) || string.IsNullOrEmpty(categoryName))
{
return(new JsonResult($"Provide both the user principal name and category name in the search parameters. " +
$"e.g. /api/GraphExplorerSamplesAdmin?userprincipalname=john.doe@microsoft.com&categoryname=users")
{
StatusCode = StatusCodes.Status400BadRequest
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Remove the user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.RemoveUserClaim(policies, categoryName, userPrincipalName);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Get the category policy that has just been updated
CategoryPolicy categoryPolicy = updatedPoliciesList.CategoryPolicies.FirstOrDefault(x =>
x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase));
return(Ok(categoryPolicy));
}
catch (InvalidOperationException invalidOpsException)
{
// One or more parameters values do not exist in the list of category policies
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> UpdateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
string userPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to update the user claim.")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Update the user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Fetch the category policy with the updated user claim
categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
// Success; return the user claim in the category policy that was just updated
return(Ok(categoryPolicy));
}
catch (InvalidOperationException invalidOpsException)
{
// Category policy provided doesn't exist
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (ArgumentNullException argNullException)
{
// Missing required parameter
return(new JsonResult(argNullException.Message)
{
StatusCode = StatusCodes.Status400BadRequest
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> CreateSampleQueryAsync([FromBody] SampleQueryModel sampleQueryModel)
{
try
{
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
string categoryName = sampleQueryModel.Category;
ClaimsIdentity identity = (ClaimsIdentity)User.Identity;
IEnumerable <Claim> claims = identity.Claims;
string userPrincipalName =
(claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ??
claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Post);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to create the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await _samplesStore.FetchSampleQueriesListAsync("en-US");
// Assign a new Id to the new sample query
sampleQueryModel.Id = Guid.NewGuid();
// Add the new sample query to the list of sample queries
SampleQueriesList newSampleQueriesList = SamplesService.AddToSampleQueriesList(sampleQueriesList, sampleQueryModel);
// Get the serialized JSON string of the sample query
string newSampleQueriesJson = SamplesService.SerializeSampleQueriesList(newSampleQueriesList);
// Disabled functionality
// await _fileUtility.WriteToFile(updatedSampleQueriesJson, _queriesFilePathSource);
// Create the query Uri for the newly created sample query
string newSampleQueryUri = string.Format("{0}://{1}{2}/{3}", Request.Scheme, Request.Host, Request.Path.Value, sampleQueryModel.Id.ToString());
// Success; return the new sample query that was added along with its Uri
return(Created(newSampleQueryUri, sampleQueryModel));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Serializes an instance of a <see cref="SampleQueriesPolicies"/> into JSON string.
/// </summary>
/// <param name="policies">The instance of <see cref="SampleQueriesPolicies"/> to be deserialized.</param>
/// <returns>The serialized JSON string from an instance of a <see cref="SampleQueriesPolicies"/>.</returns>
public static string SerializeSampleQueriesPolicies(SampleQueriesPolicies policies)
{
if (policies == null)
{
throw new ArgumentNullException(nameof(policies), "The list of policies cannot be null.");
}
string policiesJson = JsonConvert.SerializeObject(policies, Formatting.Indented);
return(policiesJson);
}
/// <summary>
/// Deserializes a JSON string into a list of <see cref="CategoryPolicy"/> objects.
/// </summary>
/// <param name="jsonString">The JSON string to be deserialized into a list of <see cref="SampleQueryModel"/> objects.</param>
/// <returns>The deserialized list of <see cref="SampleQueryModel"/> objects.</returns>
public static SampleQueriesPolicies DeserializeSampleQueriesPolicies(string jsonString)
{
if (string.IsNullOrEmpty(jsonString))
{
throw new ArgumentNullException(nameof(jsonString), "The JSON string to be deserialized cannot be null or empty.");
}
SampleQueriesPolicies policies = JsonConvert.DeserializeObject <SampleQueriesPolicies>(jsonString);
return(policies);
}
/// <summary>
/// Removes a <see cref="UserClaim"/> from a <see cref="CategoryPolicy"/> object.
