public async Task <ActionResult <Group> > createGroup([FromBody] groupUserMultipart gu)
{
Group group = gu.group;
ApplicationUser user = gu.user;
string tags = gu.tags;
DateTime now = DateTime.Now;
group.DateCreated = now;
group.IsPublished = true;
group = stringToTag(tags, group);
Group rg = await _groupService.AddGroupAD(group);
if (rg == null)
{
return(NotFound());
}
//User auto joins group, is automatically a moderator
UsersGroup n = new UsersGroup
{
GroupId = rg.GroupId,
UserId = user.Id,
IsMod = true
};
await _usersService.JoinGroup(n);
return(rg);
}
/// <summary>
/// temporary string
/// </summary>
/// <param name="usersGroupName">Name of the users group.</param>
public virtual void RemoveUsersGroup(string usersGroupName)
{
UsersGroup group = GetUsersGroupByName(usersGroupName);
if (group == null)
{
return;
}
Guard.Against(group.DirectChildren.Count != 0, "Cannot remove users group '" + usersGroupName + "' because is has child groups. Remove those groups and try again.");
session.CreateQuery("delete Permission p where p.UsersGroup = :group")
.SetEntity("group", group)
.ExecuteUpdate();
// we have to do this in order to ensure that we play
// nicely with the second level cache and collection removals
if (group.Parent != null)
{
group.Parent.DirectChildren.Remove(group);
}
foreach (UsersGroup parent in group.AllParents)
{
parent.AllChildren.Remove(group);
}
group.AllParents.Clear();
group.Users.Clear();
session.Delete(group);
}
public async Task <IActionResult> Edit(int id, [Bind("Id,UserId,GroupId")] UsersGroup usersGroup)
{
if (id != usersGroup.UserId)
{
return(NotFound());
}
if (ModelState.IsValid)
{
try
{
_context.Update(usersGroup);
await _context.SaveChangesAsync();
}
catch (DbUpdateConcurrencyException)
{
if (!UsersGroupExists(usersGroup.UserId))
{
return(NotFound());
}
else
{
throw;
}
}
return(RedirectToAction(nameof(Index)));
}
ViewData["GroupId"] = new SelectList(_context.Groups, "Id", "Name", usersGroup.GroupId);
ViewData["UserId"] = new SelectList(_context.Users, "Id", "Email", usersGroup.UserId);
return(View(usersGroup));
}
public async Task <bool> JoinGroup(UsersGroup ug)
{
int userId = ug.UserId;
int groupId = ug.GroupId;
//Check if record exists
UsersGroup usersGroup = await _context.UsersGroups
.Where(x => x.UserId == userId)
.FirstOrDefaultAsync(x => x.GroupId == groupId);
if (usersGroup == null)
{
_context.Add(ug);
var saveResult = await _context.SaveChangesAsync();
return(true);
}
else
{
_context.UsersGroups.Remove(usersGroup);
var saveResult = await _context.SaveChangesAsync();
return(false);
}
}
/// <summary>
/// Gets the permissions for the specified usergroup
/// </summary>
/// <param name="userGroup">The usersGroup.</param>
/// <returns></returns>
// RH 4/5/2012
public Permission[] GetPermissionsFor(UsersGroup userGroup)
{
DetachedCriteria criteria = DetachedCriteria.For<Permission>()
.Add(Expression.Eq("UsersGroup", userGroup));
return FindResults(criteria);
}
public void CanGetPermissionsByUsersGroup_ThatIncludeParentPermissions()
{
UsersGroup group = authorizationRepository.CreateChildUserGroupOf("Administrators", "DBA");
authorizationRepository.CreateOperation("/Account/Delete");
permissionsBuilderService
.Allow("/Account/Edit")
.For("Administrators")
.On(account)
.DefaultLevel()
.Save();
session.Flush();
permissionsBuilderService
.Allow("/Account/Delete")
.For("DBA")
.On(account)
.DefaultLevel()
.Save();
session.Flush();
Permission[] permissions = permissionService.GetPermissionsFor(group);
Assert.Equal(2, permissions.Length);
}
/// <summary>
/// Creates a new users group.
