Beispiel #1
0
        public async Task ApplyApplicationDefninitionWithNulledFunctions_NoApplicationIsPresent_ReturnsNewApplicationWithoutFunctions()
        {
            // Create an application repository that returns the supplied models so that they can be interrogated, rather than going to the DB.
            // The main thng we want to test here is how the service maps from the security contract onto the model, which is lost if we simply
            // mock the model that is returned from the repository.

            // The fake repository has an overloaded constructor that allows us to inject the mocked model it will return when getById or getByName functions
            // are called on the fake repository.
            var applicationRespository = new ApplicationRepositoryFake(null);
            var identityServiceApiResourceRepository = Substitute.For <IIdentityApiResourceRepository>();
            var permissionsRepository           = Substitute.For <IPermissionRepository>();
            var applicationFunctionRepository   = Substitute.For <IApplicationFunctionRepository>();
            var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();

            var securityContractApplicationService = new SecurityContractApplicationService(applicationRespository, identityServiceApiResourceRepository, permissionsRepository, applicationFunctionRepository, applicationDataPolicyRepository);

            // Define an application security contract definition.
            var applicationSecurityContract = new SecurityContractApplication();

            // The fake application respository is going to return the mocked application.
            // Also, set the functions section of the application to null (just dont define it). This should set returned application model functions association to null.
            applicationSecurityContract.Fullname = "Test Application Fullname";

            var returnedApplicationModel = await securityContractApplicationService.ApplyResourceServerDefinitionAsync(applicationSecurityContract, Guid.NewGuid());

            Assert.True(returnedApplicationModel.Name == applicationSecurityContract.Fullname, $"Returned application name: '{returnedApplicationModel.Name}' does not match the expected valueL '{applicationSecurityContract.Fullname}'");
            // Even though the mock application has application functions associated with it, they should have been removed owing to empty functions section defined in the app security contract.
            Assert.True(returnedApplicationModel.ApplicationFunctions.Count == 0, $"Returned applications functions count expected to be '0'. Actual count is '{returnedApplicationModel.ApplicationFunctions.Count}'");
        }
Beispiel #2
0
        public async Task <ApplicationModel> ApplyResourceServerDefinitionAsync(SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById)
        {
            logger.Debug($"Applying application security contract definition for application: '{applicationSecurityContractDefinition.Fullname}'");
            // Attempt to load any existing application by name, as the name is essentially the API primary key.
            var application = await applicationRepository.GetByNameAsync(applicationSecurityContractDefinition.Fullname);

            if (application == null)
            {
                logger.Debug($"Application '{applicationSecurityContractDefinition.Fullname}' not found in database. Creating new application.");
                return(await CreateNewResourceServer(applicationSecurityContractDefinition, updatedById));
            }
            logger.Debug($"Application '{applicationSecurityContractDefinition.Fullname}' already exists. Updating it.");
            return(await UpdateExistingResourceServer(application, applicationSecurityContractDefinition, updatedById));
        }
Beispiel #3
0
        private async Task CreateApiResourceForApplicationOnIdentityServer(SecurityContractApplication applicationSecurityContractDefinition)
        {
            // Note: Always added 'permission' as the user claims that need to be mapped into access tokens for this API Resource.
            ApiResource identityServerApiResource = await identityApiResourceRespository.GetByNameAsync(applicationSecurityContractDefinition.Fullname);

            if (identityServerApiResource == null)
            {
                await identityApiResourceRespository.CreateAsync(applicationSecurityContractDefinition.Fullname, new[] { "permission" });
            }
            else
            {
                logger.Debug($"[applications.fullname: '{applicationSecurityContractDefinition.Fullname}']: The API Resource with name '{applicationSecurityContractDefinition.Fullname}' already exists on the Identity Server. Not creating a new one!");
            }
        }
Beispiel #4
0
        public async Task <List <SecurityContractApplication> > GetResourceServerDefinitionsAsync()
        {
            logger.Debug($"Retrieving application security contract definitions.");

            var contractApplications             = new List <SecurityContractApplication>();
            List <ApplicationModel> applications = await applicationRepository.GetListAsync();

