private void AssignExistingPermissionToApplicationFunction(PermissionModel existingPermission, string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult, Guid updatedByGuid) { if (ExistingPermissionIsAssignedToAnotherApplication(existingPermission, applicationName)) { var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission name exists, but is not assigned to application '{applicationName}'. Cannot assign it to application '{applicationName}', as permissions can only be assigned to a single application"; if (dryRun) { securityContractDryRunResult.ValidationErrors.Add(errorMessage); return; } throw new ItemNotProcessableException(errorMessage); } logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to application '{applicationName}'. Updating it."); var applicationFunctionPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name); // This check will be true if the permission was assigned to another function attached to the same application. Prevent this! if (applicationFunctionPermission == null) { var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to another application function within application '{applicationName}'. This is prohibited."; if (dryRun) { securityContractDryRunResult.ValidationErrors.Add(errorMessage); return; } throw new ItemNotProcessableException(errorMessage); } // Still check if the permission is to be updated. if (applicationFunctionPermission.Permission.Description != permission.Description) { applicationFunctionPermission.Permission.Description = permission.Description; applicationFunctionPermission.Permission.ChangedBy = updatedByGuid; } }
private void AssignNewPermissionToApplicationFunction(string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid) { logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' does not exist in A3S. Adding it."); applicationFunction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel { ApplicationFunction = applicationFunction, Permission = new PermissionModel { Name = permission.Name, Description = permission.Description, ChangedBy = updatedByGuid }, ChangedBy = updatedByGuid }); }
private void AddResourcePermissionToFunction(ApplicationFunctionModel applicationFuction, SecurityContractPermission permission) { logger.Debug($"Assinging permission {permission.Name} to function: {applicationFuction.Name}."); // Check if there is an existing permission within the database. Add this one if found, else create a new one and add it. var existingPermission = permissionRepository.GetByName(permission.Name); PermissionModel permissionToAdd = new PermissionModel { Name = permission.Name, Description = permission.Description }; if (existingPermission != null) { logger.Debug($"Permission {permission.Name} already exists within the database. Not adding it."); permissionToAdd = existingPermission; } else { logger.Debug($"Permission {permission.Name} does not exist in the database. Adding it."); } applicationFuction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel { ApplicationFunction = applicationFuction, Permission = permissionToAdd }); }
private void AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult) { logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Attempting to assign permission '{permission.Name}' to function: {applicationFunction.Name}."); // Check if there is an existing permission within the database. Add this one if found, but only if it is assigned to the current application, else create a new one and add it. var existingPermission = permissionRepository.GetByName(permission.Name, true); if (existingPermission != null) { AssignExistingPermissionToApplicationFunction(existingPermission, applicationName, applicationFunction, permission, dryRun, securityContractDryRunResult, updatedByGuid); } else { AssignNewPermissionToApplicationFunction(applicationName, applicationFunction, permission, updatedByGuid); } }
private void AddPermissionToFunctionIfNotAlreadyAssigned(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission) { // add the permission if it does not exist. var applicationPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name); if (applicationPermission == null) { AddResourcePermissionToFunction(applicationFunction, permission); } }