/// </summary>
/// <param name="name">The name of the new group.</param>
public virtual UsersGroup CreateUsersGroup(string name)
{
if (GetUsersGroupByName(name) != null) { return null; }
var ug = new UsersGroup {Name = name};
session.Save(ug);
return ug;
}
public void DoesDeletingEntityRemoveEntityReferences()
{
var user = new User()
{
Name = "Alberto"
};
session.Save(user);
session.Flush();
var group = new UsersGroup()
{
Name = "Guests"
};
session.Save(group);
session.Flush();
authorizationRepository.AssociateUserWith(user, group);
session.Flush();
var deleteAccountOperation = authorizationRepository.CreateOperation("/Account/Delete");
session.Flush();
var californiaGroup = authorizationRepository.CreateEntitiesGroup("California");
session.Flush();
var account = new Account()
{
Name = "Bob"
};
session.Save(account);
session.Flush();
authorizationRepository.AssociateEntityWith <Account>(account, californiaGroup);
session.Flush();
permissionsBuilderService
.Allow(deleteAccountOperation)
.For(group)
.On(californiaGroup)
.Level(10)
.Save();
session.Flush();
bool isAllowed = authorizationService.IsAllowed <Account>(user, account, deleteAccountOperation.Name);
session.Delete(account);
session.Flush();
var accountFetch = session.CreateCriteria <Account>()
.Add(Restrictions.Eq("Name", "Bob"))
.UniqueResult <Account>();
Assert.Null(accountFetch);
}
public static void AllowOnEverything(this IPermissionsBuilderService pbs, UsersGroup group, params IEnumerable[] ops)
{
foreach (var op in ops.SelectMany(x => x.Cast <Enum>()))
{
pbs.Allow(op.ToOperation()).For(group).OnEverything().DefaultLevel().Save();
}
}
/// <summary>
/// Removes the user from the specified group
/// </summary>
/// <param name="user">The user.</param>
/// <param name="usersGroupName">Name of the users group.</param>
public void DetachUserFromGroup(IUser user, string usersGroupName)
{
UsersGroup group = GetUsersGroupByName(usersGroupName);
Guard.Against(group == null, "There is no users group named: " + usersGroupName);
group.Users.Remove(user);
}
public void WillReturnNothingForUsersGroupIfOperationNotDefined_WithDetachedCriteria()
{
UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators");
DetachedCriteria detachedCriteria = DetachedCriteria.For <Account>();
authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Delete", detachedCriteria);
Assert.Empty(detachedCriteria.GetExecutableCriteria(session).List());
}
/// <summary>
/// Gets all permissions for the specified group
/// </summary>
/// <param name="group">The group</param>
/// <returns></returns>
public Permission[] GetPermissionsFor(UsersGroup group)
{
DetachedCriteria criteria = DetachedCriteria.For <Permission>()
.Add(Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllGroups(group).SetProjection(Projections.Id())));
return(FindResults(criteria));
}
/// <summary>
/// Associates the user with a group with the specified name
/// </summary>
/// <param name="user">The user.</param>
/// <param name="groupName">Name of the group.</param>
public virtual void AssociateUserWith(IUser user, string groupName)
{
UsersGroup group = GetUsersGroupByName(groupName);
Guard.Against(group == null, "There is no users group named: " + groupName);
AssociateUserWith(user, group);
}
/// <summary>
/// Removes the user from the specified group
/// </summary>
/// <param name="user">The user.</param>
/// <param name="usersGroupName">Name of the users group.</param>
public void DetachUserFromGroup(IUser user, string usersGroupName)
{
UsersGroup group = GetUsersGroupByName(usersGroupName);
Guard.Against(group == null, "There is no users group named: " + usersGroupName);
group.Users.Remove(user);
session.SessionFactory.EvictQueries("rhino-security-UsersGroup");
}
/// <summary>
/// Creates a new users group.
