public void ReadAndCreatePerformanceLevelDescriptors()
{
var resource = _securityContext.ResourceClaims.FirstOrDefault(x => x.ResourceName == "performanceLevelDescriptor");
if (resource == null)
{
return;
}
var claimSet = _securityContext.ClaimSets.FirstOrDefault(x => x.ClaimSetName == "Assessment Vendor");
if (claimSet == null)
{
return;
}
var createAction = _securityContext.Actions.Single(x => x.ActionName == "Create");
var readAction = _securityContext.Actions.Single(x => x.ActionName == "Read");
_securityContext.ClaimSetResourceClaims.AddRange(new[]
{
new ClaimSetResourceClaim {
Action = createAction, ClaimSet = claimSet, ResourceClaim = resource
},
new ClaimSetResourceClaim {
Action = readAction, ClaimSet = claimSet, ResourceClaim = resource
}
});
_securityContext.SaveChanges();
}
public int Execute(ICopyClaimSetModel claimSet)
{
var newClaimSet = new Security.DataAccess.Models.ClaimSet
{
ClaimSetName = claimSet.Name,
Application = _context.Applications.Single()
};
var originalResourceClaims =
_context.ClaimSetResourceClaims
.Where(x => x.ClaimSet.ClaimSetId == claimSet.OriginalId)
.Include(x => x.ResourceClaim)
.Include(x => x.Action)
.Include(x => x.AuthorizationStrategyOverride)
.ToList();
_context.ClaimSets.Add(newClaimSet);
foreach (var resourceClaim in originalResourceClaims)
{
var copyResourceClaim = new ClaimSetResourceClaim
{
ClaimSet = newClaimSet,
Action = resourceClaim.Action,
AuthorizationStrategyOverride = resourceClaim.AuthorizationStrategyOverride,
ResourceClaim = resourceClaim.ResourceClaim
};
_context.ClaimSetResourceClaims.Add(copyResourceClaim);
}
_context.SaveChanges();
return(newClaimSet.ClaimSetId);
}
public void Execute(IDeleteResourceOnClaimSetModel model)
{
var resourceClaimsToRemove = _context.ClaimSetResourceClaims.Where(x =>
x.ResourceClaim.ResourceClaimId == model.ResourceClaimId && x.ClaimSet.ClaimSetId == model.ClaimSetId).ToList();
_context.ClaimSetResourceClaims.RemoveRange(resourceClaimsToRemove);
_context.SaveChanges();
}
public int Execute(IEditClaimSetModel claimSet)
{
var existingClaimSet = _context.ClaimSets.Single(x => x.ClaimSetId == claimSet.ClaimSetId);
existingClaimSet.ClaimSetName = claimSet.ClaimSetName;
_context.SaveChanges();
return(existingClaimSet.ClaimSetId);
}
public void Execute(IDeleteClaimSetModel claimSet)
{
var claimSetToDelete = _context.ClaimSets.Single(x => x.ClaimSetId == claimSet.Id);
var resourceClaimsForClaimSetId =
_context.ClaimSetResourceClaims.Where(x => x.ClaimSet.ClaimSetId == claimSet.Id).ToList();
_context.ClaimSetResourceClaims.RemoveRange(resourceClaimsForClaimSetId);
_context.ClaimSets.Remove(claimSetToDelete);
_context.SaveChanges();
}
private void AddIdentitiesToRole(string[] identityNames, int roleId)
{
foreach (string identityName in identityNames)
{
if (!securityContext.EDWIdentities.Any(identity => identity.Name == identityName))
{
securityContext.EDWIdentities.Add(new EDWIdentity {
Name = identityName
});
}
}
securityContext.SaveChanges();
var roleToAdd = securityContext.EDWRoles.FirstOrDefault(role => role.Id == roleId);
if (roleToAdd == null)
{
throw new ArgumentException("Role not found.");
}
var targetIdentities = securityContext.EDWIdentities.Include(identity => identity.EDWIdentityRoles)
.Where(identity => identityNames.Contains(identity.Name) && !identity.EDWRoles.Any(role => role.Id == roleId))
.ToList();
foreach (var identity in targetIdentities)
{
if (identity.EDWIdentityRoles.Where(ir => ir.RoleID == roleId).Any())
{
continue;
}
EDWIdentityRole identityRoleMappingToAdd = new EDWIdentityRole
{
RoleID = roleId,
IdentityID = identity.Id
};
roleToAdd.EDWIdentityRoles.Add(identityRoleMappingToAdd);
}
securityContext.SaveChanges();
}
private void CreateEDWAdminRole(ISecurityContext securityContext, string roleName, string description)
{
if (!securityContext.EDWRoles.Where(p => p.Name == roleName).Any())
{
securityContext.EDWRoles.Add(new Persistence.SqlServer.EntityModels.EDW.EDWRole()
{
Name = roleName,
Description = description
});
securityContext.SaveChanges();
}
}
public int Execute(IAddClaimSetModel claimSet)
{
var newClaimSet = new Security.DataAccess.Models.ClaimSet
{
ClaimSetName = claimSet.ClaimSetName,
Application = _context.Applications.Single()
};
_context.ClaimSets.Add(newClaimSet);
_context.SaveChanges();
return(newClaimSet.ClaimSetId);
}
private Task AddUserToIdentityBASEAsync(ISecurityContext securityContext, UserApiModel user)
{
return(Task.Run(() =>
{
if (!securityContext.EDWIdentities.Where(p => p.Name == user.SubjectId).Any())
{
