#pragma warning disable CA1506 public async Task <IActionResult> Create([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken) { if (model == null) { throw new ArgumentNullException(nameof(model)); } var existingPermissionSet = await DatabaseContext .PermissionSets .AsQueryable() .Where(x => x.Id == model.PermissionSetId) .Select(x => new Models.PermissionSet { UserId = x.UserId, }) .FirstOrDefaultAsync(cancellationToken) .ConfigureAwait(false); if (existingPermissionSet == default) { return(Gone()); } if (existingPermissionSet.UserId.HasValue) { var userCanonicalName = await DatabaseContext .Users .AsQueryable() .Where(x => x.Id == existingPermissionSet.UserId.Value) .Select(x => x.CanonicalName) .FirstAsync(cancellationToken) .ConfigureAwait(false); if (userCanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName)) { return(Forbid()); } } var dbUser = new InstancePermissionSet { ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None), ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None), ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None), DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None), DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None), RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None), InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? InstancePermissionSetRights.None), PermissionSetId = model.PermissionSetId, InstanceId = Instance.Id.Value, }; DatabaseContext.InstancePermissionSets.Add(dbUser); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); return(Created(dbUser.ToApi())); }
public async Task <IActionResult> Create([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken) { if (model == null) { throw new ArgumentNullException(nameof(model)); } var userCanonicalName = await DatabaseContext .Users .AsQueryable() .Where(x => x.Id == model.UserId) .Select(x => x.CanonicalName) .FirstOrDefaultAsync(cancellationToken) .ConfigureAwait(false); if (userCanonicalName == default) { return(BadRequest(new ErrorMessage(ErrorCode.ModelValidationFailure))); } if (userCanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName)) { return(Forbid()); } var dbUser = new Models.InstanceUser { ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None), ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None), ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None), DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None), DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None), RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None), InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? InstanceUserRights.None), UserId = model.UserId, InstanceId = Instance.Id }; DatabaseContext.InstanceUsers.Add(dbUser); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); return(Created(dbUser.ToApi())); }
#pragma warning disable CA1506 // TODO: Decomplexify public async Task <IActionResult> Update([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken) { if (model == null) { throw new ArgumentNullException(nameof(model)); } var originalPermissionSet = await DatabaseContext .Instances .AsQueryable() .Where(x => x.Id == Instance.Id) .SelectMany(x => x.InstancePermissionSets) .Where(x => x.PermissionSetId == model.PermissionSetId) .FirstOrDefaultAsync(cancellationToken) .ConfigureAwait(false); if (originalPermissionSet == null) { return(Gone()); } originalPermissionSet.ByondRights = RightsHelper.Clamp(model.ByondRights ?? originalPermissionSet.ByondRights.Value); originalPermissionSet.RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? originalPermissionSet.RepositoryRights.Value); originalPermissionSet.InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? originalPermissionSet.InstancePermissionSetRights.Value); originalPermissionSet.ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? originalPermissionSet.ChatBotRights.Value); originalPermissionSet.ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? originalPermissionSet.ConfigurationRights.Value); originalPermissionSet.DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? originalPermissionSet.DreamDaemonRights.Value); originalPermissionSet.DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? originalPermissionSet.DreamMakerRights.Value); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); var showFullPermissionSet = originalPermissionSet.PermissionSetId == AuthenticationContext.PermissionSet.Id.Value || (AuthenticationContext.GetRight(RightsType.InstancePermissionSet) & (ulong)InstancePermissionSetRights.Read) != 0; return(Json( showFullPermissionSet ? originalPermissionSet.ToApi() : new InstancePermissionSetResponse { PermissionSetId = originalPermissionSet.PermissionSetId, })); }
#pragma warning disable CA1506 // TODO: Decomplexify public async Task <IActionResult> Update([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken) { var earlyOut = StandardModelChecks(model); if (earlyOut != null) { return(earlyOut); } var originalUser = await DatabaseContext .Instances .AsQueryable() .Where(x => x.Id == Instance.Id) .SelectMany(x => x.InstanceUsers) .Where(x => x.UserId == model.UserId) .FirstOrDefaultAsync(cancellationToken) .ConfigureAwait(false); if (originalUser == null) { return(StatusCode((int)HttpStatusCode.Gone)); } originalUser.ByondRights = RightsHelper.Clamp(model.ByondRights ?? originalUser.ByondRights.Value); originalUser.RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? originalUser.RepositoryRights.Value); originalUser.InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? originalUser.InstanceUserRights.Value); originalUser.ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? originalUser.ChatBotRights.Value); originalUser.ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? originalUser.ConfigurationRights.Value); originalUser.DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? originalUser.DreamDaemonRights.Value); originalUser.DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? originalUser.DreamMakerRights.Value); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); return(Json(originalUser.UserId == AuthenticationContext.User.Id || (AuthenticationContext.GetRight(RightsType.InstanceUser) & (ulong)InstanceUserRights.ReadUsers) != 0 ? originalUser.ToApi() : new Api.Models.InstanceUser { UserId = originalUser.UserId })); }
