public async Task <ActionResult <Group> > createGroup([FromBody] groupUserMultipart gu) { Group group = gu.group; ApplicationUser user = gu.user; string tags = gu.tags; DateTime now = DateTime.Now; group.DateCreated = now; group.IsPublished = true; group = stringToTag(tags, group); Group rg = await _groupService.AddGroupAD(group); if (rg == null) { return(NotFound()); } //User auto joins group, is automatically a moderator UsersGroup n = new UsersGroup { GroupId = rg.GroupId, UserId = user.Id, IsMod = true }; await _usersService.JoinGroup(n); return(rg); }
/// <summary> /// temporary string /// </summary> /// <param name="usersGroupName">Name of the users group.</param> public virtual void RemoveUsersGroup(string usersGroupName) { UsersGroup group = GetUsersGroupByName(usersGroupName); if (group == null) { return; } Guard.Against(group.DirectChildren.Count != 0, "Cannot remove users group '" + usersGroupName + "' because is has child groups. Remove those groups and try again."); session.CreateQuery("delete Permission p where p.UsersGroup = :group") .SetEntity("group", group) .ExecuteUpdate(); // we have to do this in order to ensure that we play // nicely with the second level cache and collection removals if (group.Parent != null) { group.Parent.DirectChildren.Remove(group); } foreach (UsersGroup parent in group.AllParents) { parent.AllChildren.Remove(group); } group.AllParents.Clear(); group.Users.Clear(); session.Delete(group); }
public async Task <IActionResult> Edit(int id, [Bind("Id,UserId,GroupId")] UsersGroup usersGroup) { if (id != usersGroup.UserId) { return(NotFound()); } if (ModelState.IsValid) { try { _context.Update(usersGroup); await _context.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!UsersGroupExists(usersGroup.UserId)) { return(NotFound()); } else { throw; } } return(RedirectToAction(nameof(Index))); } ViewData["GroupId"] = new SelectList(_context.Groups, "Id", "Name", usersGroup.GroupId); ViewData["UserId"] = new SelectList(_context.Users, "Id", "Email", usersGroup.UserId); return(View(usersGroup)); }
public async Task <bool> JoinGroup(UsersGroup ug) { int userId = ug.UserId; int groupId = ug.GroupId; //Check if record exists UsersGroup usersGroup = await _context.UsersGroups .Where(x => x.UserId == userId) .FirstOrDefaultAsync(x => x.GroupId == groupId); if (usersGroup == null) { _context.Add(ug); var saveResult = await _context.SaveChangesAsync(); return(true); } else { _context.UsersGroups.Remove(usersGroup); var saveResult = await _context.SaveChangesAsync(); return(false); } }
/// <summary> /// Gets the permissions for the specified usergroup /// </summary> /// <param name="userGroup">The usersGroup.</param> /// <returns></returns> // RH 4/5/2012 public Permission[] GetPermissionsFor(UsersGroup userGroup) { DetachedCriteria criteria = DetachedCriteria.For<Permission>() .Add(Expression.Eq("UsersGroup", userGroup)); return FindResults(criteria); }
public void CanGetPermissionsByUsersGroup_ThatIncludeParentPermissions() { UsersGroup group = authorizationRepository.CreateChildUserGroupOf("Administrators", "DBA"); authorizationRepository.CreateOperation("/Account/Delete"); permissionsBuilderService .Allow("/Account/Edit") .For("Administrators") .On(account) .DefaultLevel() .Save(); session.Flush(); permissionsBuilderService .Allow("/Account/Delete") .For("DBA") .On(account) .DefaultLevel() .Save(); session.Flush(); Permission[] permissions = permissionService.GetPermissionsFor(group); Assert.Equal(2, permissions.Length); }
/// <summary> /// Creates a new users group. /// </summary> /// <param name="name">The name of the new group.</param> public virtual UsersGroup CreateUsersGroup(string name) { if (GetUsersGroupByName(name) != null) { return null; } var ug = new UsersGroup {Name = name}; session.Save(ug); return ug; }