/// </summary>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param>
/// <param name="categoryPolicyName">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be removed from.</param>
/// <param name="userPrincipalName">The target User Principal Name whose <see cref="UserClaim"/> needs to be removed from the <see cref="CategoryPolicy"/> object.</param>
/// <returns>The updated list of <see cref="SampleQueriesPolicies"/>
/// with the <see cref="UserClaim"/> of a target User Principal Name removed from the target <see cref="CategoryPolicy"/> object.</returns>
public static SampleQueriesPolicies RemoveUserClaim(SampleQueriesPolicies policies, string categoryPolicyName,
string userPrincipalName)
{
if (policies == null || policies.CategoryPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty.");
}
if (string.IsNullOrEmpty(categoryPolicyName))
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy name cannot be null or empty.");
}
if (string.IsNullOrEmpty(userPrincipalName))
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The user prinicpal name cannot be null or empty.");
}
// Search the target category policy from the list of policies
CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find(
x => x.CategoryName.ToLower() == categoryPolicyName.ToLower());
if (categoryPolicy == null)
{
throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicyName}");
}
// This will be used later to insert the updated category policy back into the list of policies
int categoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == categoryPolicy);
// Fetch the user claim
UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault(
x => x.UserPrincipalName.ToLower() == userPrincipalName.ToLower());
if (userClaim == null)
{
throw new InvalidOperationException($"The specified user principal name has no claim in the specified category. " +
$"UPN: {userPrincipalName}");
}
// Get the location of the provided user claim from the category policy
int userClaimIndex = categoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName);
// Remove this user claim from the list of user claims
categoryPolicy.UserClaims.RemoveAt(userClaimIndex);
// Update the modified category policy back into list of policies
policies.CategoryPolicies.Insert(categoryPolicyIndex, categoryPolicy);
// Delete the original category policy pushed to the next index
policies.CategoryPolicies.RemoveAt(++categoryPolicyIndex);
return(policies);
}
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
ClaimsIdentity identity = (ClaimsIdentity)User.Identity;
IEnumerable <Claim> claims = identity.Claims;
string userPrincipalName =
(claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ??
claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Add the new user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Extract the first user claim from the given categoryPolicy; this is what was added
UserClaim userClaim = categoryPolicy.UserClaims.First();
// Fetch the category policy with the newly created user claim
categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
// Create the query Uri for the newly created user claim
string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}",
Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName);
return(Created(newUserClaimUri, categoryPolicy));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> CreateSampleQueryAsync([FromBody] SampleQueryModel sampleQueryModel)
{
try
{
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
string categoryName = sampleQueryModel.Category;
string userPrincipalName = User.Identity.Name;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Post);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to create the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await GetSampleQueriesListAsync();
// Assign a new Id to the new sample query
sampleQueryModel.Id = Guid.NewGuid();
// Add the new sample query to the list of sample queries
SampleQueriesList newSampleQueriesList = SamplesService.AddToSampleQueriesList(sampleQueriesList, sampleQueryModel);
// Get the serialized JSON string of the sample query
string newSampleQueriesJson = SamplesService.SerializeSampleQueriesList(newSampleQueriesList);
// Save the document-readable JSON-styled string to the source file
await _fileUtility.WriteToFile(newSampleQueriesJson, _queriesFilePathSource);
// Create the query Uri for the newly created sample query
string newSampleQueryUri = string.Format("{0}://{1}{2}/{3}", Request.Scheme, Request.Host, Request.Path.Value, sampleQueryModel.Id.ToString());
// Success; return the new sample query that was added along with its Uri
return(Created(newSampleQueryUri, sampleQueryModel));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Gets the list of <see cref="CategoryPolicy"/> or a <see cref="CategoryPolicy"/> that a User Principal Name has claims in.
/// </summary>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> to search in.</param>
/// <param name="userPrincipalName">The target User Principal Name which to search for in the list of <see cref="CategoryPolicy"/>.</param>
/// <param name="categoryName">The name of the target <see cref="CategoryPolicy"/> to be searched for in the list of <see cref="CategoryPolicy"/>.
