/// <summary> /// Gets all projects for which the current user has access to. Can include archived projects. Can skip decryption. /// </summary> /// <returns>A list of Project objects</returns> public async Task <List <Project> > GetProjects(bool skipDecryption = false, bool includeArchived = false) { // Get user to validate access var currentUser = await _applicationIdentityService.GetCurrentUser(); if (currentUser == null) { throw new Exception("Unauthorised requests are not allowed."); } if (await _applicationIdentityService.IsCurrentUserAdmin()) { return(await GetProjectsForAdmin(skipDecryption)); } // Get projects with access // TODO: attempt to make this in 1 query var projects = new List <Project>(); if (includeArchived) // filter out archived { projects = await _dbContext.Projects .Include(p => p.AccessIdentifiers) .ToListAsync(); } else { projects = await _dbContext.Projects .Where(p => p.IsArchived == false) .Include(p => p.AccessIdentifiers) .ToListAsync(); } // filter our those without access for the current user var projectsWithAccess = projects.Where(p => p.AccessIdentifiers.Any(ai => ai.Identity != null && ai.Identity.Id == currentUser.Id)) .ToList(); if (projectsWithAccess == null) { return(null); } foreach (var project in projectsWithAccess) { project.IsDecrypted = false; } if (skipDecryption == false) // double false... { foreach (var project in projectsWithAccess) { project.IsDecrypted = false; DecryptProject(project); } } return(projectsWithAccess.ToList()); }
public async Task <IActionResult> Index() { if (await _applicationIdentityService.IsCurrentUserAdmin() == false) { return(Unauthorized()); } return(View()); }
/// <summary> /// Sets an Assets archive status to true in the DB. /// </summary> /// <param name="projectId">The project Id of the project owning the Asset</param> /// <param name="assetId">The Asset Id of the asset to archive</param> /// <returns>A Task result</returns> public async Task ArchiveAssetAsync(int projectId, int assetId, string remoteIpAddress) { // Validate if (string.IsNullOrWhiteSpace(remoteIpAddress)) { throw new ArgumentException("You must provide a valid IP address."); } if (projectId < 1) { throw new ArgumentException("You must pass a valid project id."); } if (assetId < 1) { throw new ArgumentException("You must pass a valid asset id."); } // Validate current user var currentUser = await _applicationIdentityService.GetCurrentUser(); if (currentUser == null) { throw new Exception("Unauthorised requests are not allowed."); } Asset retrievedAsset; if (await _applicationIdentityService.IsCurrentUserAdmin()) { // Get Asset from DB with a permission and project check retrievedAsset = await _dbContext.Assets.Where(a => a.Id == assetId && a.IsArchived == false && a.Project.Id == projectId) .Include(p => p.Project.AccessIdentifiers) .ThenInclude(p => p.Identity) // NOTE: intellisense doesn't work here (23.09.2017) https://github.com/dotnet/roslyn/issues/8237 .FirstOrDefaultAsync(); } else { // Get Asset from DB with a permission and project check retrievedAsset = await _dbContext.Assets.Where(a => a.Id == assetId && a.IsArchived == false && a.Project.Id == projectId && a.Project.AccessIdentifiers.Any(ai => ai.Identity.Id == currentUser.Id)) .Include(p => p.Project.AccessIdentifiers) .ThenInclude(p => p.Identity) // NOTE: intellisense doesn't work here (23.09.2017) https://github.com/dotnet/roslyn/issues/8237 .FirstOrDefaultAsync(); } retrievedAsset.IsDecrypted = false; if (retrievedAsset == null) { throw new Exception("The asset was not found or the current user does not have access to it."); } // Refresh the entity to discard changes and avoid saving a decrypted project //_dbContext.Entry(retrievedAsset).State = EntityState.Unchanged; _dbContext.Entry(retrievedAsset.Project).State = EntityState.Unchanged; retrievedAsset.Project.IsProjectTitleDecrypted = false; retrievedAsset.IsArchived = true; // Set modified time/user retrievedAsset.Modified = DateTime.UtcNow; retrievedAsset.ModifiedBy = currentUser; var updatedRowCount = await _dbContext.SaveChangesAsync(); if (updatedRowCount > 1) { // we have a problem } // decrypt before logging // TODO: try-catch DecryptAsset(retrievedAsset); DecryptProjectTitle(retrievedAsset); // LOG event await _eventService.LogArchiveAssetEventAsync( projectId, retrievedAsset.Project.Title, remoteIpAddress, currentUser.Id, currentUser.Upn, assetId, retrievedAsset.Title, retrievedAsset.GetType() == typeof(Credential)?(retrievedAsset as Credential).Login : string.Empty ); }
/// <summary> /// Check if the current user is a SystemAdministrator /// </summary> /// <returns>True if the current user is a SystemAdministrator.</returns> private async Task <bool> ValidateSystemAdministrator() { return(await _applicationIdentityService.IsCurrentUserAdmin()); }