public async Task <IActionResult> ReadRoleAsync(string roleId_)
{
if (string.IsNullOrWhiteSpace(roleId_) || string.IsNullOrEmpty(roleId_))
{
return(StatusCode((int)HttpStatusCode.BadRequest, Json("No role id given")));
}
var role = await _roleManager.FindByIdAsync(roleId_);
if (role == null)
{
return(StatusCode((int)HttpStatusCode.BadRequest, Json("No such role for edition")));
}
ReadGrants.GetExtensions(roleId_, Storage, out var availableExtensions, out var selectedExtensions);
ReadRoleViewModel result = new ReadRoleViewModel
{
Role = role,
SelectedExtensions = selectedExtensions,
AvailableExtensions = availableExtensions
};
return(StatusCode((int)HttpStatusCode.OK, Json(result)));
}
public async Task <IActionResult> UpdateRolePermissionAsync([FromBody] UpdateRolePermissionViewModel model_)
{
string roleId = (await _roleManager.FindByNameAsync(model_.RoleName)).Id;
Enum.TryParse(model_.PermissionValue, true, out Permission permissionEnumValue);
if (model_.Extension == Constants.SoftinuxBaseSecurity && permissionEnumValue != Permission.Admin)
{
if (await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(_roleManager, Storage, model_.RoleName, model_.Extension))
{
return(StatusCode((int)HttpStatusCode.BadRequest, "Permission not updated, the role is the last Admin grant to SoftinuxBase.Security extension"));
}
}
IRolePermissionRepository repo = Storage.GetRepository <IRolePermissionRepository>();
repo.Delete(roleId, model_.Extension);
var permissionEntity = Storage.GetRepository <IPermissionRepository>().Find(permissionEnumValue);
repo.Create(new RolePermission {
RoleId = roleId, PermissionId = permissionEntity.Id, Extension = model_.Extension
});
await Storage.SaveAsync();
return(StatusCode((int)HttpStatusCode.OK));
}
public Task <IViewComponentResult> InvokeAsync()
{
// Create a dictionary with all roles for injecting as json into grant permission page
Dictionary <string, IdentityRole <string> > rolesList = new Dictionary <string, IdentityRole <string> >();
// Create a dictionary with role id and name, since we will use role name in GrantViewModel
// and we have role id in RolePermission table.
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
foreach (var role in _roleManager.Roles)
{
roleNameByRoleId.Add(role.Id, role.Name);
rolesList.Add(role.Id, role);
}
ViewBag.RolesList = rolesList;
GrantViewModel model = ReadGrants.ReadAll(_roleManager, Storage, roleNameByRoleId);
return(Task.FromResult <IViewComponentResult>(View("_List_Roles_Extensions", model)));
}
public IActionResult Index()
{
// Create a dictionary with all roles for injecting as json into grant permission page
Dictionary <string, IdentityRole <string> > rolesList = new Dictionary <string, IdentityRole <string> >();
// Create a dictionary with role id and name, since we will use role name in GrantViewModel
// and we have role id in RolePermission table.
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
foreach (var role in _roleManager.Roles)
{
roleNameByRoleId.Add(role.Id, role.Name);
rolesList.Add(role.Id, role);
}
ViewBag.RolesList = rolesList;
var model = ReadGrants.ReadAll(_roleManager, Storage, roleNameByRoleId);
return(View(model));
}
public async Task ReadAllAsync()
{
var repo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
var permRepo = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
try
{
// Arrange
// 1. Create base roles
await CreateBaseRolesIfNeededAsync();
// 2. Create "Special User" role
await CreateRoleIfNotExistingAsync("Special User");
// 3. Read roles to get their IDs
var adminRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Administrator.GetRoleName());
var userRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.User.GetRoleName());
var anonymousRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Anonymous.GetRoleName());
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
// 4. Read permissions to get their IDs
var adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
var writePermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Write.GetPermissionName())?.Id;
var readPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Read.GetPermissionName())?.Id;
var neverPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Never.GetPermissionName())?.Id;
Assert.NotNull(adminPermissionId);
Assert.NotNull(writePermissionId);
Assert.NotNull(readPermissionId);
Assert.NotNull(neverPermissionId);
// 5. Create role-extension links
// Cleanup first
repo.DeleteAll();
await DatabaseFixture.Storage.SaveAsync();
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Extension = Constants.SoftinuxBaseSecurity, PermissionId = adminPermissionId
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Extension = Constants.SoftinuxBaseSecurity, PermissionId = readPermissionId
