private void AddRules <TAccessRule>(
IEntityAccessRestrictable <TAccessRule> entity,
IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules,
Dictionary <int, Role> roles,
Dictionary <string, IUserAreaDefinition> userAreas,
IExecutionContext executionContext
)
where TAccessRule : IEntityAccessRule, new()
{
foreach (var addRuleCommand in accessRules.Where(r => !r.GetId().HasValue))
{
var dbRule = new TAccessRule();
var userAreaDefinition = userAreas.GetOrDefault(addRuleCommand.UserAreaCode);
EntityNotFoundException.ThrowIfNull(userAreaDefinition, addRuleCommand.RoleId);
dbRule.UserAreaCode = userAreaDefinition.UserAreaCode;
if (addRuleCommand.RoleId.HasValue)
{
var role = roles.GetOrDefault(addRuleCommand.RoleId.Value);
EntityNotFoundException.ThrowIfNull(role, addRuleCommand.RoleId);
ValidateRoleIsInUserArea(userAreaDefinition, role);
dbRule.Role = role;
}
_entityAuditHelper.SetCreated(dbRule, executionContext);
entity.AccessRules.Add(dbRule);
}
}
private void UpdateRules <TAccessRule>(
IEntityAccessRestrictable <TAccessRule> entity,
IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules,
Dictionary <int, Role> roles,
Dictionary <string, IUserAreaDefinition> userAreas)
where TAccessRule : IEntityAccessRule
{
foreach (var updateRuleCommand in accessRules.Where(r => r.GetId().HasValue))
{
var id = updateRuleCommand.GetId();
var dbRule = entity
.AccessRules
.FilterById(id.Value)
.SingleOrDefault();
EntityNotFoundException.ThrowIfNull(dbRule, id);
var userAreaDefinition = userAreas.GetOrDefault(updateRuleCommand.UserAreaCode);
EntityNotFoundException.ThrowIfNull(userAreaDefinition, updateRuleCommand.RoleId);
dbRule.UserAreaCode = userAreaDefinition.UserAreaCode;
if (updateRuleCommand.RoleId.HasValue)
{
var role = roles.GetOrDefault(updateRuleCommand.RoleId.Value);
EntityNotFoundException.ThrowIfNull(role, updateRuleCommand.RoleId);
ValidateRoleIsInUserArea(userAreaDefinition, role);
dbRule.Role = role;
}
else
{
dbRule.Role = null;
}
}
}
private static void DeleteRules <TAccessRule>(IEntityAccessRestrictable <TAccessRule> entity, IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules)
where TAccessRule : IEntityAccessRule
{
var rulesToDelete = entity
.AccessRules
.Where(r => !accessRules.Any(x => x.GetId() == r.GetId()))
.ToList();
foreach (var rule in rulesToDelete)
{
entity.AccessRules.Remove(rule);
}
}
private AccessRuleViolationAction ParseViolationAction <TAccessRule>(IEntityAccessRestrictable <TAccessRule> dbEntity) where TAccessRule : IEntityAccessRule
{
var violationAction = EnumParser.ParseOrNull <AccessRuleViolationAction>(dbEntity.AccessRuleViolationActionId);
if (violationAction == null)
{
_logger.LogWarning(
"AccessRuleViolationAction of value {AccessRuleViolationAction} could not be parsed on rule type {TAccessRule}.",
dbEntity.AccessRuleViolationActionId,
typeof(TAccessRule).Name
);
}
return(violationAction ?? AccessRuleViolationAction.Error);
}
public EntityAccessRuleSet Map <TAccessRule>(IEntityAccessRestrictable <TAccessRule> entity)
where TAccessRule : IEntityAccessRule
{
if (entity == null)
{
throw new ArgumentNullException(nameof(entity));
}
MissingIncludeException.ThrowIfNull(entity, e => e.AccessRules);
if (!entity.AccessRules.Any())
{
// no rules, so return null rather than an empty ruleset
return(null);
}
var violationAction = EnumParser.ParseOrNull <AccessRuleViolationAction>(entity.AccessRuleViolationActionId);
if (violationAction == null)
{
_logger.LogWarning(
"AccessRuleViolationAction of value {AccessRuleViolationAction} could not be parsed on rule type {TAccessRule}.",
entity.AccessRuleViolationActionId,
typeof(TAccessRule).Name
);
}
var result = new EntityAccessRuleSet()
{
ViolationAction = violationAction ?? AccessRuleViolationAction.Error
};
if (!string.IsNullOrWhiteSpace(entity.UserAreaCodeForSignInRedirect))
{
var userArea = _userAreaDefinitionRepository.GetRequiredByCode(entity.UserAreaCodeForSignInRedirect);
result.UserAreaCodeForSignInRedirect = userArea.UserAreaCode;
}
result.AccessRules = entity
.AccessRules
.OrderByDefault()
.Select(r => MapAccessRule(r))
.ToArray();
return(result);
}
public async Task UpdateAsync <TAccessRule, TAddOrUpdateAccessRuleCommand>(
IEntityAccessRestrictable <TAccessRule> entity,
UpdateAccessRuleSetCommandBase <TAddOrUpdateAccessRuleCommand> command,
IExecutionContext executionContext
)
