protected override async Task <PermissionResult> CanUpdateAsync(Organization original, Delta <NewOrganization> changes) { var changed = changes.GetEntity(); if (!await IsOrganizationNameAvailableInternalAsync(changed.Name)) { return(PermissionResult.DenyWithMessage("A organization with this name already exists.")); } return(await base.CanUpdateAsync(original, changes)); }
protected override async Task <PermissionResult> CanDeleteAsync(Token value) { if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && !String.IsNullOrEmpty(value.UserId) && value.UserId != CurrentUser.Id) { return(PermissionResult.DenyWithMessage("Can only delete tokens created by you.")); } if (!String.IsNullOrEmpty(value.ProjectId) && !await IsInProjectAsync(value.ProjectId)) { return(PermissionResult.DenyWithNotFound(value.Id)); } return(await base.CanDeleteAsync(value)); }
protected virtual async Task <PermissionResult> CanUpdateAsync(TModel original, Delta <TUpdateModel> changes) { if (original is IOwnedByOrganization orgModel && !CanAccessOrganization(orgModel.OrganizationId)) { return(PermissionResult.DenyWithMessage("Invalid organization id specified.")); } if (changes.GetChangedPropertyNames().Contains("OrganizationId")) { return(PermissionResult.DenyWithMessage("OrganizationId cannot be modified.")); } return(PermissionResult.Allow); }
protected virtual async Task <PermissionResult> CanAddAsync(TModel value) { if (_isOrganization || !(value is IOwnedByOrganization orgModel)) { return(PermissionResult.Allow); } if (!CanAccessOrganization(orgModel.OrganizationId)) { return(PermissionResult.DenyWithMessage("Invalid organization id specified.")); } return(PermissionResult.Allow); }
protected override async Task <PermissionResult> CanDeleteAsync(User value) { if (value.OrganizationIds.Count > 0) { return(PermissionResult.DenyWithMessage("Please delete or leave any organizations before deleting your account.")); } if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && value.Id != CurrentUser.Id) { return(PermissionResult.Deny); } return(await base.CanDeleteAsync(value)); }
protected override async Task <PermissionResult> CanDeleteAsync(Organization value) { if (!String.IsNullOrEmpty(value.StripeCustomerId) && !User.IsInRole(AuthorizationRoles.GlobalAdmin)) { return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it has a subscription.", value.Id)); } var projects = (await _projectRepository.GetByOrganizationIdAsync(value.Id)).Documents.ToList(); if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && projects.Any()) { return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it contains any projects.", value.Id)); } return(await base.CanDeleteAsync(value)); }
protected override async Task <PermissionResult> CanAddAsync(Project value) { if (String.IsNullOrEmpty(value.Name)) { return(PermissionResult.DenyWithMessage("Project name is required.")); } if (!await IsProjectNameAvailableInternalAsync(value.OrganizationId, value.Name)) { return(PermissionResult.DenyWithMessage("A project with this name already exists.")); } if (!await _billingManager.CanAddProjectAsync(value)) { return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add additional projects.")); } return(await base.CanAddAsync(value)); }
protected override async Task <PermissionResult> CanAddAsync(Organization value) { if (String.IsNullOrEmpty(value.Name)) { return(PermissionResult.DenyWithMessage("Organization name is required.")); } if (!await IsOrganizationNameAvailableInternalAsync(value.Name)) { return(PermissionResult.DenyWithMessage("A organization with this name already exists.")); } if (!await _billingManager.CanAddOrganizationAsync(CurrentUser)) { return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add an additional organization.")); } return(await base.CanAddAsync(value)); }
protected override async Task <PermissionResult> CanAddAsync(WebHook value) { if (String.IsNullOrEmpty(value.Url) || value.EventTypes.Length == 0) { return(PermissionResult.Deny); } if (String.IsNullOrEmpty(value.ProjectId) && String.IsNullOrEmpty(value.OrganizationId)) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.OrganizationId) && !IsInOrganization(value.OrganizationId)) { return(PermissionResult.DenyWithMessage("Invalid organization id specified.")); } Project project = null; if (!String.IsNullOrEmpty(value.ProjectId)) { project = await GetProjectAsync(value.ProjectId); if (project == null) { return(PermissionResult.DenyWithMessage("Invalid project id specified.")); } value.OrganizationId = project.OrganizationId; } if (!await _billingManager.HasPremiumFeaturesAsync(project != null ? project.OrganizationId : value.OrganizationId)) { return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add integrations.")); } return(PermissionResult.Allow); }