/// </summary>
/// <param name="name">The name of the new group.</param>
public virtual UsersGroup CreateUsersGroup(string name)
{
var ug = new UsersGroup {
Name = name
};
session.Save(ug);
return(ug);
}
public Permission[] GetPermissionsFor(UsersGroup usersGroup, bool eager = false)
{
var criteria = DetachedCriteria.For <Permission>()
.Add(Expression.Eq("UsersGroup", usersGroup) ||
Subqueries.PropertyIn("UsersGroup.Id",
SecurityCriterions.AllUsersGroupParents(usersGroup).SetProjection(Projections.Id())));
return(FindResults(criteria, eager));
}
/// <summary>
/// Set the users group that this permission is built for
/// </summary>
/// <param name="usersGroupName">Name of the users group.</param>
/// <returns></returns>
public IOnPermissionBuilder For(string usersGroupName)
{
UsersGroup usersGroup = permissionBuilderService
.authorizationRepository
.GetUsersGroupByName(usersGroupName);
Guard.Against <ArgumentException>(usersGroup == null, "There is not users group named: " + usersGroup);
return(For(usersGroup));
}
///<summary>
/// Renames an existing users group
///</summary>
///<param name="usersGroupName">The name of the usersgroup to rename</param>
///<param name="newName">The new name of the usersgroup</param>
///<returns>The renamed group</returns>
public virtual UsersGroup RenameUsersGroup(string usersGroupName, string newName)
{
UsersGroup group = GetUsersGroupByName(usersGroupName);
Guard.Against(group == null, "There is no users group named: " + usersGroupName);
group.Name = newName;
session.Save(group);
return(group);
}
//[Route("post")]
public async Task <ActionResult <booleanJson> > JoinGroup([FromBody] UsersGroup ug)
{
bool joined = await _usersService.JoinGroup(ug);
booleanJson boolJ = new booleanJson {
flag = joined
};
return(boolJ);
}
public void CanGetUsersGroupByName()
{
UsersGroup group = authorizationRepository.CreateUsersGroup("Admininstrators");
session.Flush();
session.Evict(group);
group = authorizationRepository.GetUsersGroupByName("Admininstrators");
Assert.NotNull(group);
}
/// <summary>
/// Gets the permissions for the specified user group
/// </summary>
/// <param name="usersGroup">The group.</param>
/// <param name="operationName">The operation name.</param>
/// <returns></returns>
public Permission[] GetPermissionsFor(UsersGroup usersGroup, string operationName)
{
string[] operationNames = Strings.GetHierarchicalOperationNames(operationName);
DetachedCriteria criteria = DetachedCriteria.For <Permission>()
.Add(Restrictions.Eq("UsersGroup", usersGroup))
.CreateAlias("Operation", "op")
.Add(Restrictions.In("op.Name", operationNames));
return(FindResults(criteria));
}
public static DetachedCriteria AllGroups(UsersGroup group)
{
DetachedCriteria criteria = DetachedCriteria.For <UsersGroup>()
.CreateAlias("AllChildren", "child", JoinType.LeftOuterJoin)
.Add(
Expression.Eq("child.id", group.Id) ||
Expression.IdEq(group.Id))
.SetProjection(Projections.Id());
return(DetachedCriteria.For <UsersGroup>()
.Add(Subqueries.PropertyIn("Id", criteria)));
}
public async Task <IActionResult> Create([Bind("Id,UserId,GroupId")] UsersGroup usersGroup)
{
if (ModelState.IsValid)
{
_context.Add(usersGroup);
await _context.SaveChangesAsync();
return(RedirectToAction(nameof(Index)));
}
ViewData["GroupId"] = new SelectList(_context.Groups, "Id", "Name", usersGroup.GroupId);
ViewData["UserId"] = new SelectList(_context.Users, "Id", "Email", usersGroup.UserId);
return(View(usersGroup));
}
public void CanCreateUsersGroup()
{
UsersGroup group = authorizationRepository.CreateUsersGroup("Admininstrators");
session.Flush();
session.Evict(group);
UsersGroup groupFromDb = session.Get <UsersGroup>(group.Id);
Assert.NotNull(groupFromDb);
Assert.Equal(group.Name, groupFromDb.Name);
}
public void WillReturnResultForUsersGroupIfAllowPermissionWasDefinedOnEverything()
{
UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators");
permissionsBuilderService
.Allow("/Account/Edit")
.For(usersgroup)
.OnEverything()
.DefaultLevel()
.Save();
session.Flush();
authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria);
Assert.NotEmpty(criteria.List());
}
public async Task <IActionResult> ConfirmDelete(UsersGroup model)
{
if (model.Id > 0)
{
var result = await _manager.DeleteUsersGroup(model.Id);
if (result)
{
return(RedirectToAction("List"));
}
}
//Display view with errors
return(View());
}
public ActionResult AddUsers(Group group)
{
try {
var usergroup = new UsersGroup { UserID = group.UserID, GroupID = group.GroupID };
db.UsersGroups.Add(usergroup);
db.SaveChanges();
return RedirectToAction("AddUsers", new { id = group.GroupID });
}
catch(Exception ex)
{
Group dto = db.Groups.Find(group.GroupID);
this.ModelState.AddModelError(string.Empty, ex.Message);
return View(dto);
}
}
