/// <inheritdoc /> public async Task AddClaimMapping(IGuildUser user, ClaimMappingType type, AuthorizationClaim claim) { RequireAuthenticatedUser(); RequireClaims(AuthorizationClaim.AuthorizationConfigure); using (var transaction = await ClaimMappingRepository.BeginCreateTransactionAsync()) { if (await ClaimMappingRepository.AnyAsync(new ClaimMappingSearchCriteria() { Types = new[] { type }, GuildId = user.Guild.Id, UserId = user.Id, Claims = new[] { claim }, IsDeleted = false, })) { throw new InvalidOperationException($"A claim mapping of type {type} to claim {claim} for user {user.GetDisplayName()} already exists"); } await ClaimMappingRepository.CreateAsync(new ClaimMappingCreationData() { GuildId = user.Guild.Id, Type = type, UserId = user.Id, Claim = claim, CreatedById = CurrentUserId.Value }); transaction.Commit(); } }
/// <inheritdoc /> public async Task AutoConfigureGuildAsync(IGuild guild) { if (await ClaimMappingRepository.AnyAsync(guild.Id)) { return; } await UserService.TrackUserAsync(DiscordClient.CurrentUser); foreach (var claim in Enum.GetValues(typeof(AuthorizationClaim)).Cast <AuthorizationClaim>()) { foreach (var role in guild.Roles.Where(x => x.Permissions.Administrator)) { await ClaimMappingRepository.CreateAsync(new ClaimMappingCreationData() { Type = ClaimMappingType.Granted, GuildId = guild.Id, RoleId = role.Id, UserId = null, Claim = claim, CreatedById = DiscordClient.CurrentUser.Id }); } await ClaimMappingRepository.CreateAsync(new ClaimMappingCreationData() { Type = ClaimMappingType.Granted, GuildId = guild.Id, RoleId = null, UserId = DiscordClient.CurrentUser.Id, Claim = claim, CreatedById = DiscordClient.CurrentUser.Id }); } }
/// <inheritdoc /> public async Task ModifyClaimMapping(ulong roleId, AuthorizationClaim claim, ClaimMappingType?newType) { RequireAuthenticatedUser(); RequireClaims(AuthorizationClaim.AuthorizationConfigure); var foundClaims = await ClaimMappingRepository.SearchBriefsAsync(new ClaimMappingSearchCriteria { Claims = new[] { claim }, RoleIds = new[] { roleId }, GuildId = CurrentGuildId }); using (var transaction = await ClaimMappingRepository.BeginCreateTransactionAsync()) { foreach (var existing in foundClaims) { await ClaimMappingRepository.TryDeleteAsync(existing.Id, CurrentUserId.Value); } if (newType.HasValue) { await ClaimMappingRepository.CreateAsync(new ClaimMappingCreationData() { GuildId = CurrentGuildId.Value, Type = newType.Value, RoleId = roleId, Claim = claim, CreatedById = CurrentUserId.Value }); } transaction.Commit(); } }
/// <inheritdoc /> public async Task OnAuthenticatedAsync(ulong guildId, IEnumerable <ulong> roleIds, ulong userId) { CurrentGuildId = guildId; CurrentUserId = userId; var claims = new HashSet <AuthorizationClaim>(); foreach (var claimMapping in (await ClaimMappingRepository .SearchBriefsAsync(new ClaimMappingSearchCriteria() { GuildId = guildId, RoleIds = roleIds.ToArray(), UserId = userId, IsRescinded = false })) // Evaluate role mappings (userId is null) first, to give user mappings precedence. .OrderBy(x => x.UserId) // Evaluate granted mappings first, to give denied mappings precedence. .ThenBy(x => x.Type)) { if (claimMapping.Type == ClaimMappingType.Granted) { claims.Add(claimMapping.Claim); } else { claims.Remove(claimMapping.Claim); } } CurrentClaims = claims; }
public ActionResult AddClaimMapping() { // TODO: sanitize input and add AntiForgeryToken var incomingClaimType = this.Request.Form["IncomingClaimType"]; var incomingValue = this.Request.Form["IncomingValue"]; var roleName = this.Request.Form["NewRole"]; var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; var claimMappingsRepository = new ClaimMappingRepository(); var role = claimMappingsRepository.GetRoleByName(roleName); if (this.ValidateClaimMapping(incomingClaimType, incomingValue, role, organization, claimMappingsRepository)) { claimMappingsRepository.SaveClaimMapping( new ClaimMapping { IncomingClaimType = incomingClaimType, IncomingValue = incomingValue, OutputRole = role, Organization = organization }); } return(this.ClaimMappings()); }
/// <inheritdoc /> public async Task RemoveClaimMappingAsync(IGuildUser user, ClaimMappingType type, AuthorizationClaim claim) { RequireClaims(AuthorizationClaim.AuthorizationConfigure); using (var transaction = await ClaimMappingRepository.BeginDeleteTransactionAsync()) { var mappingIds = await ClaimMappingRepository.SearchIdsAsync(new ClaimMappingSearchCriteria() { Types = new[] { type }, GuildId = user.Guild.Id, UserId = user.Id, Claims = new[] { claim }, IsDeleted = false, }); if (!mappingIds.Any()) { throw new InvalidOperationException($"A claim mapping of type {type} to claim {claim} for user {user.GetDisplayName()} does not exist"); } await ClaimMappingRepository.TryDeleteAsync(mappingIds.First(), CurrentUserId.Value); transaction.Commit(); } }