where TAccessRule : IEntityAccessRule, new()
where TAddOrUpdateAccessRuleCommand : AddOrUpdateAccessRuleCommandBase
{
var accessRules = EnumerableHelper.Enumerate(command.AccessRules);
var roles = await GetRolesAsync(accessRules);
var userAreas = await GetUserAreasAsync(accessRules, executionContext);
DeleteRules(entity, accessRules);
UpdateRules(entity, accessRules, roles, userAreas);
AddRules(entity, accessRules, roles, userAreas, executionContext);
UpdateEntity(entity, command, userAreas);
}
private async Task MapAccessRules <TAccessRule, TEntityAccessRuleSummary>(
IEntityAccessRestrictable <TAccessRule> dbEntity,
IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result,
IExecutionContext executionContext,
Action <TAccessRule, TEntityAccessRuleSummary> ruleMapper
)
where TAccessRule : IEntityAccessRule
where TEntityAccessRuleSummary : IEntityAccessRuleSummary, new()
{
var userAreas = await _queryExecutor.ExecuteAsync(new GetAllUserAreaMicroSummariesQuery(), executionContext);
var roleIds = dbEntity
.AccessRules
.Where(r => r.RoleId.HasValue)
.Select(r => r.RoleId.Value)
.ToArray();
IDictionary <int, RoleMicroSummary> roles = null;
if (roleIds.Any())
{
roles = await _queryExecutor.ExecuteAsync(new GetRoleMicroSummariesByIdRangeQuery(roleIds), executionContext);
}
foreach (var dbRule in dbEntity
.AccessRules
.OrderByDefault())
{
var rule = new TEntityAccessRuleSummary();
ruleMapper(dbRule, rule);
rule.UserArea = userAreas.SingleOrDefault(a => a.UserAreaCode == dbRule.UserAreaCode);
EntityNotFoundException.ThrowIfNull(rule.UserArea, dbRule.UserAreaCode);
if (dbRule.RoleId.HasValue)
{
rule.Role = roles.GetOrDefault(dbRule.RoleId.Value);
EntityNotFoundException.ThrowIfNull(rule.Role, dbRule.RoleId.Value);
}
result.AccessRules.Add(rule);
}
}
public async Task MapAsync <TAccessRule, TEntityAccessRuleSummary>(
IEntityAccessRestrictable <TAccessRule> dbEntity,
IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result,
IExecutionContext executionContext,
Action <TAccessRule, TEntityAccessRuleSummary> ruleMapper
)
where TAccessRule : IEntityAccessRule
where TEntityAccessRuleSummary : IEntityAccessRuleSummary, new()
{
if (dbEntity == null)
{
throw new ArgumentNullException(nameof(dbEntity));
}
if (result == null)
{
throw new ArgumentNullException(nameof(result));
}
if (executionContext == null)
{
throw new ArgumentNullException(nameof(executionContext));
}
if (ruleMapper == null)
{
throw new ArgumentNullException(nameof(ruleMapper));
}
result.ViolationAction = ParseViolationAction(dbEntity);
if (result.AccessRules == null)
{
result.AccessRules = new List <TEntityAccessRuleSummary>();
}
if (!dbEntity.AccessRules.Any())
{
return;
}
await MapAccessRules(dbEntity, result, executionContext, ruleMapper);
MapUserAreaForSignInRedirect(dbEntity, result);
}
private static void UpdateEntity <TAccessRule, TAddOrUpdateAccessRuleCommand>(
IEntityAccessRestrictable <TAccessRule> entity,
UpdateAccessRuleSetCommandBase <TAddOrUpdateAccessRuleCommand> command,
Dictionary <string, IUserAreaDefinition> userAreas
)
where TAccessRule : IEntityAccessRule
where TAddOrUpdateAccessRuleCommand : AddOrUpdateAccessRuleCommandBase
{
entity.AccessRuleViolationActionId = (int)command.ViolationAction;
if (string.IsNullOrEmpty(command.UserAreaCodeForSignInRedirect))
{
entity.UserAreaCodeForSignInRedirect = null;
}
else
{
var userArea = userAreas.GetOrDefault(command.UserAreaCodeForSignInRedirect);
EntityNotFoundException.ThrowIfNull(userArea, command.UserAreaCodeForSignInRedirect);
entity.UserAreaCodeForSignInRedirect = userArea.UserAreaCode;
}
}
private void MapUserAreaForSignInRedirect <TAccessRule, TEntityAccessRuleSummary>(
IEntityAccessRestrictable <TAccessRule> dbEntity,
IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result
)
where TAccessRule : IEntityAccessRule
where TEntityAccessRuleSummary : IEntityAccessRuleSummary
{
if (dbEntity.UserAreaCodeForSignInRedirect != null)
{
result.UserAreaForSignInRedirect = result
.AccessRules
.Select(r => r.UserArea)
.Where(a => a.UserAreaCode == dbEntity.UserAreaCodeForSignInRedirect)
.FirstOrDefault();
if (result.UserAreaForSignInRedirect == null)
{
_logger.LogWarning(
"UserAreaCodeForSignInRedirect of value '{UserAreaCodeForSignInRedirect}' is expected to exist in the AccessRules collection, but could not be found.",
dbEntity.UserAreaCodeForSignInRedirect
);
}
}
}
