/// <summary> /// 實例化一個和傳進來一樣的 <see cref="ResourceOperation"/> 物件. /// </summary> /// <param name="resourceOperation">The resource operation.</param> public ResourceOperation(ResourceOperation resourceOperation) : this(resourceOperation.ResourceName, resourceOperation.Operation, resourceOperation.AreaName, resourceOperation.ControllerName, resourceOperation.ActionName, resourceOperation.DisplayName, resourceOperation.DisplayNameWithParent) { }
public static void ThrowTransportExceptionOnItemOperation( Uri physicalAddress, ResourceOperation resourceOperation, DocumentServiceRequest request, Guid activityId, string transportExceptionSourceDescription) { if (request.ResourceType == ResourceType.Document) { TransportException transportException = new TransportException( errorCode: TransportErrorCode.RequestTimeout, innerException: null, activityId: activityId, requestUri: physicalAddress, sourceDescription: transportExceptionSourceDescription, userPayload: true, payloadSent: false); throw Documents.Rntbd.TransportExceptions.GetRequestTimeoutException(physicalAddress, Guid.NewGuid(), transportException); } }
private static void Interceptor( Uri physicalAddress, ResourceOperation resourceOperation, DocumentServiceRequest request) { if (request.RequestContext?.RegionName != null) { Trace.TraceInformation($"Got {request.RequestContext?.RegionName} as region name for {physicalAddress}"); } if (resourceOperation.resourceType == ResourceType.Document) { Assert.IsNotNull(request.RequestContext.RegionName); if (resourceOperation.operationType == OperationType.Create) { Assert.IsTrue(request.RequestContext.ClientRequestStatistics.ContactedReplicas.Count > 1); } else { Assert.AreEqual(0, request.RequestContext.ClientRequestStatistics.ContactedReplicas.Count); } } }
/// <summary> /// 依照內容建立出AuthorizationContext /// </summary> /// <param name="principal">目前的Principal</param> /// <param name="resourceOperation">目前要驗證的ResourceOperation</param> /// <returns>AuthorizationContext</returns> public AuthorizationContext CreateAuthorizationContext(ClaimsPrincipal principal, ResourceOperation resourceOperation) { var actionClaims = new Collection <Claim>(); var resourceClaims = new Collection <Claim>(); if (resourceOperation != null) { actionClaims.Add(new Claim(ActionType, resourceOperation.Operation.ToString())); resourceClaims.Add(new Claim(ResourceType, resourceOperation.ResourceName)); } return(new AuthorizationContext( principal, resourceClaims, actionClaims)); }
protected abstract ResourceHandle PerformOperationInternal(Uri uri, ResourceOperation operation, object arg);
internal override async Task <StoreResponse> InvokeStoreAsync(Uri baseAddress, ResourceOperation resourceOperation, DocumentServiceRequest request) { Uri physicalAddress = GatewayStoreClient.IsFeedRequest(request.OperationType) ? HttpTransportClient.GetResourceFeedUri(resourceOperation.resourceType, baseAddress, request) : HttpTransportClient.GetResourceEntryUri(resourceOperation.resourceType, baseAddress, request); using (HttpResponseMessage responseMessage = await this.InvokeClientAsync(request, resourceOperation.resourceType, physicalAddress, default(CancellationToken))) { return(await HttpTransportClient.ProcessHttpResponse(request.ResourceAddress, string.Empty, responseMessage, physicalAddress, request)); } }
ResourceHandle IFileSystem.PerformOperation(Uri uri, ResourceOperation operation, object arg) { throw new NotImplementedException(); }
// Overload for an array of Resource operations public bool CheckAccess( string userName, IntPtr userToken, byte[] secDesc, ResourceOperation[] requiredOperations) { // If the user is the administrator, allow unrestricted access. if (0 == String.Compare(userName, m_adminUserName, true, CultureInfo.CurrentCulture)) return true; foreach(ResourceOperation operation in requiredOperations) { if (!CheckAccess(userName, userToken, secDesc, operation)) return false; } return true; }