public async Task <IActionResult> Create([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken) { // Don't check the result as how can a new user have an ID StandardModelChecks(model); var dbUser = new Models.InstanceUser { ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None), ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None), ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None), DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None), DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None), RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None), InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? InstanceUserRights.None), UserId = model.UserId, InstanceId = Instance.Id }; DatabaseContext.InstanceUsers.Add(dbUser); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); return(StatusCode((int)HttpStatusCode.Created, dbUser.ToApi())); }
#pragma warning disable CA1502 // TODO: Decomplexify #pragma warning disable CA1506 public async Task <IActionResult> Update([FromBody] UserUpdate model, CancellationToken cancellationToken) { if (model == null) { throw new ArgumentNullException(nameof(model)); } if (!model.Id.HasValue) { return(BadRequest(new ErrorMessage(ErrorCode.ModelValidationFailure))); } var callerAdministrationRights = (AdministrationRights)AuthenticationContext.GetRight(RightsType.Administration); var passwordEditOnly = !callerAdministrationRights.HasFlag(AdministrationRights.WriteUsers); var originalUser = passwordEditOnly ? AuthenticationContext.User : await DatabaseContext .Users .AsQueryable() .Where(x => x.Id == model.Id) .Include(x => x.CreatedBy) .FirstOrDefaultAsync(cancellationToken) .ConfigureAwait(false); if (originalUser == default) { return(NotFound()); } if (originalUser.CanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName)) { return(Forbid()); } // Ensure they are only trying to edit password (system identity change will trigger a bad request) if (passwordEditOnly && (model.Id != originalUser.Id || model.InstanceManagerRights.HasValue || model.AdministrationRights.HasValue || model.Enabled.HasValue || model.Name != null)) { return(Forbid()); } if (model.SystemIdentifier != null && model.SystemIdentifier != originalUser.SystemIdentifier) { return(BadRequest(new ErrorMessage(ErrorCode.UserSidChange))); } if (model.Password != null) { var result = TrySetPassword(originalUser, model.Password, false); if (result != null) { return(result); } } if (model.Name != null && Models.User.CanonicalizeName(model.Name) != originalUser.CanonicalName) { return(BadRequest(new ErrorMessage(ErrorCode.UserNameChange))); } originalUser.InstanceManagerRights = RightsHelper.Clamp(model.InstanceManagerRights ?? originalUser.InstanceManagerRights.Value); originalUser.AdministrationRights = RightsHelper.Clamp(model.AdministrationRights ?? originalUser.AdministrationRights.Value); if (model.Enabled.HasValue) { if (originalUser.Enabled.Value && !model.Enabled.Value) { originalUser.LastPasswordUpdate = DateTimeOffset.Now; } originalUser.Enabled = model.Enabled.Value; } var fail = CheckValidName(model, false); if (fail != null) { return(fail); } originalUser.Name = model.Name ?? originalUser.Name; await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); // return id only if not a self update and cannot read users return(Json( model.Id == originalUser.Id || callerAdministrationRights.HasFlag(AdministrationRights.ReadUsers) ? originalUser.ToApi(true) : new Api.Models.User { Id = originalUser.Id })); }
public async Task <IActionResult> Create([FromBody] UserUpdate model, CancellationToken cancellationToken) { if (model == null) { throw new ArgumentNullException(nameof(model)); } if (!(model.Password == null ^ model.SystemIdentifier == null)) { return(BadRequest(new ErrorMessage(ErrorCode.UserMismatchPasswordSid))); } model.Name = model.Name?.Trim(); if (model.Name?.Length == 0) { model.Name = null; } if (!(model.Name == null ^ model.SystemIdentifier == null)) { return(BadRequest(new ErrorMessage(ErrorCode.UserMismatchNameSid))); } var fail = CheckValidName(model, true); if (fail != null) { return(fail); } var dbUser = new Models.User { AdministrationRights = RightsHelper.Clamp(model.AdministrationRights ?? AdministrationRights.None), CreatedAt = DateTimeOffset.Now, CreatedBy = AuthenticationContext.User, Enabled = model.Enabled ?? false, InstanceManagerRights = RightsHelper.Clamp(model.InstanceManagerRights ?? InstanceManagerRights.None), Name = model.Name, SystemIdentifier = model.SystemIdentifier, InstanceUsers = new List <Models.InstanceUser>() }; if (model.SystemIdentifier != null) { try { using var sysIdentity = await systemIdentityFactory.CreateSystemIdentity(dbUser, cancellationToken).ConfigureAwait(false); if (sysIdentity == null) { return(Gone()); } dbUser.Name = sysIdentity.Username; dbUser.SystemIdentifier = sysIdentity.Uid; } catch (NotImplementedException) { return(RequiresPosixSystemIdentity()); } } else { var result = TrySetPassword(dbUser, model.Password, true); if (result != null) { return(result); } } dbUser.CanonicalName = Models.User.CanonicalizeName(dbUser.Name); DatabaseContext.Users.Add(dbUser); await DatabaseContext.Save(cancellationToken).ConfigureAwait(false); return(Created(dbUser.ToApi(true))); }