public void Revoke(CRN resource, CPN principal, CSN schema = null)
{
var found = this.storage.FindBy(it =>
it.Principal == principal &&
it.Resources.Any(r =>
{
if (resource.IncludesWildcard)
{
return(resource.IsWildcardMatch(r.Identifier));
}
return(r.Identifier == resource);
}));
if (schema != default(CSN))
{
found = found.Where(f => f.Resources.Any(r => r.Schema == schema));
}
var keys = found.Select(f => f.GetHash());
foreach (var k in keys)
{
this.storage.Remove(k);
}
}
public IEnumerable <PermissionGrant> GetByPrincipalAndSchema(CPN principal, CSN schema)
{
var principalStr = principal?.ToString();
var schemaStr = schema?.ToString();
var foundPrincipal = this.context.Principals.FirstOrDefault(p => p.CanonicalName == principalStr);
var foundSchema = this.context.Schemas.FirstOrDefault(s => s.CanonicalName == schemaStr);
if (foundPrincipal == null)
{
return(new List <PermissionGrant>());
}
var query = GetQuery();
Func <Persistance.Models.PermissionGrant, bool> filter;
if (foundSchema != null)
{
filter = (g) => g.PrincipalId == foundPrincipal.PrincipalId && g.SchemaId == foundSchema.SchemaId;
}
else
{
filter = g => g.PrincipalId == foundPrincipal.PrincipalId;
}
return(query.Where(filter).ToList().Select(ToModel));
}
public IActionResult Get()
{
// somehow determine what the resource, action and schema are
var resource = CRN.FromValue("crn:farm/1");
var action = ResourceAction.FromValue("iam:owner");
var schema = CSN.FromValue("csn:ag-data:farm");
// validate permissions
var permissionsValid = this.ValidatePermissions(resource, action, schema);
if (!permissionsValid)
{
return(Forbid());
}
var rng = new Random();
return(Ok(Enumerable.Range(1, 5).Select(index => new WeatherForecast
{
Date = DateTime.Now.AddDays(index),
TemperatureC = rng.Next(-20, 55),
Summary = Summaries[rng.Next(Summaries.Length)]
})
.ToArray()));
}
public IEnumerator jumpToNodeAndPLay()
{
int index = currentIndexNode;
if (index >= currentCutScene.nodeList.Count || !continuePlaying)
{
foreach (CutSceneNodes CSN in currentCutScene.nodeList)
{
CSN.hasExecutionEnded = false;
CSN.end();
}
currentCutScene = null;
toggleUIVisibility(false);
onCutSceneEnd.Invoke();
yield return(null);
}
else
{
currentNode = currentCutScene.nodeList[index];
currentNode.cutScene = currentCutScene;
currentNode.start();
while (!currentNode.hasExecutionEnded && continuePlaying)
{
currentNode.update();
yield return(null);
}
currentNode.end();
if (continuePlaying)
{
++currentIndexNode;
onGoing = StartCoroutine("jumpToNodeAndPLay");
}
}
}
public IEnumerable <DataSchema> All()
{
return(this.context.Schemas.ToList().Select(s => new DataSchema()
{
Description = s.Description,
DisplayName = s.DisplayName,
Identifier = CSN.FromValue(s.CanonicalName)
}));
}
private PermissionGrant ToModel(Persistance.Models.PermissionGrant entity)
{
return(new PermissionGrant()
{
Id = entity.PermissionGrantId,
Principal = CPN.FromValue(entity.Principal.CanonicalName),
Schema = CSN.FromValue(entity.Schema.CanonicalName),
Actions = entity.Actions.Select(a => ResourceAction.FromValue(a.Action.CanonicalName)).ToList(),
Resource = entity.Resources.Select(r => CRN.FromValue(r.Resource.CanonicalName)).ToList()
});
}
public static bool ValidatePermissions <T>(
this T controller,
CRN resource,
ResourceAction action,
CSN schema)
where T : ControllerBase
{
var principal = controller.User;
// parse out resources
var resourceClaims = principal.Claims.Where(c => c.Type.StartsWith("resource"));
var resourcesAllowed = resourceClaims.Select(c =>
{