public void DoesDeletingEntityRemoveEntityReferences() { var user = new User() { Name = "Alberto" }; session.Save(user); session.Flush(); var group = new UsersGroup() { Name = "Guests" }; session.Save(group); session.Flush(); authorizationRepository.AssociateUserWith(user, group); session.Flush(); var deleteAccountOperation = authorizationRepository.CreateOperation("/Account/Delete"); session.Flush(); var californiaGroup = authorizationRepository.CreateEntitiesGroup("California"); session.Flush(); var account = new Account() { Name = "Bob" }; session.Save(account); session.Flush(); authorizationRepository.AssociateEntityWith <Account>(account, californiaGroup); session.Flush(); permissionsBuilderService .Allow(deleteAccountOperation) .For(group) .On(californiaGroup) .Level(10) .Save(); session.Flush(); bool isAllowed = authorizationService.IsAllowed <Account>(user, account, deleteAccountOperation.Name); session.Delete(account); session.Flush(); var accountFetch = session.CreateCriteria <Account>() .Add(Restrictions.Eq("Name", "Bob")) .UniqueResult <Account>(); Assert.Null(accountFetch); }
public static void AllowOnEverything(this IPermissionsBuilderService pbs, UsersGroup group, params IEnumerable[] ops) { foreach (var op in ops.SelectMany(x => x.Cast <Enum>())) { pbs.Allow(op.ToOperation()).For(group).OnEverything().DefaultLevel().Save(); } }
/// <summary> /// Removes the user from the specified group /// </summary> /// <param name="user">The user.</param> /// <param name="usersGroupName">Name of the users group.</param> public void DetachUserFromGroup(IUser user, string usersGroupName) { UsersGroup group = GetUsersGroupByName(usersGroupName); Guard.Against(group == null, "There is no users group named: " + usersGroupName); group.Users.Remove(user); }
public void WillReturnNothingForUsersGroupIfOperationNotDefined_WithDetachedCriteria() { UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators"); DetachedCriteria detachedCriteria = DetachedCriteria.For <Account>(); authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Delete", detachedCriteria); Assert.Empty(detachedCriteria.GetExecutableCriteria(session).List()); }
/// <summary> /// Gets all permissions for the specified group /// </summary> /// <param name="group">The group</param> /// <returns></returns> public Permission[] GetPermissionsFor(UsersGroup group) { DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllGroups(group).SetProjection(Projections.Id()))); return(FindResults(criteria)); }
/// <summary> /// Associates the user with a group with the specified name /// </summary> /// <param name="user">The user.</param> /// <param name="groupName">Name of the group.</param> public virtual void AssociateUserWith(IUser user, string groupName) { UsersGroup group = GetUsersGroupByName(groupName); Guard.Against(group == null, "There is no users group named: " + groupName); AssociateUserWith(user, group); }
/// <summary> /// Removes the user from the specified group /// </summary> /// <param name="user">The user.</param> /// <param name="usersGroupName">Name of the users group.</param> public void DetachUserFromGroup(IUser user, string usersGroupName) { UsersGroup group = GetUsersGroupByName(usersGroupName); Guard.Against(group == null, "There is no users group named: " + usersGroupName); group.Users.Remove(user); session.SessionFactory.EvictQueries("rhino-security-UsersGroup"); }
/// <summary> /// Creates a new users group. /// </summary> /// <param name="name">The name of the new group.</param> public virtual UsersGroup CreateUsersGroup(string name) { var ug = new UsersGroup { Name = name }; session.Save(ug); return(ug); }
public Permission[] GetPermissionsFor(UsersGroup usersGroup, bool eager = false) { var criteria = DetachedCriteria.For <Permission>() .Add(Expression.Eq("UsersGroup", usersGroup) || Subqueries.PropertyIn("UsersGroup.Id", SecurityCriterions.AllUsersGroupParents(usersGroup).SetProjection(Projections.Id()))); return(FindResults(criteria, eager)); }
