/// <summary>
/// Gets all projects for which the current user has access to. Can include archived projects. Can skip decryption.
/// </summary>
/// <returns>A list of Project objects</returns>
public async Task <List <Project> > GetProjects(bool skipDecryption = false, bool includeArchived = false)
{
// Get user to validate access
var currentUser = await _applicationIdentityService.GetCurrentUser();
if (currentUser == null)
{
throw new Exception("Unauthorised requests are not allowed.");
}
if (await _applicationIdentityService.IsCurrentUserAdmin())
{
return(await GetProjectsForAdmin(skipDecryption));
}
// Get projects with access
// TODO: attempt to make this in 1 query
var projects = new List <Project>();
if (includeArchived) // filter out archived
{
projects = await _dbContext.Projects
.Include(p => p.AccessIdentifiers)
.ToListAsync();
}
else
{
projects = await _dbContext.Projects
.Where(p => p.IsArchived == false)
.Include(p => p.AccessIdentifiers)
.ToListAsync();
}
// filter our those without access for the current user
var projectsWithAccess = projects.Where(p =>
p.AccessIdentifiers.Any(ai => ai.Identity != null && ai.Identity.Id == currentUser.Id))
.ToList();
if (projectsWithAccess == null)
{
return(null);
}
foreach (var project in projectsWithAccess)
{
project.IsDecrypted = false;
}
if (skipDecryption == false) // double false...
{
foreach (var project in projectsWithAccess)
{
project.IsDecrypted = false;
DecryptProject(project);
}
}
return(projectsWithAccess.ToList());
}
public async Task <IActionResult> Index()
{
if (await _applicationIdentityService.IsCurrentUserAdmin() == false)
{
return(Unauthorized());
}
return(View());
}
/// <summary>
/// Sets an Assets archive status to true in the DB.
/// </summary>
/// <param name="projectId">The project Id of the project owning the Asset</param>
/// <param name="assetId">The Asset Id of the asset to archive</param>
/// <returns>A Task result</returns>
public async Task ArchiveAssetAsync(int projectId, int assetId, string remoteIpAddress)
{
// Validate
if (string.IsNullOrWhiteSpace(remoteIpAddress))
{
throw new ArgumentException("You must provide a valid IP address.");
}
if (projectId < 1)
{
throw new ArgumentException("You must pass a valid project id.");
}
if (assetId < 1)
{
throw new ArgumentException("You must pass a valid asset id.");
}
// Validate current user
var currentUser = await _applicationIdentityService.GetCurrentUser();
if (currentUser == null)
{
throw new Exception("Unauthorised requests are not allowed.");
}
Asset retrievedAsset;
if (await _applicationIdentityService.IsCurrentUserAdmin())
{
// Get Asset from DB with a permission and project check
retrievedAsset = await _dbContext.Assets.Where(a =>
a.Id == assetId &&
a.IsArchived == false &&
a.Project.Id == projectId)
.Include(p => p.Project.AccessIdentifiers)
.ThenInclude(p => p.Identity) // NOTE: intellisense doesn't work here (23.09.2017) https://github.com/dotnet/roslyn/issues/8237
.FirstOrDefaultAsync();
}
else
{
// Get Asset from DB with a permission and project check
retrievedAsset = await _dbContext.Assets.Where(a =>
a.Id == assetId &&
a.IsArchived == false &&
a.Project.Id == projectId &&
a.Project.AccessIdentifiers.Any(ai => ai.Identity.Id == currentUser.Id))
.Include(p => p.Project.AccessIdentifiers)
.ThenInclude(p => p.Identity) // NOTE: intellisense doesn't work here (23.09.2017) https://github.com/dotnet/roslyn/issues/8237
.FirstOrDefaultAsync();
}
retrievedAsset.IsDecrypted = false;
if (retrievedAsset == null)
{
throw new Exception("The asset was not found or the current user does not have access to it.");
}
// Refresh the entity to discard changes and avoid saving a decrypted project
//_dbContext.Entry(retrievedAsset).State = EntityState.Unchanged;
_dbContext.Entry(retrievedAsset.Project).State = EntityState.Unchanged;
retrievedAsset.Project.IsProjectTitleDecrypted = false;
retrievedAsset.IsArchived = true;
// Set modified time/user
retrievedAsset.Modified = DateTime.UtcNow;
retrievedAsset.ModifiedBy = currentUser;
var updatedRowCount = await _dbContext.SaveChangesAsync();
if (updatedRowCount > 1)
{
// we have a problem
}
// decrypt before logging
// TODO: try-catch
DecryptAsset(retrievedAsset);
DecryptProjectTitle(retrievedAsset);
// LOG event
await _eventService.LogArchiveAssetEventAsync(
projectId,
retrievedAsset.Project.Title,
remoteIpAddress,
currentUser.Id,
currentUser.Upn,
assetId,
retrievedAsset.Title,
retrievedAsset.GetType() == typeof(Credential)?(retrievedAsset as Credential).Login : string.Empty
);
}
/// <summary>
/// Check if the current user is a SystemAdministrator
/// </summary>
/// <returns>True if the current user is a SystemAdministrator.</returns>
private async Task <bool> ValidateSystemAdministrator()
{
return(await _applicationIdentityService.IsCurrentUserAdmin());
}