/// <inheritdoc /> public async Task AutoConfigureGuildAsync(IGuild guild) { if (await ClaimMappingRepository.AnyAsync(new ClaimMappingSearchCriteria() { GuildId = guild.Id, IsDeleted = false, })) { return; } // Need the bot user to exist, before we start adding claims, created by the bot user. await UserService.TrackUserAsync(DiscordClient.CurrentUser); using (var transaction = await ClaimMappingRepository.BeginCreateTransactionAsync()) { foreach (var claim in Enum.GetValues(typeof(AuthorizationClaim)).Cast <AuthorizationClaim>()) { foreach (var role in guild.Roles.Where(x => x.Permissions.Administrator)) { await ClaimMappingRepository.CreateAsync(new ClaimMappingCreationData() { Type = ClaimMappingType.Granted, GuildId = guild.Id, RoleId = role.Id, UserId = null, Claim = claim, CreatedById = DiscordClient.CurrentUser.Id }); } } transaction.Commit(); } }
private async Task <IReadOnlyCollection <AuthorizationClaim> > LookupPosessedClaimsAsync(ulong guildId, IEnumerable <ulong> roleIds, ulong userId, IEnumerable <AuthorizationClaim> claimsFilter = null) { var posessedClaims = new HashSet <AuthorizationClaim>(); foreach (var claimMapping in (await ClaimMappingRepository .SearchBriefsAsync(new ClaimMappingSearchCriteria() { GuildId = guildId, RoleIds = roleIds.ToArray(), UserId = userId, Claims = claimsFilter?.ToArray(), IsDeleted = false })) // Evaluate role mappings (userId is null) first, to give user mappings precedence. .OrderBy(x => x.UserId) // Order putting @everyone last .ThenByDescending(x => x.RoleId == guildId) // Evaluate granted mappings first, to give denied mappings precedence. .ThenBy(x => x.Type)) { if (claimMapping.Type == ClaimMappingType.Granted) { posessedClaims.Add(claimMapping.Claim); } else { posessedClaims.Remove(claimMapping.Claim); } } return(posessedClaims); }
/// <inheritdoc /> public async Task UnConfigureGuildAsync(IGuild guild) { foreach (var claimMappingId in await ClaimMappingRepository.SearchIdsAsync(new ClaimMappingSearchCriteria() { GuildId = guild.Id, IsDeleted = false })) { await ClaimMappingRepository.TryDeleteAsync(claimMappingId, DiscordClient.CurrentUser.Id); } }
/// <inheritdoc /> public async Task <IReadOnlyCollection <AuthorizationClaim> > GetGuildRoleClaimsAsync(IRole guildRole) { return((await ClaimMappingRepository.SearchBriefsAsync(new ClaimMappingSearchCriteria { RoleIds = new[] { guildRole.Id }, IsDeleted = false, Types = new[] { ClaimMappingType.Granted }, GuildId = guildRole.Guild.Id })) .Select(d => d.Claim) .ToList()); }
public ActionResult ClaimMappings() { var claimMappingsRepository = new ClaimMappingRepository(); var organization = ClaimHelper.GetCurrentUserClaim(Fabrikam.ClaimTypes.Organization).Value; var model = new ClaimMappingListViewModel { ClaimMappings = claimMappingsRepository.GetClaimMappingsByOrganization(organization), OutputRoles = claimMappingsRepository.GetAllRoles(), IncomingClaimType = new[] { ClaimTypes.Name, AllOrganizations.ClaimTypes.Group } }; return(this.View("ClaimMappings", model)); }
private static (ModixContext, ClaimMappingRepository) BuildTestContext() { var modixContext = TestDataContextFactory.BuildTestDataContext(x => { x.Users.AddRange(Users.Entities.Clone()); x.GuildUsers.AddRange(GuildUsers.Entities.Clone()); x.ClaimMappings.AddRange(ClaimMappings.Entities.Clone()); x.ConfigurationActions.AddRange(ConfigurationActions.Entities.Where(y => !(y.ClaimMappingId is null)).Clone()); }); var uut = new ClaimMappingRepository(modixContext); return(modixContext, uut); }
/// <inheritdoc /> public async Task RemoveClaimMapping(IRole role, ClaimMappingType type, AuthorizationClaim claim) { RequireAuthenticatedUser(); RequireClaims(AuthorizationClaim.AuthorizationConfigure); var mappingIds = (await ClaimMappingRepository.SearchIdsAsync(new ClaimMappingSearchCriteria() { Types = new[] { type }, GuildId = role.Guild.Id, RoleIds = new[] { role.Id }, Claims = new[] { claim }, IsDeleted = false, })); if (!mappingIds.Any()) { throw new InvalidOperationException($"A claim mapping of type {type} to claim {claim} for role {role.Name} does not exist"); } await ClaimMappingRepository.TryDeleteAsync(mappingIds.First(), CurrentUserId.Value); }
private bool ValidateClaimMapping(string incomingClaimType, string incomingValue, Role role, string organization, ClaimMappingRepository repository) { bool valid = true; if (string.IsNullOrEmpty(incomingClaimType)) { this.ViewData.ModelState.AddModelError("IncomingClaimType", @"The Incoming Claim Type field is required."); valid = false; } if (string.IsNullOrEmpty(incomingValue)) { this.ViewData.ModelState.AddModelError("IncomingValue", @"The Incoming Value field is required."); this.ModelState.SetModelValue("IncomingValue", new ValueProviderResult(this.ValueProvider.GetValue("IncomingValue") != null ? this.ValueProvider.GetValue("IncomingValue").AttemptedValue : string.Empty, string.Empty, CultureInfo.CurrentCulture)); valid = false; } if (role == null) { this.ViewData.ModelState.AddModelError("RoleRequired", @"The OutputRole field is required."); valid = false; } else { var existingMapping = repository.GetClaimMapping(incomingClaimType, incomingValue, role, organization); if (existingMapping != null) { this.ViewData.ModelState.AddModelError("DuplicatedMapping", @"A Claim Mapping already exists for this parameters."); valid = false; } } return(valid); }