public void CanGetPermissionsByUsersGroup()
{
UsersGroup group = authorizationRepository.GetUsersGroupByName("Administrators");
permissionsBuilderService
.Allow("/Account/Edit")
.For(group)
.On(account)
.DefaultLevel()
.Save();
session.Flush();
Permission[] permissions = permissionService.GetPermissionsFor(group);
Assert.Equal(1, permissions.Length);
}
public void DeeplyNestedUsersGroup()
{
UsersGroup group = authorizationRepository.CreateUsersGroup("Root");
for (int j = 0; j < 50; j++)
{
group = authorizationRepository.CreateChildUserGroupOf(group.Name, "Child #" + j);
}
authorizationRepository.AssociateUserWith(user, "Child #49");
UsersGroup[] groups = authorizationRepository.GetAncestryAssociation(user, "Root");
Assert.Equal(51, groups.Length);
}
public void WillReturnResultForUsersGroupOnAccountIfPermissionWasAllowedToUserOnTheGroupTheEntityIsAssociatedWith()
{
UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators");
permissionsBuilderService
.Allow("/Account/Edit")
.For(usersgroup)
.On("Important Accounts")
.DefaultLevel()
.Save();
session.Flush();
authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria);
Assert.NotEmpty(criteria.List());
}
public void WillReturnNothingForUsersGroupoOnAccountIfPermissionWasDeniedOnGroup()
{
UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators");
permissionsBuilderService
.Deny("/Account/Edit")
.For(usersgroup)
.On(account)
.DefaultLevel()
.Save();
session.Flush();
authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria);
Assert.Empty(criteria.List());
}
/// <summary>
/// Gets the ancestry association of a user with the named users group.
/// This allows to track how a user is associated to a group through
/// their ancestry.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="usersGroupName">Name of the users group.</param>
/// <returns></returns>
public virtual UsersGroup[] GetAncestryAssociation(IUser user, string usersGroupName)
{
UsersGroup desiredGroup = GetUsersGroupByName(usersGroupName);
ICollection <UsersGroup> directGroups =
SecurityCriterions.DirectUsersGroups((user))
.GetExecutableCriteria(session)
.SetCacheable(true)
.List <UsersGroup>();
if (directGroups.Contains(desiredGroup))
{
return(new[] { desiredGroup });
}
// as a nice benefit, this does an eager load of all the groups in the hierarchy
// in an efficient way, so we don't have SELECT N + 1 here, nor do we need
// to load the Users collection (which may be very large) to check if we are associated
// directly or not
UsersGroup[] associatedGroups = GetAssociatedUsersGroupFor(user);
if (Array.IndexOf(associatedGroups, desiredGroup) == -1)
{
return(new UsersGroup[0]);
}
// now we need to find out the path to it
List <UsersGroup> shortest = new List <UsersGroup>();
foreach (UsersGroup usersGroup in associatedGroups)
{
List <UsersGroup> path = new List <UsersGroup>();
UsersGroup current = usersGroup;
while (current != null && current != desiredGroup)
{
path.Add(current);
current = current.Parent;
}
if (current != null)
{
path.Add(current);
}
// Valid paths are those that are contains the desired group
// and start in one of the groups that are directly associated
// with the user
if (path.Contains(desiredGroup) && directGroups.Contains(path[0]))
{
shortest = Min(shortest, path);
}
}
return(shortest.ToArray());
}
protected override void SetUp()
{
base.SetUp();
var currentConversation = ServiceLocator.Current.GetInstance<IConversation>();
using (currentConversation.SetAsCurrent())
{
_authZRepo = ServiceLocator.Current.GetInstance<AuthorizationRepositoryFactory>().Create();
_userRepository = ServiceLocator.Current.GetInstance<UserRepository>();
_permissionBuilderService = ServiceLocator.Current.GetInstance<PermissionsBuilderServiceFactory>().Create();
_seniorUser = _userRepository.Create(new User { Name = "Senior" });
_juniorUser = _userRepository.Create(new User { Name = "Junior" });
_seniorMgrs = _authZRepo.CreateUsersGroup("Senior Managers");
_juniorMgrs = _authZRepo.CreateUsersGroup("Junior Managers");
_op4Senior = _authZRepo.CreateOperation("/Operation/ForSenior");
currentConversation.Flush();
_op4Junior = _authZRepo.CreateOperation("/Operation/ForJunior");
_authZRepo.AssociateUserWith(_seniorUser, _seniorMgrs);
_authZRepo.AssociateUserWith(_juniorUser, _juniorMgrs);
_permissionBuilderService
.Allow(_op4Junior)
.For(_juniorMgrs)
.OnEverything()
.DefaultLevel()
.Save();
_permissionBuilderService
.Deny(_op4Senior)
.For(_juniorMgrs)
.OnEverything()
.DefaultLevel()
.Save();
_permissionBuilderService
.Allow(_op4Senior)
.For(_seniorMgrs)
.OnEverything()
.DefaultLevel()
.Save();
currentConversation.Flush();
}
_targetController = ServiceLocator.Current.GetInstance<PermissionController>();
}
/// <summary>
/// Creates the users group as a child of <paramref name="parentGroupName"/>.
