// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors("AllowAllOrigins");
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseAuthentication();
app.UseMvc(routerBuilder =>
{
routerBuilder.EnableDependencyInjection();
routerBuilder.Expand().Select().Filter().Count().MaxTop(null).OrderBy();
routerBuilder.MapODataServiceRoute("odata", "odata", OdataHelper.GetEdmModel(app));
routerBuilder.MapODataServiceRoute("odata/exporttoexcel", "odata/exporttoexcel", OdataHelper.GetEdmModel(app));
});
}
/// <summary>
/// Filters deny assignments based on the passed options.
/// </summary>
/// <param name="options">The filtering options</param>
/// <param name="currentSubscription">The current subscription</param>
/// <returns>The filtered deny assignments</returns>
public List <PSDenyAssignment> FilterDenyAssignments(FilterDenyAssignmentsOptions options, string currentSubscription)
{
// Get a specified deny assignment by DenyAssignmentId
if (!string.IsNullOrEmpty(options.DenyAssignmentId) &&
(Guid.Empty != options.DenyAssignmentId.GetGuidFromId()))
{
var scope = !string.IsNullOrEmpty(options.Scope) ? options.Scope : AuthorizationHelper.GetScopeFromFullyQualifiedId(options.DenyAssignmentId) ?? AuthorizationHelper.GetSubscriptionScope(currentSubscription);
return(new List <PSDenyAssignment>
{
AuthorizationManagementClient.DenyAssignments.Get(scope, options.DenyAssignmentId.GuidFromFullyQualifiedId()).ToPSDenyAssignment(ActiveDirectoryClient)
});
}
// Filter deny assignments by given assumptions
string principalId = null;
PSADObject adObject = null;
ODataQuery <DenyAssignmentFilter> odataQuery = null;
if (!string.IsNullOrEmpty(options.DenyAssignmentName))
{
odataQuery = new ODataQuery <DenyAssignmentFilter>(item => item.DenyAssignmentName == options.DenyAssignmentName);
}
else if (options.ADObjectFilter.HasFilter)
{
if (string.IsNullOrEmpty(options.ADObjectFilter.Id))
{
adObject = ActiveDirectoryClient.GetADObject(options.ADObjectFilter);
if (adObject == null)
{
throw new KeyNotFoundException(ProjectResources.PrincipalNotFound);
}
}
// Filter first by principal
if (options.ExpandPrincipalGroups)
{
try
{
adObject = adObject ?? ActiveDirectoryClient.GetObjectByObjectId(options.ADObjectFilter.Id);
}
catch (Common.MSGraph.Version1_0.DirectoryObjects.Models.OdataErrorException oe) when(OdataHelper.IsAuthorizationDeniedException(oe))
{
throw new InvalidOperationException(ProjectResources.InSufficientGraphPermission);
}
if (!(adObject is PSADUser))
{
throw new InvalidOperationException(ProjectResources.ExpandGroupsNotSupported);
}
principalId = adObject.Id.ToString();
odataQuery = new ODataQuery <DenyAssignmentFilter>(f => f.AssignedTo(principalId));
}
else
{
principalId = string.IsNullOrEmpty(options.ADObjectFilter.Id) ? adObject.Id.ToString() : options.ADObjectFilter.Id;
odataQuery = new ODataQuery <DenyAssignmentFilter>(f => f.PrincipalId == principalId);
}
}
return(this.FilterDenyAssignmentsByScope(options, odataQuery, currentSubscription));
}