});
repo.Create(new RolePermission
{
RoleId = anonymousRole.Id,
Extension = Constants.SoftinuxBaseSecurity,
PermissionId = neverPermissionId
});
repo.Create(new RolePermission
{
RoleId = specialUserRole.Id,
Extension = Constants.SoftinuxBaseSecurity,
PermissionId = writePermissionId
});
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Extension = "Chinook", PermissionId = adminPermissionId
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Extension = "Chinook", PermissionId = writePermissionId
});
await DatabaseFixture.Storage.SaveAsync();
// 6. Build the dictionary that is used by the tool and created in GrantPermissionsController
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
roleNameByRoleId.Add(adminRole.Id, adminRole.Name);
roleNameByRoleId.Add(userRole.Id, userRole.Name);
roleNameByRoleId.Add(anonymousRole.Id, anonymousRole.Name);
roleNameByRoleId.Add(specialUserRole.Id, specialUserRole.Name);
// Execute
GrantViewModel model = ReadGrants.ReadAll(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleNameByRoleId);
// Assert
// 1. Number of keys: extensions
Assert.Equal(ExtensionManager.GetInstances <IExtensionMetadata>().Count(), model.PermissionsByRoleAndExtension.Keys.Count);
// 2. Number of roles for "Security" extension
Assert.True(model.PermissionsByRoleAndExtension.ContainsKey(Constants.SoftinuxBaseSecurity));
// We may have additional linked roles left by other tests...
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].Keys.Count >= 4);
// 3. Admin role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(adminRole.Name));
// Admin -> Admin, Write, Read, Never
Assert.Equal(4, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name].Count);
Assert.Contains(Permission.Admin, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][adminRole.Name]);
// 4. Special User role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(specialUserRole.Name));
// Write -> Write, Read, Never
Assert.Equal(3, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name].Count);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][specialUserRole.Name]);
// 5. User role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(userRole.Name));
// Read -> Read, Never
Assert.Equal(2, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name].Count);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][userRole.Name]);
// 6. Anonymous role
Assert.True(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity].ContainsKey(anonymousRole.Name));
// Never -> Never
Assert.Single(model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][anonymousRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndExtension[Constants.SoftinuxBaseSecurity][anonymousRole.Name]);
// 7. Number of roles for Chinook extension
// When the dll doesn't exist on disk, this is our case, no permissions should be found
Assert.False(model.PermissionsByRoleAndExtension.ContainsKey("Chinook"));
// No need to check the details for this extension
// 8. SoftinuxBase.SeedDatabase extension was found
Assert.True(model.PermissionsByRoleAndExtension.ContainsKey("SoftinuxBase.SeedDatabase"));
}
finally
{
// Cleanup created data
repo.DeleteAll();
await DatabaseFixture.Storage.SaveAsync();
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
await DatabaseFixture.RoleManager.DeleteAsync(specialUserRole);
}
}
public async Task IsRoleLastAdminPermissionLevelGrantForExtension_Yes_StillAnotherRoleButWithoutUsersForThisExtensionAsync()
{
var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
var permRepo = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
string roleName = Guid.NewGuid().ToString();
string secondRoleName = Guid.NewGuid().ToString();
string extensionName = Guid.NewGuid().ToString();
IdentityRole <string> role = null;
IdentityRole <string> secondRole = null;
try
{
// Arrange
// 1. Create a test role
await CreateRoleIfNotExistingAsync(roleName);
// 2. Read role to get its ID
role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);
// 3. Read permissions to get their IDs
string adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
// 4. Associate the role to an extension
RolePermission rolePermission = new RolePermission {
Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
};
rolePermRepo.Create(rolePermission);
await DatabaseFixture.Storage.SaveAsync();
// 5. Create a second role
await CreateRoleIfNotExistingAsync(secondRoleName);
// 6. Read second role to get its ID
secondRole = await DatabaseFixture.RoleManager.FindByNameAsync(secondRoleName);
// 7. Associate the second role to the extension
rolePermission = new RolePermission {
Extension = extensionName, PermissionId = adminPermissionId, RoleId = secondRole.Id
};
