public IEnumerable<Dashboard> Dashboards() {
if (_dashboards != null && _dashboardLoaded.Add(_cacheLife) < DateTime.UtcNow) {
return _dashboards;
}
var connection = new DocumentDbConnectionString(_connectionString);
using (var client = new DocumentClient(connection.AccountEndpoint, connection.AccountKey)) {
var database = client.ReadDatabaseFeedAsync().Result;
var dashboardCollection =
client.ReadDocumentCollectionFeedAsync(
database.Single(x => x.Id == connection.DatabaseName).CollectionsLink).Result;
var dashboards =
client.ReadDocumentFeedAsync(dashboardCollection.Single(x => x.Id == "dashboards").DocumentsLink)
.Result;
_dashboards = dashboards.Select(x => new Dashboard {
Title = x.GetPropertyValue<string>("Title"),
Slug = x.GetPropertyValue<string>("Slug"),
Sections = x.GetPropertyValue<IEnumerable<DashboardSection>>("Sections")
}).OrderBy(x => x.Title);
_dashboardLoaded = DateTime.UtcNow;
return _dashboards;
}
}
private static async Task AttemptAdminOperationsAsync(string collectionLink, Permission permission)
{
using (DocumentClient client = new DocumentClient(new Uri(endpointUrl), permission.Token))
{
//try read collection > should succeed because user1 was granted Read permission on col1
var docs = await client.ReadDocumentFeedAsync(collectionLink);
foreach (Document doc in docs)
{
Console.WriteLine(doc);
}
//try iterate databases > should fail because the user has no Admin rights
//but only read access to a single collection and therefore
//cannot access anything outside of that collection.
try
{
var databases = await client.ReadDatabaseFeedAsync();
foreach (Database database in databases) { throw new ApplicationException("Should never get here"); }
}
catch (DocumentClientException de)
{
//expecting an Unauthorised exception, anything else, rethrow
if (de.StatusCode != HttpStatusCode.Unauthorized) throw;
}
}
}
private static async Task AttemptReadFromTwoCollections(List<string> collectionLinks, List<Permission> permissions)
{
//Now, we're going to use multiple permission tokens.
//In this case, a read Permission on col1 AND another read Permission for col2
//This means the user should be able to read from both col1 and col2, but not have
//the ability to read other collections should they exist, nor any admin access.
//the user will also not have permission to write in either collection
using (DocumentClient client = new DocumentClient(new Uri(endpointUrl), permissions))
{
FeedResponse<dynamic> response;
//read collection 1 > should succeed
response = await client.ReadDocumentFeedAsync(collectionLinks[0]);
//read from collection 2 > should succeed
response = await client.ReadDocumentFeedAsync(collectionLinks[1]);
//attempt to write a doc in col 2 > should fail with Forbidden
try
{
await client.CreateDocumentAsync(collectionLinks[1], new { id = "not allowed" });
//should never get here, because we expect the create to fail
throw new ApplicationException("should never get here");
}
catch (DocumentClientException de)
{
//expecting an Forbidden exception, anything else, rethrow
if (de.StatusCode != HttpStatusCode.Forbidden) throw;
}
}
return;
}