public IngredientOperationRequirement(ResourceOperation resourceOperation) { ResourceOperation = resourceOperation; }
public async Task ServerCloseOnSslNegotiationCompleteAsyncTest() { using (FaultyServer server = new FaultyServer()) { server.OnConnectionEvent += (sender, args) => { if (args.EventType == FaultyServer.ConnectionEventType.SslNegotiationComplete) { RntbdTests.RandomSleep(); args.Close = true; } }; try { await server.StartAsync(); Dictionary <OperationType, ResourceOperation> operationMap = new Dictionary <OperationType, ResourceOperation> { [OperationType.Read] = ResourceOperation.ReadDocument, [OperationType.Upsert] = ResourceOperation.UpsertDocument, }; foreach (OperationType operationType in new OperationType[] { OperationType.Read, OperationType.Upsert }) { TimeSpan runTime = TimeSpan.FromSeconds(10.0); Stopwatch sw = Stopwatch.StartNew(); while (sw.Elapsed < runTime) { Guid activityId = Guid.NewGuid(); Trace.CorrelationManager.ActivityId = activityId; using (Rntbd.Channel channel = new Rntbd.Channel( server.Uri, new Rntbd.ChannelProperties( new UserAgentContainer(), certificateHostNameOverride: "localhost", timerPool: new TimerPool(1), requestTimeout: TimeSpan.FromSeconds(1.0), openTimeout: TimeSpan.FromSeconds(1.0), maxChannels: ushort.MaxValue, maxRequestsPerChannel: 100, receiveHangDetectionTime: TimeSpan.FromSeconds(2.0), sendHangDetectionTime: TimeSpan.FromSeconds(0.5)))) { channel.Initialize(activityId); try { ResourceType resourceType = ResourceType.Document; ResourceOperation resourceOperation = operationMap[operationType]; StoreResponse response = await channel.RequestAsync( DocumentServiceRequest.Create( operationType, resourceType, AuthorizationTokenType.SecondaryReadonlyMasterKey), new Uri(server.Uri, "foo/bar/baz"), resourceOperation, activityId); } catch (DocumentClientException e) { Assert.AreEqual(activityId.ToString(), e.ActivityId); if (!string.Equals("ServiceUnavailable", e.Error.Code) && !string.Equals("Gone", e.Error.Code)) { Assert.Fail("Unexpected error code: {0}", e.Error.Code); } Exception rootCause = e; Exception nextRootCause = e.InnerException; while (nextRootCause != null) { rootCause = nextRootCause; nextRootCause = nextRootCause.InnerException; } SocketException socketException = rootCause as SocketException; if (socketException != null) { if (socketException.SocketErrorCode != SocketError.ConnectionReset && socketException.SocketErrorCode != SocketError.ConnectionAborted) { Assert.Fail( "Expected connection reset or " + "connection aborted. Actual: {0}", socketException.SocketErrorCode.ToString()); } } else { GoneException goneException = rootCause as GoneException; IOException ioException = rootCause as IOException; Assert.IsTrue(goneException != null || ioException != null, "Expected GoneException or IOException. Actual: {0} ({1})", rootCause.Message, rootCause.GetType()); } } } } } } finally { await server.StopAsync(); } } }
/// <summary> /// 檢查是否有權限使用某個ResourceOperation /// </summary> /// <param name="context">目前的AuthorizationContext</param> /// <param name="resourceOperation">要驗證的ResourceOperation</param> /// <param name="rolesName">目前使用者的Role</param> /// <returns>true,表示有權限,不然則是false</returns> public abstract bool CheckAccess(AuthorizationContext context, ResourceOperation resourceOperation, string[] rolesName);
public int Add(ResourceOperation operation) { return(base.InnerList.Add(operation)); }
// Overload for an array of Resource operations public bool CheckAccess( string userName, IntPtr userToken, byte[] secDesc, ResourceOperation[] requiredOperations) { return true; }
