public Task <IList <Permission> > GetPermissionsAsync(int userId, PermissionMode permissionMode = PermissionMode.All)
{
return((Repository as IPermissionRepository).GetPermissionsAsync(userId, permissionMode));
}
public IFakeCommandAttribute BuildCreateFakeCommandByRouting <T>(PermissionMode permission, T target,
IRoutingAttribute routing,
IObjectAttribute objectAttribute,
PropertyInfo[] properties)
where T : IAlbianObject
{
if (null == routing)
{
throw new ArgumentNullException("routing");
}
if (null == properties || 0 == properties.Length)
{
throw new ArgumentNullException("properties");
}
if (null == objectAttribute)
{
throw new ArgumentNullException("objectAttribute");
}
if (0 == (permission & routing.Permission))
{
if (null != Logger)
{
Logger.WarnFormat("The routing permission {0} is no enough.", permission);
}
return(null);
}
//create the connection string
IStorageAttribute storageAttr = (IStorageAttribute)StorageCache.Get(routing.StorageName);
if (null == storageAttr)
{
if (null != Logger)
{
Logger.WarnFormat(
"No {0} rounting mapping storage attribute in the sotrage cache.Use default storage.",
routing.Name);
}
storageAttr = (IStorageAttribute)StorageCache.Get(StorageParser.DefaultStorageName);
}
if (!storageAttr.IsHealth)
{
if (null != Logger)
{
Logger.WarnFormat("Routing:{0},Storage:{1} is not health.", routing.Name, storageAttr.Name);
}
return(null);
}
var sbInsert = new StringBuilder();
var sbCols = new StringBuilder();
var sbValues = new StringBuilder();
IList <DbParameter> paras = new List <DbParameter>();
//create the hash table name
string tableFullName = Utils.GetTableFullName(routing, target);
//build the command text
IDictionary <string, IMemberAttribute> members = objectAttribute.MemberAttributes;
foreach (PropertyInfo property in properties)
{
object value = property.GetValue(target, null);
if (null == value)
{
continue;
}
IMemberAttribute member = members[property.Name];
if (!member.IsSave)
{
continue;
}
sbCols.AppendFormat("{0},", member.FieldName);
string paraName = DatabaseFactory.GetParameterName(storageAttr.DatabaseStyle, member.FieldName);
sbValues.AppendFormat("{0},", paraName);
paras.Add(DatabaseFactory.GetDbParameter(storageAttr.DatabaseStyle, paraName, member.DBType, value,
member.Length));
}
int colsLen = sbCols.Length;
if (0 < colsLen)
{
sbCols.Remove(colsLen - 1, 1);
}
int valLen = sbValues.Length;
if (0 < valLen)
{
sbValues.Remove(valLen - 1, 1);
}
sbInsert.AppendFormat("INSERT INTO {0} ({1}) VALUES({2}) ", tableFullName, sbCols, sbValues);
IFakeCommandAttribute fakeCmd = new FakeCommandAttribute
{
CommandText = sbInsert.ToString(),
Paras = ((List <DbParameter>)paras).ToArray(),
StorageName = routing.StorageName
};
return(fakeCmd);
}
public IList <Permission> GetPermissions(int userId, PermissionMode permissionMode = PermissionMode.All)
{
return((Repository as IPermissionRepository).GetPermissions(userId, permissionMode));
}
private static async Task<Permission> CreatePermissionAsync(string resourceLink, string userLink, PermissionMode mode)
{
Permission permission = new Permission
{
Id = Guid.NewGuid().ToString("N"),
PermissionMode = mode,
ResourceLink = resourceLink
};
return (Permission)await client.CreatePermissionAsync(userLink, permission);
}
/// <summary>默认构造</summary>
/// <param name="Mode">认证模式</param>
public AuthorizeFilterAttribute(PermissionMode Mode)
{
_customMode = Mode;
}
private static async Task <PermissionToken> GetPermissionToken(string userId, CosmosDBRepository repo, PermissionMode permissionMode)
{
string permissionDocumentId = $"{userId}_{COLLECTION}Collection_PermissionId";
PermissionToken permissionToken = null;
permissionToken = await GetPermissionAsync(userId, repo, permissionDocumentId, PermissionMode.All);
return(permissionToken);
}
private async static Task <Permission> CreatePermission(DocumentClient client, User user, string permId, PermissionMode permissionMode, string resourceLink)
{
Console.WriteLine();
Console.WriteLine($">>> Create Permission {permId} for {user.Id} <<<");
var permDefinition = new Permission {
Id = permId, PermissionMode = permissionMode, ResourceLink = resourceLink
};
var result = await client.CreatePermissionAsync(user.SelfLink, permDefinition);
var perm = result.Resource;
Console.WriteLine("Created new permission");
ViewPermission(perm);
return(perm);
