protected override async Task <PermissionResult> CanUpdateAsync(Organization original, Delta <NewOrganization> changes)
    {
        var changed = changes.GetEntity();

        if (!await IsOrganizationNameAvailableInternalAsync(changed.Name))
        {
            return(PermissionResult.DenyWithMessage("A organization with this name already exists."));
        }

        return(await base.CanUpdateAsync(original, changes));
    }
        protected override async Task <PermissionResult> CanDeleteAsync(Token value)
        {
            if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && !String.IsNullOrEmpty(value.UserId) && value.UserId != CurrentUser.Id)
            {
                return(PermissionResult.DenyWithMessage("Can only delete tokens created by you."));
            }

            if (!String.IsNullOrEmpty(value.ProjectId) && !await IsInProjectAsync(value.ProjectId))
            {
                return(PermissionResult.DenyWithNotFound(value.Id));
            }

            return(await base.CanDeleteAsync(value));
        }
    protected virtual async Task <PermissionResult> CanUpdateAsync(TModel original, Delta <TUpdateModel> changes)
    {
        if (original is IOwnedByOrganization orgModel && !CanAccessOrganization(orgModel.OrganizationId))
        {
            return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
        }

        if (changes.GetChangedPropertyNames().Contains("OrganizationId"))
        {
            return(PermissionResult.DenyWithMessage("OrganizationId cannot be modified."));
        }

        return(PermissionResult.Allow);
    }
    protected virtual async Task <PermissionResult> CanAddAsync(TModel value)
    {
        if (_isOrganization || !(value is IOwnedByOrganization orgModel))
        {
            return(PermissionResult.Allow);
        }

        if (!CanAccessOrganization(orgModel.OrganizationId))
        {
            return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
        }

        return(PermissionResult.Allow);
    }
    protected override async Task <PermissionResult> CanDeleteAsync(User value)
    {
        if (value.OrganizationIds.Count > 0)
        {
            return(PermissionResult.DenyWithMessage("Please delete or leave any organizations before deleting your account."));
        }

        if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && value.Id != CurrentUser.Id)
        {
            return(PermissionResult.Deny);
        }

        return(await base.CanDeleteAsync(value));
    }
    protected override async Task <PermissionResult> CanDeleteAsync(Organization value)
    {
        if (!String.IsNullOrEmpty(value.StripeCustomerId) && !User.IsInRole(AuthorizationRoles.GlobalAdmin))
        {
            return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it has a subscription.", value.Id));
        }

        var projects = (await _projectRepository.GetByOrganizationIdAsync(value.Id)).Documents.ToList();

        if (!User.IsInRole(AuthorizationRoles.GlobalAdmin) && projects.Any())
        {
            return(PermissionResult.DenyWithMessage("An organization cannot be deleted if it contains any projects.", value.Id));
        }

        return(await base.CanDeleteAsync(value));
    }
Exemple #7
0
    protected override async Task <PermissionResult> CanAddAsync(Project value)
    {
        if (String.IsNullOrEmpty(value.Name))
        {
            return(PermissionResult.DenyWithMessage("Project name is required."));
        }

        if (!await IsProjectNameAvailableInternalAsync(value.OrganizationId, value.Name))
        {
            return(PermissionResult.DenyWithMessage("A project with this name already exists."));
        }

        if (!await _billingManager.CanAddProjectAsync(value))
        {
            return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add additional projects."));
        }

        return(await base.CanAddAsync(value));
    }
    protected override async Task <PermissionResult> CanAddAsync(Organization value)
    {
        if (String.IsNullOrEmpty(value.Name))
        {
            return(PermissionResult.DenyWithMessage("Organization name is required."));
        }

        if (!await IsOrganizationNameAvailableInternalAsync(value.Name))
        {
            return(PermissionResult.DenyWithMessage("A organization with this name already exists."));
        }

        if (!await _billingManager.CanAddOrganizationAsync(CurrentUser))
        {
            return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add an additional organization."));
        }

        return(await base.CanAddAsync(value));
    }
        protected override async Task <PermissionResult> CanAddAsync(WebHook value)
        {
            if (String.IsNullOrEmpty(value.Url) || value.EventTypes.Length == 0)
            {
                return(PermissionResult.Deny);
            }

            if (String.IsNullOrEmpty(value.ProjectId) && String.IsNullOrEmpty(value.OrganizationId))
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.OrganizationId) && !IsInOrganization(value.OrganizationId))
            {
                return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
            }