            foreach (var application in applications.OrderBy(o => o.SysPeriod.LowerBound))
            {
                logger.Debug($"Retrieving application security contract definition for Application [{application.Name}].");

                var contractApplication = new SecurityContractApplication()
                {
                    Fullname             = application.Name,
                    ApplicationFunctions = new List <SecurityContractFunction>()
                };

                foreach (var applicationFunction in application.ApplicationFunctions.OrderBy(o => o.SysPeriod.LowerBound))
                {
                    logger.Debug($"Retrieving application security contract definition for ApplicationFunction [{applicationFunction.Name}].");

                    var contractAppFunction = new SecurityContractFunction()
                    {
                        Name        = applicationFunction.Name,
                        Description = applicationFunction.Description,
                        Permissions = new List <SecurityContractPermission>()
                    };

                    foreach (var applicationPermission in applicationFunction.ApplicationFunctionPermissions.OrderBy(o => o.Permission.SysPeriod.LowerBound))
                    {
                        logger.Debug($"Retrieving application security contract definition for ApplicationPermission [{applicationPermission.Permission.Name}].");

                        contractAppFunction.Permissions.Add(new SecurityContractPermission()
                        {
                            Name        = applicationPermission.Permission.Name,
                            Description = applicationPermission.Permission.Description
                        });
                    }

                    contractApplication.ApplicationFunctions.Add(contractAppFunction);

                    AddApplicationDataPoliciesToSecurityContractDefinintionFromApplication(contractApplication, application);
                }

                contractApplications.Add(contractApplication);
            }

            return(contractApplications);
        }
Beispiel #5
0
        public async Task ApplyApplicationDefninitionWithFunctions_ExistingApplicationIsPresent_ReturnsUpdatedApplicationWithUpdatedFunctions()
        {
            // Create an application repository that returns the supplied models so that they can be interrogated, rather than going to the DB.
            // The main thng we want to test here is how the service maps from the security contract onto the model, which is lost if we simply
            // mock the model that is returned from the repository.

            // The fake repository has an overloaded constructor that allows us to inject the mocked model it will return when getById or getByName functions
            // are called on the fake repository.
            var applicationRespository = new ApplicationRepositoryFake(mockedApplication);
            var identityServiceApiResourceRepository = Substitute.For <IIdentityApiResourceRepository>();
            var permissionsRepository              = Substitute.For <IPermissionRepository>();
            var applicationFunctionRepository      = Substitute.For <IApplicationFunctionRepository>();
            var applicationDataPolicyRepository    = Substitute.For <IApplicationDataPolicyRepository>();
            var securityContractApplicationService = new SecurityContractApplicationService(applicationRespository, identityServiceApiResourceRepository, permissionsRepository, applicationFunctionRepository, applicationDataPolicyRepository);

            // Define an application security contract definition.
            var applicationSecurityContract = new SecurityContractApplication();

            // The fake application respository is going to return the mocked application.
            // Also, set the functions section of the application to null (just dont define it). This should set returned application model functions association to null.
            // The application name is the primary key when dealing with the YAML so set it to the name on the mocked model.
            applicationSecurityContract.Fullname             = "Mocked Application Name";
            applicationSecurityContract.ApplicationFunctions = new List <SecurityContractFunction> {
                new SecurityContractFunction
                {
                    Name        = "Test Function 1",
                    Description = "Test Function 1 description",
                    Permissions = new List <SecurityContractPermission> {
                        new SecurityContractPermission
                        {
                            Name        = "Permission 1",
                            Description = "Permission 1 description"
                        }
                    }
                }
            };

            var returnedApplicationModel = await securityContractApplicationService.ApplyResourceServerDefinitionAsync(applicationSecurityContract, Guid.NewGuid());