rolePermRepo.Create(rolePermission);
await DatabaseFixture.Storage.SaveAsync();
// Act
bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);
// Assert
Assert.True(isLast);
}
finally
{
// Cleanup
// 1. Delete the RolePermission
rolePermRepo.Delete(role?.Id, extensionName);
rolePermRepo.Delete(secondRole?.Id, extensionName);
// 2. Delete the Role
await DatabaseFixture.RoleManager.DeleteAsync(role);
await DatabaseFixture.RoleManager.DeleteAsync(secondRole);
}
}
public async Task IsRoleLastAdminPermissionLevelGrantForExtension_Yes_NoAnotherRoleWithAdminPermissionWithUsersForThisExtensionAsync()
{
var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
var permRepo = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
var userPermRepo = DatabaseFixture.Storage.GetRepository <IUserPermissionRepository>();
string adminPermissionId = null;
string roleName = Guid.NewGuid().ToString();
string secondRoleName = Guid.NewGuid().ToString();
string extensionName = Guid.NewGuid().ToString();
string userName = Guid.NewGuid().ToString();
IdentityRole <string> role = null;
IdentityRole <string> secondRole = null;
User user = null;
try
{
// Arrange
// 1. Create a test role
await CreateRoleIfNotExistingAsync(roleName);
// 2. Read role to get its ID
role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);
// 3. Read permissions to get their IDs
adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
string writePermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Write.GetPermissionName())?.Id;
// 4. Associate the role to an extension
RolePermission rolePermission = new RolePermission {
Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
};
rolePermRepo.Create(rolePermission);
await DatabaseFixture.Storage.SaveAsync();
// 5. Create a second role
await CreateRoleIfNotExistingAsync(secondRoleName);
// 6. Read second role to get its ID
secondRole = await DatabaseFixture.RoleManager.FindByNameAsync(secondRoleName);
// 7. Create an user
user = await CreateUserAsync(userName);
// 8. Associate the second role to the user
Assert.True((await DatabaseFixture.UserManager.AddToRoleAsync(user, secondRoleName)).Succeeded);
// 9. Associate the second role to the extension
rolePermission = new RolePermission {
Extension = extensionName, PermissionId = writePermissionId, RoleId = secondRole.Id
};
rolePermRepo.Create(rolePermission);
await DatabaseFixture.Storage.SaveAsync();
// Act
bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);
// Assert
Assert.True(isLast);
}
finally
{
// Cleanup
// 1. Delete the UserPermission
userPermRepo.Delete(user?.Id, adminPermissionId);
// 2. Delete the RolePermission
rolePermRepo.Delete(role?.Id, extensionName);
rolePermRepo.Delete(secondRole?.Id, extensionName);
// 2b. Delete the UserRole
await DatabaseFixture.UserManager.RemoveFromRoleAsync(user, secondRoleName);
// 3. Delete the User
await DatabaseFixture.UserManager.DeleteAsync(user);
// 4. Delete the Role
await DatabaseFixture.RoleManager.DeleteAsync(role);
await DatabaseFixture.RoleManager.DeleteAsync(secondRole);
}
}
public async Task IsRoleLastAdminPermissionLevelGrantForExtension_No_StillAnUserWithAdminPermissionLevelForThisExtensionAsync()
{
var rolePermRepo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
var permRepo = DatabaseFixture.Storage.GetRepository <IPermissionRepository>();
var userPermRepo = DatabaseFixture.Storage.GetRepository <IUserPermissionRepository>();
string adminPermissionId = null;
string roleName = Guid.NewGuid().ToString();
string extensionName = Guid.NewGuid().ToString();
string userName = Guid.NewGuid().ToString();
IdentityRole <string> role = null;
User user = null;
try
{
// Arrange
// 1. Create a test role
await CreateRoleIfNotExistingAsync(roleName);
// 2. Read role to get its ID
role = await DatabaseFixture.RoleManager.FindByNameAsync(roleName);
// 3. Read permissions to get their IDs
adminPermissionId = permRepo.All().FirstOrDefault(p_ => p_.Name == Permission.Admin.GetPermissionName())?.Id;
// 4. Associate the role to an extension
RolePermission rolePermission = new RolePermission {
Extension = extensionName, PermissionId = adminPermissionId, RoleId = role.Id
};
rolePermRepo.Create(rolePermission);
await DatabaseFixture.Storage.SaveAsync();
// 5. Create an user
user = await CreateUserAsync(userName);
// 6. Associate the user to the extension
UserPermission userPermission = new UserPermission {
Extension = extensionName, PermissionId = adminPermissionId, UserId = user.Id
};
userPermRepo.Create(userPermission);
await DatabaseFixture.Storage.SaveAsync();
// Act
bool isLast = await ReadGrants.IsRoleLastAdminPermissionLevelGrantForExtensionAsync(DatabaseFixture.RoleManager, DatabaseFixture.Storage, roleName, extensionName);
// Assert
