/// <summary>
/// These are sensitive claims related to being able to manage security for the entire system. Hence these are dealt
/// seperately from the application related claims.
/// </summary>
/// <returns>IEnumerable of Claims.</returns>
/// <remarks>Notice we are also not storing the permissions in Aumentum. We do not want someone to accidently assign these permissions from the Aumentum side.</remarks>
public IEnumerable <Claim> GetFullSecurityClaims()
{
return(new List <Claim>
{
ClaimsHelper.ToClaim("api.securityservice", "ClientInfo", true, true, true, true),
ClaimsHelper.ToClaim("api.securityservice", "Client", true, true, true, true)
});
}
private Claim ToClaim(Permission permission, Permission parentPermission = null)
{
return(ClaimsHelper.ToClaim(permission.ApplicationName, permission.Name,
parentPermission != null ? parentPermission.CanView || permission.CanView : permission.CanView,
parentPermission != null ? parentPermission.CanCreate || permission.CanCreate : permission.CanCreate,
parentPermission != null ? parentPermission.CanModify || permission.CanModify : permission.CanModify,
parentPermission != null ? parentPermission.CanDelete || permission.CanDelete : permission.CanDelete));
}
public static string DeleteSql(string applicationName, string resource, ServiceTypes serviceType)
{
var apiScopeName = GetApiScopeName(applicationName, serviceType);
var claim = ClaimsHelper.ToClaim(
PermissionSeeder.ToApplicationName(applicationName),
PermissionSeeder.ToResourceName(resource), false, false, false, false);
return($"DELETE FROM [dbo].[ApiScopeClaims] WHERE [ApiScopeId] = (SELECT Id FROM [dbo].[ApiScopes] WHERE Name='{apiScopeName}') AND [Type] = '{claim.Type}'");
}
public static string InsertSql(string applicationName, string resource, ServiceTypes serviceType)
{
var apiScopeName = GetApiScopeName(applicationName, serviceType);
var claim = ClaimsHelper.ToClaim(
PermissionSeeder.ToApplicationName(applicationName),
PermissionSeeder.ToResourceName(resource), false, false, false, false);
return($"INSERT INTO [dbo].[ApiScopeClaims]([ApiScopeId],[Type]) VALUES((SELECT Id FROM [dbo].[ApiScopes] WHERE Name='{apiScopeName}'),'{claim.Type}')");
}