static void RevokeOperationRight(string operation, string path, string name) { AccessControlSettings settings = new AccessControlSettings(@namespace, managementKey); Uri uri = ServiceBusEnvironment.CreateServiceUri("http", @namespace, path); AccessControlList list = NamespaceAccessControl.GetAccessControlList(uri, settings); IdentityReference identityReference = IdentityReference.CreateServiceIdentityReference(name); if (operation.Equals("Send", StringComparison.OrdinalIgnoreCase)) { AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Send)); if (existing != null) { if (existing.Inherited) { Console.Error.WriteLine("Cannot revoke inherited rules."); return; } list.RemoveRule(existing); list.SaveChanges(); } else { Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name); } } else if (operation.Equals("Listen", StringComparison.OrdinalIgnoreCase)) { AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Listen)); if (existing != null) { list.RemoveRule(existing); list.SaveChanges(); } else { Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name); } } else if (operation.Equals("Manage", StringComparison.OrdinalIgnoreCase)) { AccessControlRule existing = list.FirstOrDefault((r) => r.Condition.Equals(identityReference) && r.Right.Equals(ServiceBusRight.Manage)); if (existing != null) { list.RemoveRule(existing); list.SaveChanges(); } else { Console.Error.WriteLine("The right '{0}' on '{1}' has not been granted to identity '{2}'", operation, path, name); } } else { Console.Error.WriteLine("Unknown operation '{0}'", operation); } }
public void Post([FromBody] AccessControlPolicyInsertCommand command) { bool IsResourceRequired = false; if (command.Target.Contains("\"Resource.")) { IsResourceRequired = true; } var accessControlRules = new List <AccessControlRule>(); foreach (var rule in command.Rules) { var condition = _conditionalExpressionService.Parse(rule.Condition); var accessControlRule = new AccessControlRule() { Id = rule.RuleID, Effect = rule.Effect, Condition = condition }; accessControlRules.Add(accessControlRule); if (!IsResourceRequired) { IsResourceRequired = rule.Condition.Contains("\"Resource."); } } var target = _conditionalExpressionService.Parse(command.Target); var accessControlModel = new AccessControlPolicy() { PolicyId = command.PolicyID, CollectionName = command.CollectionName, Action = command.Action, Description = command.Description, RuleCombining = command.RuleCombining, Target = target, Rules = accessControlRules, IsAttributeResourceRequired = IsResourceRequired }; _accessControlPolicyRepository.Add(accessControlModel); }
public static void Run() { try { // ExStart:ManageAccessRule GoogleTestUser User2 = new GoogleTestUser("user", "email address", "password", "clientId", "client secret"); string accessToken; string refreshToken; GoogleOAuthHelper.GetAccessToken(User2, out accessToken, out refreshToken); using (IGmailClient client = GmailClient.GetInstance(accessToken, User2.EMail)) { // Retrieve list of calendars for the current client ExtendedCalendar[] calendarList = client.ListCalendars(); // Get first calendar id and retrieve list of AccessControlRule for the first calendar string calendarId = calendarList[0].Id; AccessControlRule[] roles1 = client.ListAccessRules(calendarId); // Create a local access control rule and Set rule properties AccessControlRule rule = new AccessControlRule(); rule.Role = AccessRole.reader; rule.Scope = new AclScope(AclScopeType.user, User2.EMail); // Insert new rule for the calendar. It returns the newly created rule AccessControlRule createdRule = client.CreateAccessRule(calendarId, rule); // Confirm if local created rule and returned rule are equal if ((rule.Role == createdRule.Role) && (rule.Scope.Type == createdRule.Scope.Type) && (rule.Scope.Value.ToLower() == createdRule.Scope.Value.ToLower())) { Console.WriteLine("local rule and returned rule after creation are equal"); } else { Console.WriteLine("Rule could not be created successfully"); return; } // Get list of rules AccessControlRule[] roles2 = client.ListAccessRules(calendarId); // Current list length should be 1 more than the earlier one if (roles1.Length + 1 == roles2.Length) { Console.WriteLine("List lengths are ok"); } else { Console.WriteLine("List lengths are not ok"); return; } // Change rule and Update the rule for the selected calendar createdRule.Role = AccessRole.writer; AccessControlRule updatedRule = client.UpdateAccessRule(calendarId, createdRule); // Check if returned access control rule after update is ok if ((createdRule.Role == updatedRule.Role) && (createdRule.Id == updatedRule.Id)) { Console.WriteLine("Rule is updated successfully"); } else { Console.WriteLine("Rule is not updated"); return; } // Retrieve individaul rule against a calendar AccessControlRule fetchedRule = client.FetchAccessRule(calendarId, createdRule.Id); //Check if rule parameters are ok if ((updatedRule.Id == fetchedRule.Id) && (updatedRule.Role == fetchedRule.Role) && (updatedRule.Scope.Type == fetchedRule.Scope.Type) && (updatedRule.Scope.Value.ToLower() == fetchedRule.Scope.Value.ToLower())) { Console.WriteLine("Rule parameters are ok"); } else { Console.WriteLine("Rule parameters are not ok"); } // Delete particular rule against a given calendar and Retrieve the all rules list for the same calendar client.DeleteAccessRule(calendarId, createdRule.Id); AccessControlRule[] roles3 = client.ListAccessRules(calendarId); // Check that current rules list length should be equal to the original list length before adding and deleting the rule if (roles1.Length == roles3.Length) { Console.WriteLine("List lengths are same"); } else { Console.WriteLine("List lengths are not equal"); return; } } // ExEnd:ManageAccessRule } catch (Exception ex) { Console.WriteLine(ex.Message); } }