            Assert.True(returnedApplicationModel.Name == applicationSecurityContract.Fullname, $"Returned application name: '{returnedApplicationModel.Name}' does not match the expected value '{applicationSecurityContract.Fullname}'");
            // Even though the mock application has application functions associated with it, they would NOT have actually been removed as this requires the actual deletion to happen in order for the collection to be udpated.
            // This also applies to the function elements.
            Assert.True(returnedApplicationModel.ApplicationFunctions.Count == 3, $"Returned applications functions count expected to be '3'. Actual count is '{returnedApplicationModel.ApplicationFunctions.Count}'");
            Assert.True(returnedApplicationModel.ApplicationFunctions.First().Name == "Function 1", $"Returned function name expected to be 'Function 1'. Actual value is: '{returnedApplicationModel.ApplicationFunctions.First().Name}'");
        }
Beispiel #6
0
        private async Task <ApplicationModel> CreateNewResourceServer(SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid)
        {
            try
            {
                // Note: Always added 'permission' as the user claims that need to be mapped into access tokens for this API Resource.
                ApiResource identityServerApiResource = await identityApiResourceRespository.GetByNameAsync(applicationSecurityContractDefinition.Fullname);

                if (identityServerApiResource == null)
                {
                    await identityApiResourceRespository.CreateAsync(applicationSecurityContractDefinition.Fullname, new[] { "permission" });
                }
                else
                {
                    logger.Warn($"The API Resource with name '{applicationSecurityContractDefinition.Fullname}' already exists on the Identity Server. Not creating a new one!");
                }
            }
            catch (Exception e)
            {
                string errMessage = String.Format($"Error creating new resource on Identity Server: {e.Message}");
                logger.Error(errMessage);
                throw;
            }

            // Create the A3S representation of the resource.
            ApplicationModel application = new ApplicationModel
            {
                Name                    = applicationSecurityContractDefinition.Fullname,
                ChangedBy               = updatedByGuid,
                ApplicationFunctions    = new List <ApplicationFunctionModel>(),
                ApplicationDataPolicies = new List <ApplicationDataPolicyModel>()
            };

            if (applicationSecurityContractDefinition.ApplicationFunctions != null)
            {
                foreach (var function in applicationSecurityContractDefinition.ApplicationFunctions)
                {
                    application.ApplicationFunctions.Add(CreateNewFunctionFromResourceServerFunction(function, updatedByGuid));
                }
            }

            var newApplication = await applicationRepository.CreateAsync(application);

            return(await SynchroniseApplicationDataPoliciesWithSecurityContract(newApplication, applicationSecurityContractDefinition, updatedByGuid));
        }
Beispiel #7
0
        private async Task <ApplicationModel> CreateApplication(SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            await CreateApiResourceForApplicationOnIdentityServer(applicationSecurityContractDefinition);

            // Create the A3S representation of the resource.
            ApplicationModel application = new ApplicationModel
            {
                Name                    = applicationSecurityContractDefinition.Fullname,
                ChangedBy               = updatedByGuid,
                ApplicationFunctions    = new List <ApplicationFunctionModel>(),
                ApplicationDataPolicies = new List <ApplicationDataPolicyModel>()
            };

            if (applicationSecurityContractDefinition.ApplicationFunctions != null)
            {
                foreach (var function in applicationSecurityContractDefinition.ApplicationFunctions)
                {
                    // Application functions should be unique, check that another one does not exist prior to attempting to add it to the application.
                    var existingApplicationFunction = await applicationFunctionRepository.GetByNameAsync(function.Name);

                    if (existingApplicationFunction != null)
                    {
                        var errorMessage = $"[applications.fullname: '{applicationSecurityContractDefinition.Fullname}'].[applicationFunctions.name: '{function.Name}']: Cannot create application function '{function.Name}', as there is already an application function with this nam assigned to another application.";

                        if (dryRun)
                        {
                            securityContractDryRunResult.ValidationErrors.Add(errorMessage);
                            // Attempting to add the function anyway would result in a uniqueness contraint violation and break the transaction.
                            continue;
                        }