var base64 = c.Value;
var json = base64.FromBase64Encoded();
return(JsonConvert.DeserializeObject <PermissionTicketResource>(json));
});
// find resources matching schema
var forSchema = resourcesAllowed.Where(r => r.Schema == schema).ToList();
if (!forSchema.Any())
{
return(false);
}
// find resources matching either wildcard or direct match
var matching = forSchema.Where(r =>
{
if (resource.IncludesWildcard)
{
return(resource.IsWildcardMatch(r.Identifier));
}
return(resource == r.Identifier);
}).ToList();
if (!matching.Any())
{
return(false);
}
// find resources matching required action
var withAction = matching.Where(r => r.Actions.Contains(action));
return(withAction.Any());
}
public void Remove(CSN schema)
{
if (schema == null)
{
return;
}
var found = this.context.Schemas.FirstOrDefault(s => s.CanonicalName == schema.ToString());
if (found == null)
{
return;
}
this.context.Remove(found);
this.context.SaveChanges();
}
public void RemovePolicy(CRN identifier, CSN schema)
{
var provider = this.context.DataProviders.FirstOrDefault(p => p.CanonicalName == identifier.ToString());
var foundSchema = this.context.Schemas.FirstOrDefault(s => s.CanonicalName == schema.ToString());
if (provider == null || foundSchema == null)
{
return;
}
var found = this.context.DataProviderPolicies.FirstOrDefault(p =>
p.DataProviderId == provider.DataProviderId && p.SchemaId == foundSchema.SchemaId);
if (found == null)
{
return;
}
this.context.Remove(found);
this.context.SaveChanges();
}
public IEnumerable <DataProviderPolicy> GetPoliciesForSchema(CSN schema)
{
return(this.context.DataProviderPolicies
.Include(p => p.Provider)
.Include(p => p.Schema)
.Include(p => p.PolicyItems)
.ThenInclude(i => i.Principal)
.Where(p => p.Schema.CanonicalName == schema.ToString())
.ToList()
.Select(p => new DataProviderPolicy()
{
Provider = CRN.FromValue(p.Provider.CanonicalName),
Schema = CSN.FromValue(p.Schema.CanonicalName),
Rule = p.PolicyItems.Select(i => new DataProviderPolicyRule()
{
Principal = CPN.FromValue(i.Principal.CanonicalName),
Allow = i.Allow,
Deny = i.Deny
}).ToList()
}));
}
public IActionResult Get([FromRoute] string principal, [FromQuery] string schema = null)
{
IEnumerable <PermissionGrant> results;
var principalRn = CPN.FromValue(HttpUtility.UrlDecode(principal));
if (schema == null)
{
results = this.grantFinder.Find(principalRn);
}
else
{
var schemaRn = CSN.FromValue(HttpUtility.UrlDecode(schema));
results = this.grantFinder.Find(principalRn, schemaRn);
}
if (!results.Any())
{
return(NotFound());
}
return(Ok(results));
}
public IActionResult Delete(string identifier)
{
identifier = HttpUtility.UrlDecode(identifier);
this.storage.Remove(CSN.FromValue(identifier));
return(Ok());
}
public IEnumerable <DataProviderPolicy> GetPoliciesForSchema(CSN schema) => this.policies.Where(p => p.Schema == schema);
public void RemovePolicy(CRN identifier, CSN schema) => this.policies.RemoveAll(p => p.Provider == identifier && p.Schema == schema);
public DataProviderPolicy WithSchema(CSN schema)
{
Schema = schema;
return(this);
}
public IEnumerable <PermissionGrant> GetByPrincipalAndSchema(CPN principal, CSN schema) => this.grants.Where(g => g.Principal == principal && g.Schema == schema);
public PermissionGrant WithSchema(CSN schema)
{
Schema = schema;
return(this);
}
public IEnumerable <PermissionGrant> Find(CPN principal, CSN schema) => this.storage.GetByPrincipalAndSchema(principal, schema);
public PermissionTicketResource ForSchema(CSN schema)
{
Schema = schema;
return(this);
}