protected abstract Task <ResourceHandle> PerformOperationAsyncInternal(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken);
protected override async Task <ResourceHandle> PerformOperationAsyncInternal(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken) { cancellationToken.ThrowIfCancellationRequested(); Uri target; string tpath, spath; switch (operation) { case ResourceOperation.Create: spath = GetPath(uri); cancellationToken.ThrowIfCancellationRequested(); IntPtr handle = Kernel32.CreateFile(spath, FileAccess.ReadWrite, FileShare.None, IntPtr.Zero, FileMode.CreateNew, (FileAttributes)arg, FileFlags.None, IntPtr.Zero); try{ return(new Win32FileHandle(handle, this)); }finally{ Kernel32.CloseHandle(handle); } case ResourceOperation.Delete: spath = GetPath(uri); cancellationToken.ThrowIfCancellationRequested(); Kernel32.DeleteFile(spath); break; case ResourceOperation.Move: string name = arg as string; if (name != null) { target = new Uri(uri, name); } else { target = (Uri)arg; } spath = GetPath(uri); tpath = GetPath(target); await MoveFile(spath, tpath, cancellationToken); break; case ResourceOperation.Copy: target = (Uri)arg; spath = GetPath(uri); tpath = GetPath(target); await CopyFile(spath, tpath, cancellationToken); break; default: throw new NotImplementedException(); } return(null); }
// Overload for Resource operations public bool CheckAccess( string userName, IntPtr userToken, byte[] secDesc, ResourceOperation requiredOperation) { // If the user is the administrator, allow unrestricted access. if (0 == String.Compare(userName, m_adminUserName, true, CultureInfo.CurrentCulture)) return true; AceCollection acl = DeserializeAcl(secDesc); foreach(AceStruct ace in acl) { if (0 == String.Compare(userName, ace.PrincipalName, true, CultureInfo.CurrentCulture)) { foreach(ResourceOperation aclOperation in ace.ResourceOperations) { if (aclOperation == requiredOperation) return true; } } } return false; }
protected async Task <ResourceCommandResult> PerformOperation(Workspace workspace, ResourceOperation operation, string[] addresses, string args = null) { using (var lockResult = await _lockService.GetWorkspaceLock(workspace.Id).LockAsync(0)) { if (!lockResult.AcquiredLock) { throw new WorkspaceConflictException(); } if (!await _db.AnyIncompleteRuns(workspace.Id)) { return(await this.OperationDoWork(workspace, operation, addresses, args)); } else { throw new WorkspaceConflictException(); } } }
/// <summary> /// 依照對應的Area、Controller和Action,取得對應的ResourceOperation /// </summary> /// <param name="areaName">Area名稱</param> /// <param name="controllerName">Controller名稱</param> /// <param name="actionName">Action名稱</param> /// <returns> /// 這個Route對應的ResourceOperation /// </returns> public ResourceOperation GetResourceOperation(string areaName, string controllerName, string actionName) { return(ResourceOperation.Where(x => x.AreaName.ToLower() == areaName.ToLower() && x.ControllerName.ToLower() == controllerName.ToLower() && x.ActionName.ToLower() == actionName.ToLower()).FirstOrDefault()); }
private async Task <ResourceCommandResult> OperationDoWork(Workspace workspace, ResourceOperation operation, string[] addresses, string args) { var errors = new List <string>(); JsonElement?outputs = null; var workingDir = workspace.GetPath(_terraformOptions.RootWorkingDirectory); var files = await _db.GetWorkspaceFiles(workspace, workspace.Directory); await workspace.PrepareFileSystem(workingDir, files); var initResult = _terraformService.InitializeWorkspace(workspace, null); var statePath = string.Empty; if (!workspace.IsDefault) { statePath = workspace.GetStatePath(workingDir, backupState: false); } if (!initResult.IsError) { TerraformResult result = null; switch (operation) { case ResourceOperation.taint: case ResourceOperation.untaint: foreach (string address in addresses) { TerraformResult taintResult = null; switch (operation) { case ResourceOperation.taint: taintResult = _terraformService.Taint(workspace, address, statePath); break; case ResourceOperation.untaint: taintResult = _terraformService.Untaint(workspace, address, statePath); break; } if (taintResult != null && taintResult.IsError) { errors.Add(taintResult.Output); } } break; case ResourceOperation.refresh: result = _terraformService.Refresh(workspace, statePath); break; case ResourceOperation.remove: result = _terraformService.RemoveResources(workspace, addresses, statePath); break; case ResourceOperation.import: result = _terraformService.Import(workspace, addresses[0], args, statePath); break; case ResourceOperation.output: result = _terraformService.GetOutputs(workspace, statePath); outputs = JsonDocument.Parse(result.Output).RootElement; break; } if (result != null && result.IsError) { errors.Add(result.Output); } await workspace.RetrieveState(workingDir); await _db.SaveChangesAsync(); workspace.CleanupFileSystem(_terraformOptions.RootWorkingDirectory); } return(new ResourceCommandResult { Resources = _mapper.Map <Resource[]>(workspace.GetState().GetResources(), opts => opts.ExcludeMembers(nameof(Resource.Attributes))), Errors = errors.ToArray(), Outputs = outputs }); }
Task <ResourceHandle> IFileSystem.PerformOperationAsync(Uri uri, ResourceOperation operation, object arg, CancellationToken cancellationToken) { throw new NotImplementedException(); }
private Tuple <User, Role, Group, Resource> RBAC_InitRBAC() { var user = new User { UserName = "******" }; RepositoryFacade.Save(user); var role = new Role { Name = "管理员", Code = "admin" }; RepositoryFacade.Save(role); var userRole = new UserRole { User = user, Role = role }; RepositoryFacade.Save(userRole); var group = new Group { Name = "研发部", Code = "abc", TreeChildren = { new Group { Name = "测试组", Code = "def" } } }; RepositoryFacade.Save(group); var groupUser = new GroupUser { Group = group, User = user }; RepositoryFacade.Save(groupUser); var groupRole = new GroupRole { Group = group, Role = role }; RepositoryFacade.Save(groupRole); var resource = new Resource { Name = "待开明细", Code = "Transcation", Description = "Transcation" }.SetIsSupportDataPermission(true).SetResourceEntityType(typeof(TestDataPermission).FullName); var operation = new ResourceOperation { Name = "新增", Code = "Add" }; resource.ResourceOperationList.Add(operation); resource.ResourceOperationList.Add( new ResourceOperation { Name = "删除", Code = "Delete" } ); RepositoryFacade.Save(resource); RepositoryFacade.Save(new RoleOperation { Role = role, Operation = operation }); var dataPermission = new DataPermission { Resource = resource, Role = role }; dataPermission.SetBuilder(new CurrentGroupPermissionConstraintBuilder { IsIncludeChildGroup = false, GroupIdProperty = "GroupId" }); RepositoryFacade.Save(dataPermission); var testDataPermission = new TestDataPermission(); testDataPermission.Group = group; testDataPermission.Name = "test"; RepositoryFacade.Save(testDataPermission); return(Tuple.Create(user, role, group, resource)); }
private async Task <Workspace> OperationDoWork(Workspace workspace, ResourceOperation operation, string[] addresses) { var workingDir = workspace.GetPath(_terraformOptions.RootWorkingDirectory); var files = await _db.GetWorkspaceFiles(workspace, workspace.Directory); await workspace.PrepareFileSystem(workingDir, files); var initResult = _terraformService.InitializeWorkspace( workingDir, workspace.Name, workspace.IsDefault, null); var statePath = string.Empty; if (!workspace.IsDefault) { statePath = workspace.GetStatePath(workingDir, backupState: false); } if (!initResult.IsError) { switch (operation) { case ResourceOperation.taint: case