                        throw new ItemNotProcessableException(errorMessage);
                    }

                    logger.Error($"Adding function {function.Name} to application.");
                    application.ApplicationFunctions.Add(CreateNewApplicationFunctionFromSecurityContractApplicationFunction(function, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult));
                }
            }
            // Set an initial value to the un-saved model.
            ApplicationModel newApplication = await applicationRepository.CreateAsync(application);

            return(await SynchroniseApplicationDataPoliciesWithSecurityContract(newApplication, applicationSecurityContractDefinition, updatedByGuid, dryRun, securityContractDryRunResult));
        }
Beispiel #8
0
        public async Task ApplyResourceServerDefinitionAsync_NoIdentityServerAPIResourcePresent_ReturnsUpdatedApplicationWithoutFunctions()
        {
            var applicationRepository = Substitute.For <IApplicationRepository>();
            var identityServiceApiResourceRepository = Substitute.For <IIdentityApiResourceRepository>();
            var permissionsRepository           = Substitute.For <IPermissionRepository>();
            var applicationFunctionRepository   = Substitute.For <IApplicationFunctionRepository>();
            var applicationDataPolicyRepository = Substitute.For <IApplicationDataPolicyRepository>();

            identityServiceApiResourceRepository.GetByNameAsync(Arg.Any <string>()).Returns(new ApiResource());

            var newApplication = mockedApplication;

            newApplication.ApplicationDataPolicies = new List <ApplicationDataPolicyModel>()
            {
                new ApplicationDataPolicyModel()
                {
                    Name = "Test Name"
                }
            };

            applicationRepository.CreateAsync(Arg.Any <ApplicationModel>()).Returns(newApplication);
            applicationRepository.UpdateAsync(Arg.Any <ApplicationModel>()).Returns(newApplication);

            var securityContractApplicationService = new SecurityContractApplicationService(applicationRepository, identityServiceApiResourceRepository, permissionsRepository, applicationFunctionRepository, applicationDataPolicyRepository);

            // Define an application security contract definition.
            var applicationSecurityContract = new SecurityContractApplication();

            // The fake application respository is going to return the mocked application.
            // Also, set the functions section of the application to null (just dont define it). This should set returned application model functions association to null.
            applicationSecurityContract.Fullname = mockedApplication.Name;

            var returnedApplicationModel = await securityContractApplicationService.ApplyResourceServerDefinitionAsync(applicationSecurityContract, Guid.NewGuid(), false, new SecurityContractDryRunResult());

            Assert.True(returnedApplicationModel.Name == "Mocked Application Name", $"Returned application name: '{returnedApplicationModel.Name}' does not match the expected valueL '{mockedApplication.Name}'");
            // Even though the mock application has application functions associated with it, they should have been removed owing to empty functions section defined in the app security contract.
            //Assert.True(returnedApplicationModel.ApplicationFunctions.Count == 0, $"Returned applications functions count expected to be '0'. Actual count is '{returnedApplicationModel.ApplicationFunctions.Count}'");
        }
Beispiel #9
0
        private async Task <ApplicationModel> UpdateExistingResourceServer(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById)
        {
            var updatedApplication = await SynchroniseFunctions(application, applicationSecurityContractDefinition, updatedById);

            await permissionRepository.DeletePermissionsNotAssignedToApplicationFunctionsAsync();

            await SynchroniseApplicationDataPoliciesWithSecurityContract(application, applicationSecurityContractDefinition, updatedById);

            return(updatedApplication);
        }
Beispiel #10
0
        private async Task <ApplicationModel> AddApplicationDataPoliciesFromSecurityContractToApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            if (applicationSecurityContractDefinition.DataPolicies != null && applicationSecurityContractDefinition.DataPolicies.Any())
            {
                foreach (var dataPolicyToAdd in applicationSecurityContractDefinition.DataPolicies)
                {
                    await AddSpecificApplicationDataPolyFromSecurityContractToApplication(application, dataPolicyToAdd, updatedById, dryRun, securityContractDryRunResult);
                }
            }
            else
            {
                logger.Debug($"[applications.fullname: '{application.Name}'].[dataPolicies]: No application data policies defined for application '{application.Name}'.");
            }

            return(await applicationRepository.UpdateAsync(application));
        }
Beispiel #11
0
        private void AddApplicationDataPoliciesToSecurityContractDefinintionFromApplication(SecurityContractApplication contractApplication, ApplicationModel application)
        {
            logger.Debug($"Retrieving application data policies for application '{application.Name}'");
            contractApplication.DataPolicies = new List <SecurityContractApplicationDataPolicy>();