securityContext.EDWIdentities.Add(new Persistence.SqlServer.EntityModels.EDW.EDWIdentity()
{
Name = user.SubjectId
});
securityContext.SaveChanges();
}
}));
}
public void ApplyConfiguration(CloudOdsClaimSet configuration)
{
var claimSetExists = Queryable.Any(_securityContext.ClaimSets, cs => cs.ClaimSetName == configuration.ClaimSetName);
if (claimSetExists)
{
return;
}
var resourceTypes = configuration.Claims.Select(c => c.EntityName);
var actionNames = Enumerable.Distinct <string>(configuration.Claims.SelectMany(c => c.Actions).Select(x => x.ActionName));
var apiApplication = Queryable.Single(_securityContext.Applications, a => a.ApplicationName == configuration.ApplicationName);
var resourceClaims = _securityContext.ResourceClaims.Where(rc => Enumerable.Contains(resourceTypes, rc.ResourceName)).ToList();
var actions = _securityContext.Actions.Where(a => actionNames.Contains(a.ActionName)).ToList();
var claimSet = new ClaimSet
{
Application = apiApplication,
ClaimSetName = configuration.ClaimSetName
};
_securityContext.ClaimSets.Add(claimSet);
foreach (var requiredClaim in configuration.Claims)
{
var resourceClaim = resourceClaims.Single(rc => rc.ResourceName.Equals(requiredClaim.EntityName));
var authOverride = requiredClaim.AuthorizationStrategy != null
? Queryable.FirstOrDefault(_securityContext.AuthorizationStrategies, a =>
a.Application.ApplicationId == apiApplication.ApplicationId &&
a.AuthorizationStrategyName == requiredClaim.AuthorizationStrategy.StrategyName)
: null;
foreach (var claimSetResourceClaim in requiredClaim.Actions.Select(action =>
new ClaimSetResourceClaim
{
Action = actions.Single(a => a.ActionName == action.ActionName),
AuthorizationStrategyOverride = authOverride,
ClaimSet = claimSet,
ResourceClaim = resourceClaim
}))
{
_securityContext.ClaimSetResourceClaims.Add(claimSetResourceClaim);
}
}
_securityContext.SaveChanges();
}
public void Execute(IResetToDefaultAuthStrategyModel model)
{
var claimSetResourceClaimsToEdit = _context.ClaimSetResourceClaims
.Include(x => x.ResourceClaim)
.Include(x => x.Action)
.Include(x => x.ClaimSet)
.Include(x => x.AuthorizationStrategyOverride)
.Where(x => x.ResourceClaim.ResourceClaimId == model.ResourceClaimId && x.ClaimSet.ClaimSetId == model.ClaimSetId)
.ToList();
foreach (var claimSetResourceClaim in claimSetResourceClaimsToEdit)
{
claimSetResourceClaim.AuthorizationStrategyOverride = null;
}
_context.SaveChanges();
}
public void Execute(IEditResourceOnClaimSetModel model)
{
var resourceClaimToEdit = model.ResourceClaim;
var claimSetToEdit = _context.ClaimSets.Single(x => x.ClaimSetId == model.ClaimSetId);
var claimSetResourceClaimsToEdit = _context.ClaimSetResourceClaims
.Include(x => x.ResourceClaim)
.Include(x => x.Action)
.Include(x => x.ClaimSet)
.Where(x => x.ResourceClaim.ResourceClaimId == resourceClaimToEdit.Id && x.ClaimSet.ClaimSetId == claimSetToEdit.ClaimSetId)
.ToList();
AddEnabledActionsToClaimSet(resourceClaimToEdit, claimSetResourceClaimsToEdit, claimSetToEdit);
RemoveDisabledActionsFromClaimSet(resourceClaimToEdit, claimSetResourceClaimsToEdit);
_context.SaveChanges();
}
public void Execute(IOverrideDefaultAuthorizationStrategyModel model)
{
var claimSetResourceClaimsToEdit = _context.ClaimSetResourceClaims
.Include(x => x.ResourceClaim)
.Include(x => x.Action)
.Include(x => x.ClaimSet)
.Include(x => x.AuthorizationStrategyOverride)
.Where(x => x.ResourceClaim.ResourceClaimId == model.ResourceClaimId && x.ClaimSet.ClaimSetId == model.ClaimSetId)
.ToList();
var parentResourceClaimId = _context.ResourceClaims
.Single(x => x.ResourceClaimId == model.ResourceClaimId).ParentResourceClaimId;
var parentResourceClaims = new List <ClaimSetResourceClaim>();
if (parentResourceClaimId != null)
{
parentResourceClaims = _context.ClaimSetResourceClaims
.Include(x => x.ResourceClaim)
.Include(x => x.Action)
.Include(x => x.ClaimSet)
.Include(x => x.AuthorizationStrategyOverride)
.Where(x => x.ResourceClaim.ResourceClaimId == parentResourceClaimId && x.ClaimSet.ClaimSetId == model.ClaimSetId)
.ToList();
}
var authorizationStrategiesDictionary = new Dictionary <int, Security.DataAccess.Models.AuthorizationStrategy>();
foreach (var authStrategy in _context.AuthorizationStrategies.ToList())
{
authorizationStrategiesDictionary[authStrategy.AuthorizationStrategyId] = authStrategy;
}
claimSetResourceClaimsToEdit = RemoveOverrides(model, claimSetResourceClaimsToEdit);
AddOverrides(model, claimSetResourceClaimsToEdit, authorizationStrategiesDictionary, parentResourceClaims);
_context.SaveChanges();
}
