// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (env.IsDevelopment()) { app.UseDeveloperExceptionPage(); } app.UseCors("AllowAllOrigins"); app.UseHttpsRedirection(); app.UseStaticFiles(); app.UseAuthentication(); app.UseMvc(routerBuilder => { routerBuilder.EnableDependencyInjection(); routerBuilder.Expand().Select().Filter().Count().MaxTop(null).OrderBy(); routerBuilder.MapODataServiceRoute("odata", "odata", OdataHelper.GetEdmModel(app)); routerBuilder.MapODataServiceRoute("odata/exporttoexcel", "odata/exporttoexcel", OdataHelper.GetEdmModel(app)); }); }
/// <summary> /// Filters deny assignments based on the passed options. /// </summary> /// <param name="options">The filtering options</param> /// <param name="currentSubscription">The current subscription</param> /// <returns>The filtered deny assignments</returns> public List <PSDenyAssignment> FilterDenyAssignments(FilterDenyAssignmentsOptions options, string currentSubscription) { // Get a specified deny assignment by DenyAssignmentId if (!string.IsNullOrEmpty(options.DenyAssignmentId) && (Guid.Empty != options.DenyAssignmentId.GetGuidFromId())) { var scope = !string.IsNullOrEmpty(options.Scope) ? options.Scope : AuthorizationHelper.GetScopeFromFullyQualifiedId(options.DenyAssignmentId) ?? AuthorizationHelper.GetSubscriptionScope(currentSubscription); return(new List <PSDenyAssignment> { AuthorizationManagementClient.DenyAssignments.Get(scope, options.DenyAssignmentId.GuidFromFullyQualifiedId()).ToPSDenyAssignment(ActiveDirectoryClient) }); } // Filter deny assignments by given assumptions string principalId = null; PSADObject adObject = null; ODataQuery <DenyAssignmentFilter> odataQuery = null; if (!string.IsNullOrEmpty(options.DenyAssignmentName)) { odataQuery = new ODataQuery <DenyAssignmentFilter>(item => item.DenyAssignmentName == options.DenyAssignmentName); } else if (options.ADObjectFilter.HasFilter) { if (string.IsNullOrEmpty(options.ADObjectFilter.Id)) { adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter); if (adObject == null) { throw new KeyNotFoundException(ProjectResources.PrincipalNotFound); } } // Filter first by principal if (options.ExpandPrincipalGroups) { try { adObject = adObject ?? ActiveDirectoryClient.GetObjectByObjectId(options.ADObjectFilter.Id); } catch (Common.MSGraph.Version1_0.DirectoryObjects.Models.OdataErrorException oe) when(OdataHelper.IsAuthorizationDeniedException(oe)) { throw new InvalidOperationException(ProjectResources.InSufficientGraphPermission); } if (!(adObject is PSADUser)) { throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported); } principalId = adObject.Id.ToString(); odataQuery = new ODataQuery <DenyAssignmentFilter>(f => f.AssignedTo(principalId)); } else { principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id.ToString() : options.ADObjectFilter.Id; odataQuery = new ODataQuery <DenyAssignmentFilter>(f => f.PrincipalId == principalId); } } return(this.FilterDenyAssignmentsByScope(options, odataQuery, currentSubscription)); }