            if (application.ApplicationDataPolicies != null && application.ApplicationDataPolicies.Any())
            {
                foreach (var applicationDataPolicy in application.ApplicationDataPolicies)
                {
                    logger.Debug($"Found data policy '{applicationDataPolicy.Name}' for application '{application.Name}'");
                    contractApplication.DataPolicies.Add(new SecurityContractApplicationDataPolicy
                    {
                        Name        = applicationDataPolicy.Name,
                        Description = applicationDataPolicy.Description
                    });
                }
            }
        }
Beispiel #12
0
        private async Task <ApplicationModel> SynchroniseFunctions(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid)
        {
            await SynchroniseFunctionsFromResourceServerDefinitionToApplication(application, applicationSecurityContractDefinition, updatedByGuid);
            await DetectApplicationFunctionsRemovedFromSecurityContractAndRemoveFromApplication(application, applicationSecurityContractDefinition);

            return(application);
        }
Beispiel #13
0
        private async Task <ApplicationModel> DetectApplicationFunctionsRemovedFromSecurityContractAndRemoveFromApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition)
        {
            if (application.ApplicationFunctions.Count > 0)
            {
                for (int i = application.ApplicationFunctions.Count - 1; i >= 0; i--)
                {
                    if (applicationSecurityContractDefinition.ApplicationFunctions == null || !applicationSecurityContractDefinition.ApplicationFunctions.Exists(f => f.Name == application.ApplicationFunctions[i].Name))
                    {
                        logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{application.ApplicationFunctions[i].Name}']: ApplicationFunction: '{application.ApplicationFunctions[i].Name}' was previously assigned to application '{application.Name}' but no longer is within the security contract being processed. Un-assigning ApplicationFunction '{application.ApplicationFunctions[i].Name}' from application '{application.Name}'!");
                        // Note: This only removes the application function permissions association. The permission will still exist. We cannot remove the permission here, as it may be assigned to other functions.
                        await applicationFunctionRepository.DeleteAsync(application.ApplicationFunctions[i]);
                    }
                }
            }

            return(application);
        }
Beispiel #14
0
        private async Task <ApplicationModel> SynchroniseFunctionsFromResourceServerDefinitionToApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid)
        {
            if (applicationSecurityContractDefinition.ApplicationFunctions == null)
            {
                return(application);
            }

            foreach (var functionResource in applicationSecurityContractDefinition.ApplicationFunctions)
            {
                var applicationFunction = application.ApplicationFunctions.Find(af => af.Name == functionResource.Name);

                if (applicationFunction == null)
                {
                    application.ApplicationFunctions.Add(CreateNewFunctionFromResourceServerFunction(functionResource, updatedByGuid));
                }
                else
                {
                    // Edit an existing function.
                    applicationFunction.Name        = functionResource.Name;
                    applicationFunction.Description = functionResource.Description;
                    applicationFunction.ChangedBy   = updatedByGuid;

                    if (functionResource.Permissions != null)
                    {
                        // Add any new permissions to the function.
                        foreach (var permission in functionResource.Permissions)
                        {
                            AddPermissionToFunctionIfNotAlreadyAssigned(applicationFunction, permission);
                        }

                        DetectAndUnassignPermissionsRemovedFromFunctions(applicationFunction, functionResource);
                    }
                    else
                    {
                        // Remove any possible permissions that are assigned to the application function.
                        applicationFunction.ApplicationFunctionPermissions.Clear();
                    }
                }
            }

            return(await applicationRepository.Update(application));
        }
Beispiel #15
0
        private async Task <ApplicationModel> SynchroniseFunctionsFromResourceServerDefinitionToApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            if (applicationSecurityContractDefinition.ApplicationFunctions == null)
            {
                return(application);
            }

            foreach (var functionResource in applicationSecurityContractDefinition.ApplicationFunctions)
            {
                await SynchroniseSpecificFunctionFromResourceServerDefinitionToApplication(functionResource, application, applicationSecurityContractDefinition, updatedByGuid, dryRun, securityContractDryRunResult);
            }

