public async Task <List <SecurityContractApplication> > GetResourceServerDefinitionsAsync() { logger.Debug($"Retrieving application security contract definitions."); var contractApplications = new List <SecurityContractApplication>(); List <ApplicationModel> applications = await applicationRepository.GetListAsync(); foreach (var application in applications.OrderBy(o => o.SysPeriod.LowerBound)) { logger.Debug($"Retrieving application security contract definition for Application [{application.Name}]."); var contractApplication = new SecurityContractApplication() { Fullname = application.Name, ApplicationFunctions = new List <SecurityContractFunction>() }; foreach (var applicationFunction in application.ApplicationFunctions.OrderBy(o => o.SysPeriod.LowerBound)) { logger.Debug($"Retrieving application security contract definition for ApplicationFunction [{applicationFunction.Name}]."); var contractAppFunction = new SecurityContractFunction() { Name = applicationFunction.Name, Description = applicationFunction.Description, Permissions = new List <SecurityContractPermission>() }; foreach (var applicationPermission in applicationFunction.ApplicationFunctionPermissions.OrderBy(o => o.Permission.SysPeriod.LowerBound)) { logger.Debug($"Retrieving application security contract definition for ApplicationPermission [{applicationPermission.Permission.Name}]."); contractAppFunction.Permissions.Add(new SecurityContractPermission() { Name = applicationPermission.Permission.Name, Description = applicationPermission.Permission.Description }); } contractApplication.ApplicationFunctions.Add(contractAppFunction); AddApplicationDataPoliciesToSecurityContractDefinintionFromApplication(contractApplication, application); } contractApplications.Add(contractApplication); } return(contractApplications); }
private ApplicationFunctionModel CreateNewFunctionFromResourceServerFunction(SecurityContractFunction functionResource, Guid updatedByGuid) { ApplicationFunctionModel newFunction = new ApplicationFunctionModel { Name = functionResource.Name, Description = functionResource.Description, ChangedBy = updatedByGuid }; newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>(); if (functionResource.Permissions != null) { foreach (var permission in functionResource.Permissions) { AddResourcePermissionToFunction(newFunction, permission); } } return(newFunction); }
private ApplicationFunctionModel CreateNewApplicationFunctionFromSecurityContractApplicationFunction(SecurityContractFunction functionResource, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult) { logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{functionResource.Name}']: Adding function '{functionResource.Name}' to application '{applicationName}'."); ApplicationFunctionModel newFunction = new ApplicationFunctionModel { Name = functionResource.Name, Description = functionResource.Description, ChangedBy = updatedByGuid }; newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>(); if (functionResource.Permissions != null) { foreach (var permission in functionResource.Permissions) { AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(newFunction, permission, updatedByGuid, applicationName, dryRun, securityContractDryRunResult); } } return(newFunction); }
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource) { // Remove any permissions from the application function that are not within the updated definition. // Note! We are deleting items from the List so we cannot use a foreach. for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--) { if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name)) { logger.Debug($"[applications.fullname: '{applicationFunction.Application.Name}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}']: Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} was previously assigned to applicationFunction: '{applicationFunction.Name}' but is no longer assigned in the security contract being processed. Removing permission '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}' from function '{applicationFunction.Name}'!"); // Note: This only removes the function permissions association. The permission will still exist. applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]); } } }
private async Task SynchroniseSpecificFunctionFromResourceServerDefinitionToApplication(SecurityContractFunction functionResource, ApplicationModel application, SecurityContractApplication applicationSecurityContractDefinition, Guid updatedByGuid, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult) { var applicationFunction = application.ApplicationFunctions.Find(af => af.Name == functionResource.Name); if (applicationFunction == null) { logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' does not exist. Creating it."); // We now know this application does not have a function with the name assigned. However, another one might, check for this. var existingApplicationFunction = await applicationFunctionRepository.GetByNameAsync(functionResource.Name); if (existingApplicationFunction != null) { var errorMessage = $"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists in another application. Cannot assign it to application: '{application.Name}'"; if (dryRun) { securityContractDryRunResult.ValidationErrors.Add(errorMessage); return; } throw new ItemNotProcessableException(errorMessage); } application.ApplicationFunctions.Add(CreateNewApplicationFunctionFromSecurityContractApplicationFunction(functionResource, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult)); } else { logger.Debug($"[applications.fullname: '{application.Name}'].[applicationFunctions.name: '{functionResource.Name}']: Application function with name '{functionResource.Name}' already exists. Updating it."); // Edit an existing function. applicationFunction.Name = functionResource.Name; applicationFunction.Description = functionResource.Description; applicationFunction.ChangedBy = updatedByGuid; if (functionResource.Permissions != null) { DetectAndUnassignPermissionsRemovedFromFunctions(applicationFunction, functionResource); // Add any new permissions to the function. foreach (var permission in functionResource.Permissions) { AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(applicationFunction, permission, updatedByGuid, applicationSecurityContractDefinition.Fullname, dryRun, securityContractDryRunResult); } } else { // Remove any possible permissions that are assigned to the application function. applicationFunction.ApplicationFunctionPermissions.Clear(); } } }
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource) { // Remove any permissions from the application function that are not within the updated definition. // Note! We are deleting items from the List so we cannot use a foreach. for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--) { logger.Debug($"Checking whether permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} should unassigned from function '" + applicationFunction.Name + "'."); if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name)) { logger.Debug($"Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} is being unassigned from function {applicationFunction.Name}!"); // Note: This only removes the function permissions association. The permission will still exist. applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]); } } }