/// If unspecified, all the category policies will be included in the search.</param>
/// <returns>A list of filtered <see cref="CategoryPolicy"/> or the target <see cref="CategoryPolicy"/> with the claims for the specified User Principal Name.</returns>
private static List <CategoryPolicy> GetUserPrincipalCategoryPolicies(SampleQueriesPolicies policies, string userPrincipalName, string categoryName = null)
{
List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>();
if (string.IsNullOrEmpty(categoryName))
{
// Search for all category policies that the specified user principal name has claims in
categoryPolicies = policies.CategoryPolicies.FindAll(x => x.UserClaims.Exists(y => y.UserPrincipalName == userPrincipalName));
}
else
{
// Search for the category policy that the specified user principal name has claims in
CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find
(x => x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase) &&
x.UserClaims.Exists(y => y.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase)));
if (categoryPolicy == null)
{
return(null);
}
else
{
categoryPolicies.Add(categoryPolicy);
}
}
if (!categoryPolicies.Any())
{
return(null);
}
List <CategoryPolicy> filteredCategoryPolicies = new List <CategoryPolicy>();
// Filter each category policy to extract the specified user principal's claims
foreach (CategoryPolicy categoryPolicy in categoryPolicies)
{
UserClaim userClaim = categoryPolicy.UserClaims.Find(x => x.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase));
CategoryPolicy userPrincipalPolicy = new CategoryPolicy
{
CategoryName = categoryPolicy.CategoryName,
UserClaims = new List <UserClaim> {
userClaim
}
};
filteredCategoryPolicies.Add(userPrincipalPolicy);
}
return(filteredCategoryPolicies);
}
/// <summary>
/// Creates a default template of policies for the sample query categories.
/// </summary>
/// <returns>An instance of <see cref="SampleQueriesPolicies"/> containing a list of <see cref="CategoryPolicy"/>.</returns>
public static SampleQueriesPolicies CreateDefaultPoliciesTemplate()
{
if (SampleQueriesCategories.CategoriesLinkedList.Count == 0)
{
throw new InvalidOperationException("Cannot create a default policy template; the list of categories is empty.");
}
// List to hold the category policies
List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>();
// Create the default policy template for each category in the list
foreach (string category in SampleQueriesCategories.CategoriesLinkedList)
{
CategoryPolicy categoryPolicy = new CategoryPolicy()
{
CategoryName = category,
UserClaims = new List <UserClaim>()
{
new UserClaim()
{
UserPermissions = new List <Permission>()
{
new Permission()
{
Name = HttpMethods.Post
},
new Permission()
{
Name = HttpMethods.Put
},
new Permission()
{
Name = HttpMethods.Delete
}
}
}
}
};
categoryPolicies.Add(categoryPolicy);
}
SampleQueriesPolicies policies = new SampleQueriesPolicies()
{
CategoryPolicies = categoryPolicies
};
return(policies);
}
public async Task <IActionResult> GetSampleQueriesPoliciesListAsync([FromQuery] string userPrincipalName, [FromQuery] string categoryName)
{
try
{
// Fetch the list of category policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// This will hold the filtered list of category policies
SampleQueriesPolicies filteredPolicies = new SampleQueriesPolicies();
if (!string.IsNullOrEmpty(userPrincipalName) && !string.IsNullOrEmpty(categoryName))
{
filteredPolicies.CategoryPolicies = GetUserPrincipalCategoryPolicies(policies, userPrincipalName, categoryName);
}
else if (!string.IsNullOrEmpty(userPrincipalName))
{
filteredPolicies.CategoryPolicies = GetUserPrincipalCategoryPolicies(policies, userPrincipalName);
}
else if (!string.IsNullOrEmpty(categoryName))
{
filteredPolicies.CategoryPolicies = policies.CategoryPolicies.FindAll(x =>
x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase));
}
else
{
return(Ok(policies));
}
if (filteredPolicies.CategoryPolicies == null || !filteredPolicies.CategoryPolicies.Any())
{
// Search parameter value not found in list of category policies
return(NotFound());
}
// Success; return the found list of category policies from filtered search
return(Ok(filteredPolicies));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
string userPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Add the new user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Extract the first user claim from the given categoryPolicy; this is what was added
UserClaim userClaim = categoryPolicy.UserClaims.First();
// Create the query Uri for the newly created sample query
string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}",
Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName);
return(Created(newUserClaimUri, categoryPolicy));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Gets the JSON file contents of the policies and returns a deserialized instance of a <see cref="SampleQueriesPolicies"/> from this.