            return(await applicationRepository.UpdateAsync(application));
        }
Beispiel #16
0
        private async Task SynchroniseSpecificFunctionFromResourceServerDefinitionToApplication(SecurityContractFunction functionResource, ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            var applicationFunction = application.ApplicationFunctions.Find(af => af.Name == functionResource.Name);

            if (applicationFunction == null)
            {
                logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' does not exist. Creating it.");
                // We now know this application does not have a function with the name assigned. However, another one might, check for this.
                var existingApplicationFunction = await applicationFunctionRepository.GetByNameAsync(functionResource.Name);

                if (existingApplicationFunction != null)
                {
                    var errorMessage = $"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists in another application. Cannot assign it to application: '{application.Name}'";
                    if (dryRun)
                    {
                        securityContractDryRunResult.ValidationErrors.Add(errorMessage);
                        return;
                    }

                    throw new ItemNotProcessableException(errorMessage);
                }

                application.ApplicationFunctions.Add(CreateNewApplicationFunctionFromSecurityContractApplicationFunction(functionResource, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult));
            }
            else
            {
                logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists. Updating it.");
                // Edit an existing function.
                applicationFunction.Name        = functionResource.Name;
                applicationFunction.Description = functionResource.Description;
                applicationFunction.ChangedBy   = updatedByGuid;

                if (functionResource.Permissions != null)
                {
                    DetectAndUnassignPermissionsRemovedFromFunctions(applicationFunction, functionResource);

                    // Add any new permissions to the function.
                    foreach (var permission in functionResource.Permissions)
                    {
                        AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(applicationFunction, permission, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult);
                    }
                }
                else
                {
                    // Remove any possible permissions that are assigned to the application function.
                    applicationFunction.ApplicationFunctionPermissions.Clear();
                }
            }
        }
Beispiel #17
0
        private async Task <ApplicationModel> SynchroniseFunctions(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            await DetectApplicationFunctionsRemovedFromSecurityContractAndRemoveFromApplication(application, applicationSecurityContractDefinition);

            await permissionRepository.DeletePermissionsNotAssignedToApplicationFunctionsAsync();

            await SynchroniseFunctionsFromResourceServerDefinitionToApplication(application, applicationSecurityContractDefinition, updatedByGuid, dryRun, securityContractDryRunResult);

            return(application);
        }
Beispiel #18
0
        private async Task <ApplicationModel> AddApplicationDataPoliciesFromSecurityContractToApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById)
        {
            if (applicationSecurityContractDefinition.DataPolicies != null && applicationSecurityContractDefinition.DataPolicies.Any())
            {
                foreach (var dataPolicyToAdd in applicationSecurityContractDefinition.DataPolicies)
                {
                    logger.Debug($"Adding data policy from security contract: {dataPolicyToAdd.Name}");
                    var existingDataPolicy = application.ApplicationDataPolicies.Find(adp => adp.Name == dataPolicyToAdd.Name);

                    if (existingDataPolicy == null)
                    {
                        logger.Debug($"Data policy '{dataPolicyToAdd.Name}' was not assigned to application '{application.Name}'. Adding it.");
                        application.ApplicationDataPolicies.Add(new ApplicationDataPolicyModel
                        {
                            Name        = dataPolicyToAdd.Name,
                            Description = dataPolicyToAdd.Description,
                            ChangedBy   = updatedById
                        });
                    }
                    else
                    {
                        logger.Debug($"Data policy '{dataPolicyToAdd.Name}' is currently assigned to application '{application.Name}'. Updating it.");
                        // Bind possible changes to the editable components of the data policy.
                        existingDataPolicy.Description = dataPolicyToAdd.Description;
                        existingDataPolicy.ChangedBy   = updatedById;
                    }
                }
            }
            else
            {
                logger.Debug($"No application data policies defined for application '{application.Name}'.");
            }

