public async Task <IActionResult> ReconcileAsync([HttpTrigger(AuthorizationLevel.Anonymous, Route = "reconcile/{organization}/{project}/{scope}/{ruleName}/{item?}")] HttpRequestMessage request,
                                                         string organization,
                                                         string project,
                                                         string scope,
                                                         string ruleName,
                                                         string item = null)
        {
            if (string.IsNullOrWhiteSpace(project))
            {
                throw new ArgumentNullException(nameof(project));
            }
            if (string.IsNullOrWhiteSpace(scope))
            {
                throw new ArgumentNullException(nameof(scope));
            }
            if (string.IsNullOrWhiteSpace(ruleName))
            {
                throw new ArgumentNullException(nameof(ruleName));
            }

            var id = _tokenizer.IdentifierFromClaim(request);

            if (id == null)
            {
                return(new UnauthorizedResult());
            }

            var userId = GetUserIdFromQueryString(request);

            if (!(await HasPermissionToReconcileAsync(project, id, userId)))
            {
                return(new UnauthorizedResult());
            }

            var data = await DeserializeBodyAsync(request);

            switch (scope)
            {
            case RuleScopes.GlobalPermissions:
                return(await ReconcileGlobalPermissionsAsync(project, ruleName));

            case RuleScopes.Repositories:
                return(await ReconcileItemAsync(project, ruleName, item));

            case RuleScopes.BuildPipelines:
                return(await ReconcileItemAsync(project, ruleName, item));

            case RuleScopes.ReleasePipelines:
                return(await ReconcileItemAsync(project, ruleName, item));

            default:
                return(new NotFoundObjectResult(scope));
            }
        }
        public async Task <HttpResponseMessage> RunAsync(
            [HttpTrigger(AuthorizationLevel.Anonymous, Route = "scan/{organization}/{projectName}/{scope}")]
            HttpRequestMessage request, string organization, string projectName, string scope,
            [DurableClient] IDurableOrchestrationClient starter)
        {
            if (starter == null)
            {
                throw new ArgumentNullException(nameof(starter));
            }

            if (_tokenizer.IdentifierFromClaim(request) == null)
            {
                return(new HttpResponseMessage(HttpStatusCode.Unauthorized));
            }

            var project = await _azuredo.GetAsync(Project.ProjectByName(projectName));

            if (project == null)
            {
                return(new HttpResponseMessage(HttpStatusCode.NotFound));
            }

            // clear cache for manual scan
            _policiesResolver.Clear(project.Id);

            var scanDate   = DateTime.UtcNow;
            var instanceId = await starter.StartNewAsync <object>(nameof(ProjectScanOrchestrator), (project, scope, scanDate));

            return(await starter.WaitForCompletionOrCreateCheckStatusResponseAsync(request, instanceId,
                                                                                   TimeSpan.FromSeconds(TimeOut)));
        }