ResourceOperation.untaint: foreach (string address in addresses) { TerraformResult taintResult = null; switch (operation) { case ResourceOperation.taint: taintResult = _terraformService.Taint(workingDir, address, statePath); break; case ResourceOperation.untaint: taintResult = _terraformService.Untaint(workingDir, address, statePath); break; } if (taintResult != null && taintResult.IsError) { _logger.LogError(taintResult.Output); } } break; case ResourceOperation.refresh: TerraformResult refreshResult = _terraformService.Refresh(workingDir, statePath); if (refreshResult.IsError) { _logger.LogError(refreshResult.Output); } break; } await workspace.RetrieveState(workingDir); await _db.SaveChangesAsync(); workspace.CleanupFileSystem(_terraformOptions.RootWorkingDirectory); } return(workspace); }
/// <summary> /// 組合出AuthorizationContext交給ClaimsAuthorizationManager去做是否有權限的判斷 /// </summary> /// <param name="principal">目前的Principal</param> /// <param name="resourceOperation">要檢查的ResourceOperation</param> /// <returns>true,表示有權限,要不然就是fals</returns> public bool CheckAccess(ClaimsPrincipal principal, ResourceOperation resourceOperation) { var authorisationContext = CreateAuthorizationContext(principal, resourceOperation); return(AuthorizationManager.CheckAccess(authorisationContext)); }
public ResourceOperationRequirement(ResourceOperation resourceOperation) { ResourceOperation = resourceOperation; }
public async Task ServerCloseOnSslNegotiationCompleteAsyncTest() { using (FaultyServer server = new FaultyServer()) { server.OnConnectionEvent += (sender, args) => { if (args.EventType == FaultyServer.ConnectionEventType.SslNegotiationComplete) { RntbdTests.RandomSleep(); args.Close = true; } }; try { await server.StartAsync(); Dictionary <OperationType, ResourceOperation> operationMap = new Dictionary <OperationType, ResourceOperation> { [OperationType.Read] = ResourceOperation.ReadDocument, [OperationType.Upsert] = ResourceOperation.UpsertDocument, }; foreach (OperationType operationType in new OperationType[] { OperationType.Read, OperationType.Upsert }) { TimeSpan runTime = TimeSpan.FromSeconds(10.0); Stopwatch sw = Stopwatch.StartNew(); while (sw.Elapsed < runTime) { Guid activityId = Guid.NewGuid(); Trace.CorrelationManager.ActivityId = activityId; using (Rntbd.Channel channel = new Rntbd.Channel( server.Uri, RntbdTests.GetChannelProperties())) { channel.Initialize(activityId); try { ResourceType resourceType = ResourceType.Document; ResourceOperation resourceOperation = operationMap[operationType]; StoreResponse response = await channel.RequestAsync( DocumentServiceRequest.Create( operationType, resourceType, AuthorizationTokenType.SecondaryReadonlyMasterKey), new Uri(server.Uri, "foo/bar/baz"), resourceOperation, activityId); } catch (TransportException e) { Assert.AreEqual(activityId, e.ActivityId); Assert.IsTrue( (e.ErrorCode == TransportErrorCode.ReceiveFailed) || (e.ErrorCode == TransportErrorCode.SslNegotiationFailed) || (e.ErrorCode == TransportErrorCode.ReceiveStreamClosed), "Expected ReceiveFailed or ReceiveStreamClosed. Actual: {0}", e.ErrorCode); Exception rootCause = e.GetBaseException(); if (e.Equals(rootCause)) { return; } SocketException socketException = rootCause as SocketException; if (socketException != null) { if (socketException.SocketErrorCode != SocketError.ConnectionReset && socketException.SocketErrorCode != SocketError.ConnectionAborted) { Assert.Fail( "Expected connection reset or " + "connection aborted. Actual: {0}", socketException.SocketErrorCode.ToString()); } } else { IOException ioException = rootCause as IOException; Assert.IsTrue(ioException != null, "Expected IOException. Actual: {0} ({1})", rootCause.Message, rootCause.GetType()); } } } } } } finally { await server.StopAsync(); } } }