            return(await applicationRepository.Update(application));
        }
Beispiel #19
0
        private async Task <ApplicationModel> DetectApplicationFunctionsRemovedFromSecurityContractAndRemoveFromApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition)
        {
            if (application.ApplicationFunctions.Count > 0)
            {
                for (int i = application.ApplicationFunctions.Count - 1; i >= 0; i--)
                {
                    logger.Debug($"Checking whether application function: '{application.ApplicationFunctions[i].Name}' should unassigned from application '{application.Name}'.");
                    if (applicationSecurityContractDefinition.ApplicationFunctions == null || !applicationSecurityContractDefinition.ApplicationFunctions.Exists(f => f.Name == application.ApplicationFunctions[i].Name))
                    {
                        logger.Debug($"Function: '{application.ApplicationFunctions[i].Name}' is being unassigned from application '{application.Name}' !");
                        // Note: This only removes the application function permissions association. The permission will still exist. We cannot remove the permission here, as it may be assigned to other functions.
                        await applicationFunctionRepository.DeleteAsync(application.ApplicationFunctions[i]);
                    }
                }
            }

            return(application);
        }
Beispiel #20
0
        private async Task <ApplicationModel> RemoveApplicationDataPoliciesCurrentlyAssignedToApplicationThatAreNoLongerInSecurityContract(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition)
        {
            if (application.ApplicationDataPolicies != null && application.ApplicationDataPolicies.Any())
            {
                for (int i = application.ApplicationDataPolicies.Count - 1; i >= 0; i--)
                {
                    if (applicationSecurityContractDefinition.DataPolicies == null || !applicationSecurityContractDefinition.DataPolicies.Exists(dp => dp.Name == application.ApplicationDataPolicies[i].Name))
                    {
                        logger.Debug($"[applications.fullname: '{application.Name}'].[dataPolicies.name]: Data Policy: '{application.ApplicationDataPolicies[i].Name}' was historically assigned to application '{application.Name}', but no longer is within thse security contract being processed. Removing dataPolicy '{application.ApplicationDataPolicies[i].Name}' from application '{application.Name}'!");
                        await applicationDataPolicyRepository.DeleteAsync(application.ApplicationDataPolicies[i]);
                    }
                }
            }

            return(application);
        }
Beispiel #21
0
        private async Task <ApplicationModel> SynchroniseApplicationDataPoliciesWithSecurityContract(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            await RemoveApplicationDataPoliciesCurrentlyAssignedToApplicationThatAreNoLongerInSecurityContract(application, applicationSecurityContractDefinition);

            return(await AddApplicationDataPoliciesFromSecurityContractToApplication(application, applicationSecurityContractDefinition, updatedById, dryRun, securityContractDryRunResult));
        }
Beispiel #22
0
        private async Task <ApplicationModel> UpdateExistingApplication(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedById, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            var updatedApplication = await SynchroniseFunctions(application, applicationSecurityContractDefinition, updatedById, dryRun, securityContractDryRunResult);

            await SynchroniseApplicationDataPoliciesWithSecurityContract(application, applicationSecurityContractDefinition, updatedById, dryRun, securityContractDryRunResult);

            return(updatedApplication);
        }
Beispiel #23
0
        private async Task <ApplicationModel> RemoveApplicationDataPoliciesCurrentlyAssignedToApplicationThatAreNoLongerInSecurityContract(ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition)
        {
            if (application.ApplicationDataPolicies != null && application.ApplicationDataPolicies.Any())
            {
                for (int i = application.ApplicationDataPolicies.Count - 1; i >= 0; i--)
                {
                    logger.Debug($"Checking whether application data policy: '{application.ApplicationDataPolicies[i].Name}' should unassigned from application '{application.Name}'.");
                    if (applicationSecurityContractDefinition.DataPolicies == null || !applicationSecurityContractDefinition.DataPolicies.Exists(dp => dp.Name == application.ApplicationDataPolicies[i].Name))
                    {
                        logger.Debug($"Data Policy: '{application.ApplicationDataPolicies[i].Name}' is being unassigned from application '{application.Name}'!");
                        await applicationDataPolicyRepository.DeleteAsync(application.ApplicationDataPolicies[i]);
                    }
                }
            }

            return(application);
        }