public async Task <OpenApiResult> GetClaimPermissionResourceAccessRulesAsync(
IOpenApiContext context,
string claimPermissionsId)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
if (claimPermissionsId is null)
{
throw new ArgumentNullException(nameof(claimPermissionsId));
}
ITenant tenant = await this.marainServicesTenancy.GetRequestingTenantAsync(context.CurrentTenantId).ConfigureAwait(false);
IClaimPermissionsStore store = await this.permissionsStoreFactory.GetClaimPermissionsStoreAsync(tenant).ConfigureAwait(false);
try
{
ClaimPermissions claimPermissions = await store.GetAsync(claimPermissionsId).ConfigureAwait(false);
return(this.OkResult(claimPermissions.AllResourceAccessRules, "application/json"));
}
catch (ClaimPermissionsNotFoundException)
{
return(this.NotFoundResult());
}
}
public async Task <OpenApiResult> CreateClaimPermissionsAsync(
IOpenApiContext context,
ClaimPermissions body)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
if (body is null)
{
throw new ArgumentNullException(nameof(body));
}
ITenant tenant = await this.marainServicesTenancy.GetRequestingTenantAsync(context.CurrentTenantId).ConfigureAwait(false);
(bool allRulesExist, OpenApiResult failureResult) = await this.CheckRuleSetsExist(tenant, body.ResourceAccessRuleSets);
if (!allRulesExist)
{
return(failureResult);
}
IClaimPermissionsStore claimPermissionsStore = await this.permissionsStoreFactory.GetClaimPermissionsStoreAsync(tenant).ConfigureAwait(false);
try
{
ClaimPermissions result = await claimPermissionsStore.CreateAsync(body).ConfigureAwait(false);
return(this.OkResult(result, "application/json"));
}
catch (InvalidOperationException)
{
var response = new JObject
{
["status"] = 400,
["detail"] = "A ClaimPermissions with this ID has already been created",
};
return(new OpenApiResult
{
StatusCode = 400,
Results = { { "application/json", response } },
});
}
}
public async Task <OpenApiResult> UpdateClaimPermissionsResourceAccessRulesAsync(
IOpenApiContext context,
string claimPermissionsId,
UpdateOperation operation,
IEnumerable <ResourceAccessRule> body)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
if (claimPermissionsId is null)
{
throw new ArgumentNullException(nameof(claimPermissionsId));
}
if (body is null)
{
throw new ArgumentNullException(nameof(body));
}
ITenant tenant = await this.marainServicesTenancy.GetRequestingTenantAsync(context.CurrentTenantId).ConfigureAwait(false);
IClaimPermissionsStore store = await this.permissionsStoreFactory.GetClaimPermissionsStoreAsync(tenant).ConfigureAwait(false);
ClaimPermissions claimPermissions;
try
{
claimPermissions = await store.GetAsync(claimPermissionsId).ConfigureAwait(false);
}
catch (ClaimPermissionsNotFoundException)
{
return(this.NotFoundResult());
}
var inputRules = body.ToList();
if (inputRules.Distinct().Count() != inputRules.Count)
{
var response = new JObject
{
["status"] = 400,
["detail"] = "Request contains duplicate rules",
};
return(new OpenApiResult
{
StatusCode = 400,
Results = { { "application/json", response } },
});
}
var existingRules = new HashSet <ResourceAccessRule>(claimPermissions.ResourceAccessRules);
var incomingRulesMatchingExistingRules = inputRules.Where(inputRule => existingRules.Contains(inputRule)).ToList();
switch (operation)
{
case UpdateOperation.Add:
if (incomingRulesMatchingExistingRules.Count != 0)
{
string existingRulesText = string.Join(
", ",
incomingRulesMatchingExistingRules.Select(FormatRuleForError));
var response = new JObject
{
["status"] = 400,
["detail"] = $"Request contains rules that are already present: {existingRulesText}",
};
return(new OpenApiResult
{
StatusCode = 400,
Results = { { "application/json", response } },
});
}
claimPermissions.ResourceAccessRules.AddRange(body);
break;
case UpdateOperation.Remove:
if (incomingRulesMatchingExistingRules.Count != inputRules.Count)
{
string wrongRulesText = string.Join(
", ",
inputRules.Where(r => !existingRules.Contains(r)).Select(FormatRuleForError));
var response = new JObject
{
["status"] = 400,
["detail"] = $"Request contains rules that are not present: {wrongRulesText}",
};
return(new OpenApiResult
{
StatusCode = 400,
Results = { { "application/json", response } },
});
}
body.ForEach(rc => claimPermissions.ResourceAccessRules.RemoveAll(r => r == rc));
break;
}
await store.UpdateAsync(claimPermissions).ConfigureAwait(false);
return(this.CreatedResult());