/// <summary> /// Set the users group that this permission is built for /// </summary> /// <param name="usersGroupName">Name of the users group.</param> /// <returns></returns> public IOnPermissionBuilder For(string usersGroupName) { UsersGroup usersGroup = permissionBuilderService .authorizationRepository .GetUsersGroupByName(usersGroupName); Guard.Against <ArgumentException>(usersGroup == null, "There is not users group named: " + usersGroup); return(For(usersGroup)); }
///<summary> /// Renames an existing users group ///</summary> ///<param name="usersGroupName">The name of the usersgroup to rename</param> ///<param name="newName">The new name of the usersgroup</param> ///<returns>The renamed group</returns> public virtual UsersGroup RenameUsersGroup(string usersGroupName, string newName) { UsersGroup group = GetUsersGroupByName(usersGroupName); Guard.Against(group == null, "There is no users group named: " + usersGroupName); group.Name = newName; session.Save(group); return(group); }
//[Route("post")] public async Task <ActionResult <booleanJson> > JoinGroup([FromBody] UsersGroup ug) { bool joined = await _usersService.JoinGroup(ug); booleanJson boolJ = new booleanJson { flag = joined }; return(boolJ); }
public void CanGetUsersGroupByName() { UsersGroup group = authorizationRepository.CreateUsersGroup("Admininstrators"); session.Flush(); session.Evict(group); group = authorizationRepository.GetUsersGroupByName("Admininstrators"); Assert.NotNull(group); }
/// <summary> /// Gets the permissions for the specified user group /// </summary> /// <param name="usersGroup">The group.</param> /// <param name="operationName">The operation name.</param> /// <returns></returns> public Permission[] GetPermissionsFor(UsersGroup usersGroup, string operationName) { string[] operationNames = Strings.GetHierarchicalOperationNames(operationName); DetachedCriteria criteria = DetachedCriteria.For <Permission>() .Add(Restrictions.Eq("UsersGroup", usersGroup)) .CreateAlias("Operation", "op") .Add(Restrictions.In("op.Name", operationNames)); return(FindResults(criteria)); }
public static DetachedCriteria AllGroups(UsersGroup group) { DetachedCriteria criteria = DetachedCriteria.For <UsersGroup>() .CreateAlias("AllChildren", "child", JoinType.LeftOuterJoin) .Add( Expression.Eq("child.id", group.Id) || Expression.IdEq(group.Id)) .SetProjection(Projections.Id()); return(DetachedCriteria.For <UsersGroup>() .Add(Subqueries.PropertyIn("Id", criteria))); }
public async Task <IActionResult> Create([Bind("Id,UserId,GroupId")] UsersGroup usersGroup) { if (ModelState.IsValid) { _context.Add(usersGroup); await _context.SaveChangesAsync(); return(RedirectToAction(nameof(Index))); } ViewData["GroupId"] = new SelectList(_context.Groups, "Id", "Name", usersGroup.GroupId); ViewData["UserId"] = new SelectList(_context.Users, "Id", "Email", usersGroup.UserId); return(View(usersGroup)); }
public void CanCreateUsersGroup() { UsersGroup group = authorizationRepository.CreateUsersGroup("Admininstrators"); session.Flush(); session.Evict(group); UsersGroup groupFromDb = session.Get <UsersGroup>(group.Id); Assert.NotNull(groupFromDb); Assert.Equal(group.Name, groupFromDb.Name); }
public void WillReturnResultForUsersGroupIfAllowPermissionWasDefinedOnEverything() { UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators"); permissionsBuilderService .Allow("/Account/Edit") .For(usersgroup) .OnEverything() .DefaultLevel() .Save(); session.Flush(); authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria); Assert.NotEmpty(criteria.List()); }
public async Task <IActionResult> ConfirmDelete(UsersGroup model) { if (model.Id > 0) { var result = await _manager.DeleteUsersGroup(model.Id); if (result) { return(RedirectToAction("List")); } } //Display view with errors return(View()); }
public ActionResult AddUsers(Group group) { try { var usergroup = new UsersGroup { UserID = group.UserID, GroupID = group.GroupID }; db.UsersGroups.Add(usergroup); db.SaveChanges(); return RedirectToAction("AddUsers", new { id = group.GroupID }); } catch(Exception ex) { Group dto = db.Groups.Find(group.GroupID); this.ModelState.AddModelError(string.Empty, ex.Message); return View(dto); } }