/// </summary>
/// <returns>A list of category policies.</returns>
private async Task <SampleQueriesPolicies> GetSampleQueriesPoliciesAsync()
{
// Get the file contents from source
string jsonFileContents = await _fileUtility.ReadFromFile(_policiesFilePathSource);
if (string.IsNullOrEmpty(jsonFileContents))
{
// Create default policies template
SampleQueriesPolicies policies = SamplesPolicyService.CreateDefaultPoliciesTemplate();
// Get the serialized JSON string of the list of policies
string policiesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(policies);
// Save the document-readable JSON-styled string to the source file
await _fileUtility.WriteToFile(policiesJson, _policiesFilePathSource);
// Return the list of policies
return(policies);
}
// Return the list of policies
return(SamplesPolicyService.DeserializeSampleQueriesPolicies(jsonFileContents));
}
public async Task <IActionResult> UpdateSampleQueryAsync(string id, [FromBody] SampleQueryModel sampleQueryModel)
{
try
{
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
string categoryName = sampleQueryModel.Category;
string userPrincipalName = User.Identity.Name;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Put);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to update the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await GetSampleQueriesListAsync();
if (sampleQueriesList.SampleQueries.Count == 0)
{
return(NotFound()); // List is empty; the sample query being searched is definitely not in an empty list
}
// Check if the sample query model exists in the list of sample queries
bool sampleQueryExists = sampleQueriesList.SampleQueries.Exists(x => x.Id == Guid.Parse(id));
if (!sampleQueryExists)
{
throw new InvalidOperationException($"No sample query found with id: {id}");
}
// Update the provided sample query model into the list of sample queries
SampleQueriesList updatedSampleQueriesList = SamplesService.UpdateSampleQueriesList(sampleQueriesList, sampleQueryModel, Guid.Parse(id));
// Get the serialized JSON string of this sample query
string updatedSampleQueriesJson = SamplesService.SerializeSampleQueriesList(updatedSampleQueriesList);
// Save the JSON string to the source file
await _fileUtility.WriteToFile(updatedSampleQueriesJson, _queriesFilePathSource);
// Success; return the sample query model object that was just updated
return(Ok(sampleQueryModel));
}
catch (InvalidOperationException invalidOpsException)
{
// sample query with provided id not found
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> UpdateSampleQueryAsync(string id, [FromBody] SampleQueryModel sampleQueryModel)
{
try
{
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
string categoryName = sampleQueryModel.Category;
ClaimsIdentity identity = (ClaimsIdentity)User.Identity;
IEnumerable <Claim> claims = identity.Claims;
string userPrincipalName =
(claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ??
claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Put);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to update the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await _samplesStore.FetchSampleQueriesListAsync("en-US");
if (sampleQueriesList.SampleQueries.Count == 0)
{
return(NotFound()); // List is empty; the sample query being searched is definitely not in an empty list
}
// Check if the sample query model exists in the list of sample queries
bool sampleQueryExists = sampleQueriesList.SampleQueries.Exists(x => x.Id == Guid.Parse(id));
if (!sampleQueryExists)
{
throw new InvalidOperationException($"No sample query found with id: {id}");
}
// Update the provided sample query model into the list of sample queries
SampleQueriesList updatedSampleQueriesList = SamplesService.UpdateSampleQueriesList(sampleQueriesList, sampleQueryModel, Guid.Parse(id));
// Get the serialized JSON string of this sample query
string updatedSampleQueriesJson = SamplesService.SerializeSampleQueriesList(updatedSampleQueriesList);
// Success; return the sample query model object that was just updated
return(Ok(sampleQueryModel));
}
catch (InvalidOperationException invalidOpsException)
{
// sample query with provided id not found
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Adds to or updates a <see cref="UserClaim"/> in a target <see cref="CategoryPolicy"/> object.
/// </summary>
/// <param name="categoryPolicy">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be updated or added into.</param>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param>
/// <returns>The updated list of <see cref="SampleQueriesPolicies"/>
/// with the new <see cref="UserClaim"/> added or updated at the target <see cref="CategoryPolicy"/> object.</returns>
public static SampleQueriesPolicies ModifyUserClaim(SampleQueriesPolicies policies, CategoryPolicy categoryPolicy)
{
if (policies == null || policies.CategoryPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty.");
}
if (categoryPolicy == null)
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy cannot be null.");
}
// Search the target category policy from the list of policies
CategoryPolicy tempCategoryPolicy = policies.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
if (tempCategoryPolicy == null)
{
throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicy.CategoryName}");
}
// This will be used later to insert the updated category policy back into the list of policies
int tempCategoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == tempCategoryPolicy);
// Fetch the first user claim from the argument supplied
UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault();
if (userClaim == null)
{
throw new ArgumentNullException(nameof(CategoryPolicy), "User claim information missing.");
}
// Get the location of the provided user claim from the temp. category policy
int userClaimIndex = tempCategoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName);
// Add new user claim request
if (userClaimIndex < 0)
{
// Check first whether we have default user claim values in the temp. category policy
CategoryPolicy defaultCategoryPolicyTemplate = new CategoryPolicy
{
UserClaims = new List <UserClaim>()
{
new UserClaim()
}
};
if (tempCategoryPolicy.UserClaims.First().UserPrincipalName ==
defaultCategoryPolicyTemplate.UserClaims.First().UserPrincipalName)
{
/* This is the first claim for this category policy;
* clear the default user claim and add the new user claim. */
tempCategoryPolicy.UserClaims.Clear();
tempCategoryPolicy.UserClaims.Add(userClaim);
}
else // we already have other unique user claim values in this category policy
{
// Insert the new user claim info. to the end of list of user claims
tempCategoryPolicy.UserClaims.Add(userClaim);
}
}
else // Update user claim request
{
// Update the current index with new user claim info.