            Project project = null;

            if (!String.IsNullOrEmpty(value.ProjectId))
            {
                project = await GetProjectAsync(value.ProjectId);

                if (project == null)
                {
                    return(PermissionResult.DenyWithMessage("Invalid project id specified."));
                }

                value.OrganizationId = project.OrganizationId;
            }

            if (!await _billingManager.HasPremiumFeaturesAsync(project != null ? project.OrganizationId : value.OrganizationId))
            {
                return(PermissionResult.DenyWithPlanLimitReached("Please upgrade your plan to add integrations."));
            }

            return(PermissionResult.Allow);
        }
        protected override async Task <PermissionResult> CanAddAsync(Token value)
        {
            // We only allow users to create organization scoped tokens.
            if (String.IsNullOrEmpty(value.OrganizationId))
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId))
            {
                return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project."));
            }

            foreach (string scope in value.Scopes.ToList())
            {
                if (scope != scope.ToLowerInvariant())
                {
                    value.Scopes.Remove(scope);
                    value.Scopes.Add(scope.ToLowerInvariant());
                }

                if (!AuthorizationRoles.AllScopes.Contains(scope.ToLowerInvariant()))
                {
                    return(PermissionResult.DenyWithMessage("Invalid token scope requested."));
                }
            }

            if (value.Scopes.Count == 0)
            {
                value.Scopes.Add(AuthorizationRoles.Client);
            }

            if (value.Scopes.Contains(AuthorizationRoles.Client) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.User) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !User.IsInRole(AuthorizationRoles.GlobalAdmin))
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId))
            {
                var project = await GetProjectAsync(value.ProjectId);

                if (project == null)
                {
                    return(PermissionResult.Deny);
                }

                value.OrganizationId   = project.OrganizationId;
                value.DefaultProjectId = null;
            }

            if (!String.IsNullOrEmpty(value.DefaultProjectId))
            {
                var project = await GetProjectAsync(value.DefaultProjectId);

                if (project == null)
                {
                    return(PermissionResult.Deny);
                }
            }

            if (!String.IsNullOrEmpty(value.ApplicationId))
            {
                var application = await _applicationRepository.GetByIdAsync(value.ApplicationId, true);

                if (application == null || !IsInOrganization(application.OrganizationId))
                {
                    return(PermissionResult.Deny);
                }
            }

            return(await base.CanAddAsync(value));
        }
        protected override async Task <PermissionResult> CanAddAsync(Token value)
        {
            // We only allow users to create organization scoped tokens.
            if (String.IsNullOrEmpty(value.OrganizationId))
            {
                return(PermissionResult.Deny);
            }

            bool hasUserRole        = User.IsInRole(AuthorizationRoles.User);
            bool hasGlobalAdminRole = User.IsInRole(AuthorizationRoles.GlobalAdmin);

            if (!hasGlobalAdminRole && !String.IsNullOrEmpty(value.UserId) && value.UserId != CurrentUser.Id)
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId))
            {
                return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project."));
            }

            foreach (string scope in value.Scopes.ToList())
            {
                string lowerCaseScoped = scope.ToLowerInvariant();
                if (!String.Equals(scope, lowerCaseScoped))
                {
                    value.Scopes.Remove(scope);
                    value.Scopes.Add(lowerCaseScoped);
                }

                if (!AuthorizationRoles.AllScopes.Contains(lowerCaseScoped))
                {
                    return(PermissionResult.DenyWithMessage("Invalid token scope requested."));
                }
            }

            if (value.Scopes.Count == 0)
            {
                value.Scopes.Add(AuthorizationRoles.Client);
            }

            if (value.Scopes.Contains(AuthorizationRoles.Client) && !hasUserRole)
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.User) && !hasUserRole)
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !hasGlobalAdminRole)
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId))
            {
                var project = await GetProjectAsync(value.ProjectId);

                if (project == null)
                {
                    return(PermissionResult.Deny);
                }

                value.OrganizationId   = project.OrganizationId;
                value.DefaultProjectId = null;
            }

            if (!String.IsNullOrEmpty(value.DefaultProjectId))
            {
                var project = await GetProjectAsync(value.DefaultProjectId);

                if (project == null)
                {
                    return(PermissionResult.Deny);
                }
            }

            return(await base.CanAddAsync(value));
        }
Exemple #12
0
        protected override PermissionResult CanAdd(Token value)
        {
            if (String.IsNullOrEmpty(value.OrganizationId))
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId) && !String.IsNullOrEmpty(value.UserId))
            {
                return(PermissionResult.DenyWithMessage("Token can't be associated to both user and project."));
            }

            foreach (string scope in value.Scopes.ToList())
            {
                if (scope != scope.ToLower())
                {
                    value.Scopes.Remove(scope);
                    value.Scopes.Add(scope.ToLower());
                }

                if (!AuthorizationRoles.AllScopes.Contains(scope.ToLower()))
                {
                    return(PermissionResult.DenyWithMessage("Invalid token scope requested."));
                }
            }

            if (value.Scopes.Count == 0)
            {
                value.Scopes.Add(AuthorizationRoles.Client);
            }

            if (value.Scopes.Contains(AuthorizationRoles.Client) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.User) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !User.IsInRole(AuthorizationRoles.GlobalAdmin))
            {
                return(PermissionResult.Deny);
            }

            if (!String.IsNullOrEmpty(value.ProjectId))
            {
                Project project = _projectRepository.GetById(value.ProjectId, true);
                value.OrganizationId = project.OrganizationId;

                if (!IsInProject(project))
                {
                    return(PermissionResult.Deny);
                }
            }

            if (!String.IsNullOrEmpty(value.ApplicationId))
            {
                var application = _applicationRepository.GetById(value.ApplicationId, true);
                if (application == null || !IsInOrganization(application.OrganizationId))
                {
                    return(PermissionResult.Deny);
                }
            }

            return(base.CanAdd(value));
        }