public void CanGetPermissionsByUsersGroup() { UsersGroup group = authorizationRepository.GetUsersGroupByName("Administrators"); permissionsBuilderService .Allow("/Account/Edit") .For(group) .On(account) .DefaultLevel() .Save(); session.Flush(); Permission[] permissions = permissionService.GetPermissionsFor(group); Assert.Equal(1, permissions.Length); }
public void DeeplyNestedUsersGroup() { UsersGroup group = authorizationRepository.CreateUsersGroup("Root"); for (int j = 0; j < 50; j++) { group = authorizationRepository.CreateChildUserGroupOf(group.Name, "Child #" + j); } authorizationRepository.AssociateUserWith(user, "Child #49"); UsersGroup[] groups = authorizationRepository.GetAncestryAssociation(user, "Root"); Assert.Equal(51, groups.Length); }
public void WillReturnResultForUsersGroupOnAccountIfPermissionWasAllowedToUserOnTheGroupTheEntityIsAssociatedWith() { UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators"); permissionsBuilderService .Allow("/Account/Edit") .For(usersgroup) .On("Important Accounts") .DefaultLevel() .Save(); session.Flush(); authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria); Assert.NotEmpty(criteria.List()); }
public void WillReturnNothingForUsersGroupoOnAccountIfPermissionWasDeniedOnGroup() { UsersGroup usersgroup = authorizationRepository.GetUsersGroupByName("Administrators"); permissionsBuilderService .Deny("/Account/Edit") .For(usersgroup) .On(account) .DefaultLevel() .Save(); session.Flush(); authorizationService.AddPermissionsToQuery(usersgroup, "/Account/Edit", criteria); Assert.Empty(criteria.List()); }
/// <summary> /// Gets the ancestry association of a user with the named users group. /// This allows to track how a user is associated to a group through /// their ancestry. /// </summary> /// <param name="user">The user.</param> /// <param name="usersGroupName">Name of the users group.</param> /// <returns></returns> public virtual UsersGroup[] GetAncestryAssociation(IUser user, string usersGroupName) { UsersGroup desiredGroup = GetUsersGroupByName(usersGroupName); ICollection <UsersGroup> directGroups = SecurityCriterions.DirectUsersGroups((user)) .GetExecutableCriteria(session) .SetCacheable(true) .List <UsersGroup>(); if (directGroups.Contains(desiredGroup)) { return(new[] { desiredGroup }); } // as a nice benefit, this does an eager load of all the groups in the hierarchy // in an efficient way, so we don't have SELECT N + 1 here, nor do we need // to load the Users collection (which may be very large) to check if we are associated // directly or not UsersGroup[] associatedGroups = GetAssociatedUsersGroupFor(user); if (Array.IndexOf(associatedGroups, desiredGroup) == -1) { return(new UsersGroup[0]); } // now we need to find out the path to it List <UsersGroup> shortest = new List <UsersGroup>(); foreach (UsersGroup usersGroup in associatedGroups) { List <UsersGroup> path = new List <UsersGroup>(); UsersGroup current = usersGroup; while (current != null && current != desiredGroup) { path.Add(current); current = current.Parent; } if (current != null) { path.Add(current); } // Valid paths are those that are contains the desired group // and start in one of the groups that are directly associated // with the user if (path.Contains(desiredGroup) && directGroups.Contains(path[0])) { shortest = Min(shortest, path); } } return(shortest.ToArray()); }