tempCategoryPolicy.UserClaims.Insert(userClaimIndex, userClaim);
// Delete the original user claim pushed to the next index
tempCategoryPolicy.UserClaims.RemoveAt(++userClaimIndex);
}
// Update the modified category policy back into list of policies
policies.CategoryPolicies.Insert(tempCategoryPolicyIndex, tempCategoryPolicy);
// Delete the original category policy pushed to the next index
policies.CategoryPolicies.RemoveAt(++tempCategoryPolicyIndex);
return(policies);
}
public async Task <IActionResult> DeleteSampleQueryAsync(string id)
{
try
{
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await _samplesStore.FetchSampleQueriesListAsync("en-US");
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Check if the sample query model exists in the list of sample queries
bool sampleQueryExists = sampleQueriesList.SampleQueries.Exists(x => x.Id == Guid.Parse(id));
if (!sampleQueryExists)
{
throw new InvalidOperationException($"No sample query found with id: {id}");
}
string categoryName = sampleQueriesList.SampleQueries.Find(x => x.Id == Guid.Parse(id)).Category;
ClaimsIdentity identity = (ClaimsIdentity)User.Identity;
IEnumerable <Claim> claims = identity.Claims;
string userPrincipalName =
(claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ??
claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Delete);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to delete the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
if (sampleQueriesList.SampleQueries.Count == 0)
{
return(NotFound()); // list is empty; the sample query being searched is definitely not in an empty list
}
// Remove the sample query with given id from the list of sample queries
sampleQueriesList = SamplesService.RemoveSampleQuery(sampleQueriesList, Guid.Parse(id));
// Get the serialized JSON string of the list of sample queries
string newSampleQueriesJson = SamplesService.SerializeSampleQueriesList(sampleQueriesList);
// Disabled functionality
// await _fileUtility.WriteToFile(updatedSampleQueriesJson, _queriesFilePathSource);
// Success; no content to return
return(new JsonResult("Deleted successfully.")
{
StatusCode = StatusCodes.Status204NoContent
});
}
catch (InvalidOperationException invalidOpsException)
{
// Sample query with provided id not found
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> DeleteSampleQueryAsync(string id)
{
try
{
// Get the list of sample queries
SampleQueriesList sampleQueriesList = await GetSampleQueriesListAsync();
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Check if the sample query model exists in the list of sample queries
bool sampleQueryExists = sampleQueriesList.SampleQueries.Exists(x => x.Id == Guid.Parse(id));
if (!sampleQueryExists)
{
throw new InvalidOperationException($"No sample query found with id: {id}");
}
string categoryName = sampleQueriesList.SampleQueries.Find(x => x.Id == Guid.Parse(id)).Category;
string userPrincipalName = User.Identity.Name;
// Check if authenticated user is authorized for this action
bool isAuthorized = SamplesPolicyService.IsUserAuthorized(policies, userPrincipalName, categoryName, HttpMethods.Delete);
if (!isAuthorized)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to delete the sample query. Category: '{categoryName}'")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
if (sampleQueriesList.SampleQueries.Count == 0)
{
return(NotFound()); // list is empty; the sample query being searched is definitely not in an empty list
}
// Remove the sample query with given id from the list of sample queries
sampleQueriesList = SamplesService.RemoveSampleQuery(sampleQueriesList, Guid.Parse(id));
// Get the serialized JSON string of the list of sample queries
string newSampleQueriesJson = SamplesService.SerializeSampleQueriesList(sampleQueriesList);
// Save the document-readable JSON-styled string to the source file
await _fileUtility.WriteToFile(newSampleQueriesJson, _queriesFilePathSource);
// Success; no content to return
return(new JsonResult("Deleted successfully.")
{
StatusCode = StatusCodes.Status204NoContent
});
}
catch (InvalidOperationException invalidOpsException)
{
// Sample query with provided id not found
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