}
/// <summary>
/// Creates a permission with an access token for the specified user and the specified collection
/// </summary>
public async Task <Permission> CreateUserPermission(User user, DocumentCollection collection, PermissionMode permission)
{
var permissionId = permission + collection.Id;
// The permission may already exists on database, try to find it
var collectionPermission =
Client.CreatePermissionQuery("/dbs/" + Database.ResourceId + "/users/" + user.ResourceId + "/permissions")
.AsEnumerable()
.FirstOrDefault(u => u.Id == permissionId);
// If permission not found, create a new one
if (collectionPermission == null)
{
collectionPermission = new Permission {
PermissionMode = permission, ResourceLink = collection.SelfLink, Id = permissionId
};
}
return(await Client.CreatePermissionAsync(user.SelfLink, collectionPermission));
}
private static async Task <Permission> CreatePermission(IDocumentClient client, User user, string permId, PermissionMode permissionMode, string resourceLink)
{
Console.WriteLine($">>> Create Permission {permId} for {user.Id} <<<");
Permission permissionDefinition = new Permission {
Id = permId, PermissionMode = permissionMode, ResourceLink = resourceLink
};
ResourceResponse <Permission> result = await client.CreatePermissionAsync(user.SelfLink, permissionDefinition);
Permission permission = result.Resource;
Console.WriteLine("Created new permission");
PrintPermission(permission);
return(permission);
}
static string GetUserPermissionId(string databaseId, string userId, PermissionMode permissionMode) => $"{databaseId}-{userId}-{permissionMode.ToString().ToUpper()}";
private static async Task<Permission> CreatePermissionAsync(string resourceLink, string userLink, PermissionMode mode, string resourcePartitionKey = null)
{
Permission permission = new Permission
{
Id = Guid.NewGuid().ToString("N"),
PermissionMode = mode,
ResourceLink = resourceLink
};
if (resourcePartitionKey != null)
{
permission.ResourcePartitionKey = new PartitionKey(resourcePartitionKey);
}
ResourceResponse<Permission> response = await DocumentClientHelper.ExecuteWithRetries<ResourceResponse<Permission>>(
client,
() => client.CreatePermissionAsync(userLink, permission));
return response.Resource;
}
public static async Task <Permission> GetOrCreatePermission(this DocumentClient client, string databaseId, string collectionId, string resourceLink, string userId, PermissionMode permissionMode, int durationInSeconds, TraceWriter log)
{
var permissionId = string.Empty;
try
{
Database database = null;
DocumentCollection documentCollection = null;
if (!string.IsNullOrEmpty(collectionId))
{
await client.EnsureCollection(databaseId, collectionId, log);
log?.Info($" ... getting collection ({collectionId}) in database ({databaseId})");
var collectionResponse = await client.ReadDocumentCollectionAsync(UriFactory.CreateDocumentCollectionUri(databaseId, collectionId));
documentCollection = collectionResponse?.Resource ?? throw new Exception($"Could not find Document Collection in Database {databaseId} with CollectionId: {collectionId}");
}
else if (!string.IsNullOrEmpty(databaseId))
{
await client.EnsureDatabase(databaseId, log);
log?.Info($" ... collectionId == null, getting database ({databaseId})");
var databaseResponse = await client.ReadDatabaseAsync(UriFactory.CreateDatabaseUri(databaseId));
database = databaseResponse?.Resource ?? throw new Exception($"Could not find Database {databaseId}");
}
else
{
throw new Exception($"databaseId and collectionId must be provided");
}
var link = resourceLink ?? documentCollection?.SelfLink; //?? throw new Exception($"Could not get selfLink for Document Collection in Database {databaseId} with CollectionId: {collectionId}");
var userTup = await client.GetOrCreateUser(databaseId, userId, log);
var user = userTup.user;
Permission permission;
permissionId = GetUserPermissionId(databaseId, collectionId, user.Id, permissionMode);
// if the user was newly created, go ahead and create the permission
if (userTup.created && !string.IsNullOrEmpty(user?.Id))
{
permission = await client.CreateNewPermission(databaseId, link, user, permissionId, permissionMode, durationInSeconds, log);
}
else // else look for an existing permission with the id
{
var permissionUri = UriFactory.CreatePermissionUri(databaseId, user.Id, permissionId);