Assert.False(isLast);
}
finally
{
// Cleanup
// 1. Delete the UserPermission
userPermRepo.Delete(user?.Id, adminPermissionId);
// 2. Delete the RolePermission
rolePermRepo.Delete(role?.Id, extensionName);
// 3. Delete the User
await DatabaseFixture.UserManager.DeleteAsync(user);
// 4. Delete the Role
await DatabaseFixture.RoleManager.DeleteAsync(role);
}
}
public async void Test()
{
var repo = DatabaseFixture.Storage.GetRepository <IRolePermissionRepository>();
try
{
// Arrange
// 1. Create base roles
await CreateBaseRolesIfNeeded();
// 2. Create "Special User" role
await CreateRoleIfNotExisting("Special User");
// 3. Read roles to get their IDs
var adminRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Administrator.GetRoleName());
var userRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.User.GetRoleName());
var anonymousRole = await DatabaseFixture.RoleManager.FindByNameAsync(Role.Anonymous.GetRoleName());
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
// 4. Create role-extension links
// Cleanup first
repo.DeleteAll();
DatabaseFixture.Storage.Save();
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Scope = "Security", PermissionId = Permission.Admin.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Scope = "Security", PermissionId = Permission.Read.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = anonymousRole.Id, Scope = "Security", PermissionId = Permission.Never.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = specialUserRole.Id, Scope = "Security", PermissionId = Permission.Write.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = adminRole.Id, Scope = "Chinook", PermissionId = Permission.Admin.GetPermissionName()
});
repo.Create(new RolePermission
{
RoleId = userRole.Id, Scope = "Chinook", PermissionId = Permission.Write.GetPermissionName()
});
DatabaseFixture.Storage.Save();
// 5. Build the dictionary that is used by the tool and created in GrantPermissionsController
Dictionary <string, string> roleNameByRoleId = new Dictionary <string, string>();
roleNameByRoleId.Add(adminRole.Id, adminRole.Name);
roleNameByRoleId.Add(userRole.Id, userRole.Name);
roleNameByRoleId.Add(anonymousRole.Id, anonymousRole.Name);
roleNameByRoleId.Add(specialUserRole.Id, specialUserRole.Name);
// Execute
GrantViewModel model = ReadGrants.ReadAll(DatabaseFixture.RoleManager, DatabaseFixture.Storage,
roleNameByRoleId);
// Assert
// 1. Number of keys: extensions
Assert.Equal(ExtensionManager.GetInstances <IExtensionMetadata>().Count(), model.PermissionsByRoleAndScope.Keys.Count);
// 2. Number of roles for "Security" extension
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("Security")));
Assert.Equal(4, model.PermissionsByRoleAndScope["Security"].Keys.Count);
// 3. Admin role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(adminRole.Name));
// Admin -> Admin, Write, Read, Never
Assert.Equal(4, model.PermissionsByRoleAndScope["Security"][adminRole.Name].Count);
Assert.Contains(Permission.Admin, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][adminRole.Name]);
// 4. Special User role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(specialUserRole.Name));
// Write -> Write, Read, Never
Assert.Equal(3, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name].Count);
Assert.Contains(Permission.Write, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][specialUserRole.Name]);
// 5. User role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(userRole.Name));
// Read -> Read, Never
Assert.Equal(2, model.PermissionsByRoleAndScope["Security"][userRole.Name].Count);
Assert.Contains(Permission.Read, model.PermissionsByRoleAndScope["Security"][userRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][userRole.Name]);
// 6. Anonymous role
Assert.True(model.PermissionsByRoleAndScope["Security"].ContainsKey(anonymousRole.Name));
// Never -> Never
Assert.Single(model.PermissionsByRoleAndScope["Security"][anonymousRole.Name]);
Assert.Contains(Permission.Never, model.PermissionsByRoleAndScope["Security"][anonymousRole.Name]);
// 7. Number of roles for Chinook extension
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("Chinook")));
Assert.Equal(2, model.PermissionsByRoleAndScope["Chinook"].Keys.Count);
// No need to check the details for this extension
// 8. SeedDatabase extension was found, no permissions should be found
Assert.True((model.PermissionsByRoleAndScope.ContainsKey("SeedDatabase")));
Assert.Equal(0, model.PermissionsByRoleAndScope["SeedDatabase"].Keys.Count);
}
finally
{
// Cleanup created data
repo.DeleteAll();
DatabaseFixture.Storage.Save();
var specialUserRole = await DatabaseFixture.RoleManager.FindByNameAsync("Special User");
await DatabaseFixture.RoleManager.DeleteAsync(specialUserRole);
}
}