protected override void SetUp() { base.SetUp(); var currentConversation = ServiceLocator.Current.GetInstance<IConversation>(); using (currentConversation.SetAsCurrent()) { _authZRepo = ServiceLocator.Current.GetInstance<AuthorizationRepositoryFactory>().Create(); _userRepository = ServiceLocator.Current.GetInstance<UserRepository>(); _permissionBuilderService = ServiceLocator.Current.GetInstance<PermissionsBuilderServiceFactory>().Create(); _seniorUser = _userRepository.Create(new User { Name = "Senior" }); _juniorUser = _userRepository.Create(new User { Name = "Junior" }); _seniorMgrs = _authZRepo.CreateUsersGroup("Senior Managers"); _juniorMgrs = _authZRepo.CreateUsersGroup("Junior Managers"); _op4Senior = _authZRepo.CreateOperation("/Operation/ForSenior"); currentConversation.Flush(); _op4Junior = _authZRepo.CreateOperation("/Operation/ForJunior"); _authZRepo.AssociateUserWith(_seniorUser, _seniorMgrs); _authZRepo.AssociateUserWith(_juniorUser, _juniorMgrs); _permissionBuilderService .Allow(_op4Junior) .For(_juniorMgrs) .OnEverything() .DefaultLevel() .Save(); _permissionBuilderService .Deny(_op4Senior) .For(_juniorMgrs) .OnEverything() .DefaultLevel() .Save(); _permissionBuilderService .Allow(_op4Senior) .For(_seniorMgrs) .OnEverything() .DefaultLevel() .Save(); currentConversation.Flush(); } _targetController = ServiceLocator.Current.GetInstance<PermissionController>(); }
/// <summary> /// Creates the users group as a child of <paramref name="parentGroupName"/>. /// </summary> /// <param name="parentGroupName">Name of the parent group.</param> /// <param name="usersGroupName">Name of the users group.</param> /// <returns></returns> public virtual UsersGroup CreateChildUserGroupOf(string parentGroupName, string usersGroupName) { UsersGroup parent = GetUsersGroupByName(parentGroupName); Guard.Against <ArgumentException>(parent == null, "Parent users group '" + parentGroupName + "' does not exists"); UsersGroup group = CreateUsersGroup(usersGroupName); group.Parent = parent; group.AllParents.AddAll(parent.AllParents); group.AllParents.Add(parent); parent.DirectChildren.Add(group); parent.AllChildren.Add(group); return(group); }
private ICriterion GetPermissionQueryInternal(UsersGroup usersgroup, string operation, string securityKeyProperty) { string[] operationNames = Strings.GetHierarchicalOperationNames(operation); DetachedCriteria criteria = DetachedCriteria.For<Permission>("permission") .CreateAlias("Operation", "op") .CreateAlias("EntitiesGroup", "entityGroup", JoinType.LeftOuterJoin) .CreateAlias("entityGroup.Entities", "entityKey", JoinType.LeftOuterJoin) .SetProjection(Projections.Property("Allow")) .Add(Expression.In("op.Name", operationNames)) .Add(Expression.Eq("UsersGroup", usersgroup)) .Add( Property.ForName(securityKeyProperty).EqProperty("permission.EntitySecurityKey") || Property.ForName(securityKeyProperty).EqProperty("entityKey.EntitySecurityKey") || ( Expression.IsNull("permission.EntitySecurityKey") && Expression.IsNull("permission.EntitiesGroup") ) ) .SetMaxResults(1) .AddOrder(Order.Desc("Level")) .AddOrder(Order.Asc("Allow")); return Subqueries.Eq(true, criteria); }
///<summary>Adds the permissions to the criteria query for the given usersgroup ///</summary> ///<param name="usersgroup">The usersgroup. Only permissions directly related to this usergroup /// are taken into account</param> ///<param name="operation">The operation</param> ///<param name="criteria">The criteria</param> public void AddPermissionsToQuery(UsersGroup usersgroup, string operation, DetachedCriteria criteria) { ICriterion allowed = GetPermissionQueryInternal(usersgroup, operation, GetSecurityKeyProperty(criteria)); criteria.Add(allowed); }
/// <summary> /// Associates the user with a group with the specified name /// </summary> /// <param name="user">The user.</param> /// <param name="group">The group.</param> public void AssociateUserWith(IUser user, UsersGroup group) { group.Users.Add(user); }
/// <summary> /// /// </summary> /// <param name="usersGroup"></param> /// <returns></returns> public virtual UsersGroup UpdateUsersGroup(UsersGroup usersGroup) { Guard.Against(usersGroup.EntityId <=0 , "This UsersGroup does not exist yet"); session.Save(usersGroup); return usersGroup; }
/// <summary> /// Set the users group that this permission is built for /// </summary> /// <param name="usersGroup">The users group.</param> /// <returns></returns> public IOnPermissionBuilder For(UsersGroup usersGroup) { permission.UsersGroup = usersGroup; return this; }