public async Task <List <SecurityContractApplication> > GetResourceServerDefinitionsAsync()
{
logger.Debug($"Retrieving application security contract definitions.");
var contractApplications = new List <SecurityContractApplication>();
List <ApplicationModel> applications = await applicationRepository.GetListAsync();
foreach (var application in applications.OrderBy(o => o.SysPeriod.LowerBound))
{
logger.Debug($"Retrieving application security contract definition for Application [{application.Name}].");
var contractApplication = new SecurityContractApplication()
{
Fullname = application.Name,
ApplicationFunctions = new List <SecurityContractFunction>()
};
foreach (var applicationFunction in application.ApplicationFunctions.OrderBy(o => o.SysPeriod.LowerBound))
{
logger.Debug($"Retrieving application security contract definition for ApplicationFunction [{applicationFunction.Name}].");
var contractAppFunction = new SecurityContractFunction()
{
Name = applicationFunction.Name,
Description = applicationFunction.Description,
Permissions = new List <SecurityContractPermission>()
};
foreach (var applicationPermission in applicationFunction.ApplicationFunctionPermissions.OrderBy(o => o.Permission.SysPeriod.LowerBound))
{
logger.Debug($"Retrieving application security contract definition for ApplicationPermission [{applicationPermission.Permission.Name}].");
contractAppFunction.Permissions.Add(new SecurityContractPermission()
{
Name = applicationPermission.Permission.Name,
Description = applicationPermission.Permission.Description
});
}
contractApplication.ApplicationFunctions.Add(contractAppFunction);
AddApplicationDataPoliciesToSecurityContractDefinintionFromApplication(contractApplication, application);
}
contractApplications.Add(contractApplication);
}
return(contractApplications);
}
private ApplicationFunctionModel CreateNewFunctionFromResourceServerFunction(SecurityContractFunction functionResource, Guid updatedByGuid)
{
ApplicationFunctionModel newFunction = new ApplicationFunctionModel
{
Name = functionResource.Name,
Description = functionResource.Description,
ChangedBy = updatedByGuid
};
newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>();
if (functionResource.Permissions != null)
{
foreach (var permission in functionResource.Permissions)
{
AddResourcePermissionToFunction(newFunction, permission);
}
}
return(newFunction);
}
private ApplicationFunctionModel CreateNewApplicationFunctionFromSecurityContractApplicationFunction(SecurityContractFunction functionResource, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
{
logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{functionResource.Name}']: Adding function '{functionResource.Name}' to application '{applicationName}'.");
ApplicationFunctionModel newFunction = new ApplicationFunctionModel
{
Name = functionResource.Name,
Description = functionResource.Description,
ChangedBy = updatedByGuid
};
newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>();
if (functionResource.Permissions != null)
{
foreach (var permission in functionResource.Permissions)
{
AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(newFunction, permission, updatedByGuid, applicationName, dryRun, securityContractDryRunResult);
}
}
return(newFunction);
}
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource)
{
// Remove any permissions from the application function that are not within the updated definition.
// Note! We are deleting items from the List so we cannot use a foreach.
for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--)
{
if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name))
{
logger.Debug($"[applications.fullname: '{applicationFunction.Application.Name}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}']: Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} was previously assigned to applicationFunction: '{applicationFunction.Name}' but is no longer assigned in the security contract being processed. Removing permission '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}' from function '{applicationFunction.Name}'!");
// Note: This only removes the function permissions association. The permission will still exist.
applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]);
}
}
}
private async Task SynchroniseSpecificFunctionFromResourceServerDefinitionToApplication(SecurityContractFunction functionResource, ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
{
var applicationFunction = application.ApplicationFunctions.Find(af => af.Name == functionResource.Name);
if (applicationFunction == null)
{
logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' does not exist. Creating it.");
// We now know this application does not have a function with the name assigned. However, another one might, check for this.
var existingApplicationFunction = await applicationFunctionRepository.GetByNameAsync(functionResource.Name);
if (existingApplicationFunction != null)
{
var errorMessage = $"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists in another application. Cannot assign it to application: '{application.Name}'";
if (dryRun)
{
securityContractDryRunResult.ValidationErrors.Add(errorMessage);
return;
}
throw new ItemNotProcessableException(errorMessage);
}
application.ApplicationFunctions.Add(CreateNewApplicationFunctionFromSecurityContractApplicationFunction(functionResource, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult));
}
else
{
logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists. Updating it.");
// Edit an existing function.
applicationFunction.Name = functionResource.Name;
applicationFunction.Description = functionResource.Description;
applicationFunction.ChangedBy = updatedByGuid;
if (functionResource.Permissions != null)
{
DetectAndUnassignPermissionsRemovedFromFunctions(applicationFunction, functionResource);
// Add any new permissions to the function.
foreach (var permission in functionResource.Permissions)
{
AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(applicationFunction, permission, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult);
}
}
else
{
// Remove any possible permissions that are assigned to the application function.
applicationFunction.ApplicationFunctionPermissions.Clear();
}
}
}
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource)
{
// Remove any permissions from the application function that are not within the updated definition.
// Note! We are deleting items from the List so we cannot use a foreach.
for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--)
{
logger.Debug($"Checking whether permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} should unassigned from function '" + applicationFunction.Name + "'.");
if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name))
{
logger.Debug($"Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} is being unassigned from function {applicationFunction.Name}!");
// Note: This only removes the function permissions association. The permission will still exist.
applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]);
}
}
}