/// </summary>
/// <param name="parentGroupName">Name of the parent group.</param>
/// <param name="usersGroupName">Name of the users group.</param>
/// <returns></returns>
public virtual UsersGroup CreateChildUserGroupOf(string parentGroupName, string usersGroupName)
{
UsersGroup parent = GetUsersGroupByName(parentGroupName);
Guard.Against <ArgumentException>(parent == null,
"Parent users group '" + parentGroupName + "' does not exists");
UsersGroup group = CreateUsersGroup(usersGroupName);
group.Parent = parent;
group.AllParents.AddAll(parent.AllParents);
group.AllParents.Add(parent);
parent.DirectChildren.Add(group);
parent.AllChildren.Add(group);
return(group);
}
private ICriterion GetPermissionQueryInternal(UsersGroup usersgroup, string operation, string securityKeyProperty)
{
string[] operationNames = Strings.GetHierarchicalOperationNames(operation);
DetachedCriteria criteria = DetachedCriteria.For<Permission>("permission")
.CreateAlias("Operation", "op")
.CreateAlias("EntitiesGroup", "entityGroup", JoinType.LeftOuterJoin)
.CreateAlias("entityGroup.Entities", "entityKey", JoinType.LeftOuterJoin)
.SetProjection(Projections.Property("Allow"))
.Add(Expression.In("op.Name", operationNames))
.Add(Expression.Eq("UsersGroup", usersgroup))
.Add(
Property.ForName(securityKeyProperty).EqProperty("permission.EntitySecurityKey") ||
Property.ForName(securityKeyProperty).EqProperty("entityKey.EntitySecurityKey") ||
(
Expression.IsNull("permission.EntitySecurityKey") &&
Expression.IsNull("permission.EntitiesGroup")
)
)
.SetMaxResults(1)
.AddOrder(Order.Desc("Level"))
.AddOrder(Order.Asc("Allow"));
return Subqueries.Eq(true, criteria);
}
///<summary>Adds the permissions to the criteria query for the given usersgroup
///</summary>
///<param name="usersgroup">The usersgroup. Only permissions directly related to this usergroup
/// are taken into account</param>
///<param name="operation">The operation</param>
///<param name="criteria">The criteria</param>
public void AddPermissionsToQuery(UsersGroup usersgroup, string operation, DetachedCriteria criteria)
{
ICriterion allowed = GetPermissionQueryInternal(usersgroup, operation, GetSecurityKeyProperty(criteria));
criteria.Add(allowed);
}
/// <summary>
/// Associates the user with a group with the specified name
/// </summary>
/// <param name="user">The user.</param>
/// <param name="group">The group.</param>
public void AssociateUserWith(IUser user, UsersGroup group)
{
group.Users.Add(user);
}
/// <summary>
///
/// </summary>
/// <param name="usersGroup"></param>
/// <returns></returns>
public virtual UsersGroup UpdateUsersGroup(UsersGroup usersGroup)
{
Guard.Against(usersGroup.EntityId <=0 , "This UsersGroup does not exist yet");
session.Save(usersGroup);
return usersGroup;
}
/// <summary>
/// Set the users group that this permission is built for
/// </summary>
/// <param name="usersGroup">The users group.</param>
/// <returns></returns>
public IOnPermissionBuilder For(UsersGroup usersGroup)
{
permission.UsersGroup = usersGroup;
return this;
}