protected override async Task <PermissionResult> CanAddAsync(Token value) { // We only allow users to create organization scoped tokens. if (String.IsNullOrEmpty(value.OrganizationId)) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId)) { return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project.")); } foreach (string scope in value.Scopes.ToList()) { if (scope != scope.ToLowerInvariant()) { value.Scopes.Remove(scope); value.Scopes.Add(scope.ToLowerInvariant()); } if (!AuthorizationRoles.AllScopes.Contains(scope.ToLowerInvariant())) { return(PermissionResult.DenyWithMessage("Invalid token scope requested.")); } } if (value.Scopes.Count == 0) { value.Scopes.Add(AuthorizationRoles.Client); } if (value.Scopes.Contains(AuthorizationRoles.Client) && !User.IsInRole(AuthorizationRoles.User)) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.User) && !User.IsInRole(AuthorizationRoles.User)) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !User.IsInRole(AuthorizationRoles.GlobalAdmin)) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId)) { var project = await GetProjectAsync(value.ProjectId); if (project == null) { return(PermissionResult.Deny); } value.OrganizationId = project.OrganizationId; value.DefaultProjectId = null; } if (!String.IsNullOrEmpty(value.DefaultProjectId)) { var project = await GetProjectAsync(value.DefaultProjectId); if (project == null) { return(PermissionResult.Deny); } } if (!String.IsNullOrEmpty(value.ApplicationId)) { var application = await _applicationRepository.GetByIdAsync(value.ApplicationId, true); if (application == null || !IsInOrganization(application.OrganizationId)) { return(PermissionResult.Deny); } } return(await base.CanAddAsync(value)); }
protected override async Task <PermissionResult> CanAddAsync(Token value) { // We only allow users to create organization scoped tokens. if (String.IsNullOrEmpty(value.OrganizationId)) { return(PermissionResult.Deny); } bool hasUserRole = User.IsInRole(AuthorizationRoles.User); bool hasGlobalAdminRole = User.IsInRole(AuthorizationRoles.GlobalAdmin); if (!hasGlobalAdminRole && !String.IsNullOrEmpty(value.UserId) && value.UserId != CurrentUser.Id) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId)) { return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project.")); } foreach (string scope in value.Scopes.ToList()) { string lowerCaseScoped = scope.ToLowerInvariant(); if (!String.Equals(scope, lowerCaseScoped)) { value.Scopes.Remove(scope); value.Scopes.Add(lowerCaseScoped); } if (!AuthorizationRoles.AllScopes.Contains(lowerCaseScoped)) { return(PermissionResult.DenyWithMessage("Invalid token scope requested.")); } } if (value.Scopes.Count == 0) { value.Scopes.Add(AuthorizationRoles.Client); } if (value.Scopes.Contains(AuthorizationRoles.Client) && !hasUserRole) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.User) && !hasUserRole) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !hasGlobalAdminRole) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId)) { var project = await GetProjectAsync(value.ProjectId); if (project == null) { return(PermissionResult.Deny); } value.OrganizationId = project.OrganizationId; value.DefaultProjectId = null; } if (!String.IsNullOrEmpty(value.DefaultProjectId)) { var project = await GetProjectAsync(value.DefaultProjectId); if (project == null) { return(PermissionResult.Deny); } } return(await base.CanAddAsync(value)); }
protected override PermissionResult CanAdd(Token value) { if (String.IsNullOrEmpty(value.OrganizationId)) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId)) { return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project.")); } foreach (string scope in value.Scopes.ToList()) { if (scope != scope.ToLower()) { value.Scopes.Remove(scope); value.Scopes.Add(scope.ToLower()); } if (!AuthorizationRoles.AllScopes.Contains(scope.ToLower())) { return(PermissionResult.DenyWithMessage("Invalid token scope requested.")); } } if (value.Scopes.Count == 0) { value.Scopes.Add(AuthorizationRoles.Client); } if (value.Scopes.Contains(AuthorizationRoles.Client) && !User.IsInRole(AuthorizationRoles.User)) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.User) && !User.IsInRole(AuthorizationRoles.User)) { return(PermissionResult.Deny); } if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !User.IsInRole(AuthorizationRoles.GlobalAdmin)) { return(PermissionResult.Deny); } if (!String.IsNullOrEmpty(value.ProjectId)) { Project project = _projectRepository.GetById(value.ProjectId, true); value.OrganizationId = project.OrganizationId; if (!IsInProject(project)) { return(PermissionResult.Deny); } } if (!String.IsNullOrEmpty(value.ApplicationId)) { var application = _applicationRepository.GetById(value.ApplicationId, true); if (application == null || !IsInOrganization(application.OrganizationId)) { return(PermissionResult.Deny); } } return(base.CanAdd(value)); }