try
{
log?.Info($" ... getting permission ({permissionId}) at uri: {permissionUri}");
var permissionResponse = await client.ReadPermissionAsync(permissionUri, PermissionRequestOptions(durationInSeconds));
permission = permissionResponse?.Resource;
if (permission != null)
{
log?.Info($" ... found existing permission ({permission.Id})");
}
}
catch (DocumentClientException dcx)
{
dcx.Print(log);
switch (dcx.StatusCode)
{
case HttpStatusCode.NotFound:
log?.Info($" ... could not find permission ({permissionId}) at uri: {permissionUri} - creating...");
permission = await client.CreateNewPermission(databaseId, link, user, permissionId, permissionMode, durationInSeconds, log);
break;
default: throw;
}
}
}
return(permission);
}
catch (Exception ex)
{
var resourceComponent = string.IsNullOrEmpty(resourceLink) ? "" : $" Resource: {resourceLink} ";
log?.Error($"Error creating new new {permissionMode.ToString().ToUpper()} Permission [Database: {databaseId} Collection: {collectionId}{resourceComponent} User: {userId} Permission: {permissionId}", ex);
throw;
}
}
static string GetUserPermissionId(string databaseId, string collectionId, string userId, PermissionMode permissionMode)
{
return(string.IsNullOrEmpty(collectionId) ? GetUserPermissionId(databaseId, userId, permissionMode) : $"{databaseId}-{collectionId}-{userId}-{permissionMode.ToString().ToUpper()}");
}
static async Task <Permission> CreateNewPermission(this DocumentClient client, string databaseId, string resourceLink, User user, string permissionId, PermissionMode permissionMode, int durationInSeconds, TraceWriter log)
{
log?.Info($" ... creating new permission ({permissionId}) for resource at ({resourceLink})");
var newPermission = new Permission {
Id = permissionId, PermissionMode = permissionMode
};
if (!string.IsNullOrEmpty(resourceLink))
{
newPermission.ResourceLink = resourceLink;
}
try
{
var permissionResponse = await client.CreatePermissionAsync(user.SelfLink, newPermission, PermissionRequestOptions(durationInSeconds));
var permission = permissionResponse?.Resource;
if (permission != null)
{
log?.Info($" ... created new permission ({permission.Id})");
}
return(permission);
}
catch (DocumentClientException dcx)
{
dcx.Print(log);
switch (dcx.StatusCode)
{
case HttpStatusCode.Conflict:
// check for an existing permission with a different permissionMode
var oldPermissionId = permissionId.Replace(permissionMode.ToString().ToUpper(), permissionMode == PermissionMode.All ? PermissionMode.Read.ToString().ToUpper() : PermissionMode.All.ToString().ToUpper());
log?.Info($" ... deleting old permission ({oldPermissionId})");
await client.DeletePermissionAsync(UriFactory.CreatePermissionUri(databaseId, user.Id, oldPermissionId));
log?.Info($" ... creating new permission ({permissionId}) for resource at ({resourceLink})");
var permissionResponse = await client.CreatePermissionAsync(user.SelfLink, newPermission, PermissionRequestOptions(durationInSeconds));
var permission = permissionResponse?.Resource;
if (permission != null)
{
log?.Info($" ... created new permission ({permission.Id})");
}
return(permission);
default: throw;
}
}
catch (Exception ex)
{
log?.Error($"Error creating new Permission with Id: {permissionId} for resource at: {resourceLink}", ex);
throw;
}
}
private static async Task <Permission> CreatePermissionAsync(string resourceLink, string userLink, PermissionMode mode, string resourcePartitionKey = null)
{
Permission permission = new Permission
{
Id = Guid.NewGuid().ToString("N"),
PermissionMode = mode,
ResourceLink = resourceLink
};
if (resourcePartitionKey != null)
{
permission.ResourcePartitionKey = new PartitionKey(resourcePartitionKey);
}
ResourceResponse <Permission> response = await DocumentClientHelperEx.ExecuteWithRetries <ResourceResponse <Permission> >(
client,
() => client.CreatePermissionAsync(userLink, permission));
return(response.Resource);
}
internal ApiPermissionBinding(PermissionMode mode, IEnumerable <string> requiredPermissions)
{
this.Mode = mode;
this.RequiredPermissions = requiredPermissions;
}
/// <summary>默认构造</summary>
/// <param name="Mode">认证模式</param>
public HandlerAuthorizeAttribute(PermissionMode Mode)
{
_customMode = Mode;
}
internal ApiPermissionValueProvider(PermissionMode mode, IEnumerable <string> requiredPermissions, string accessToken)
{
this.Mode = mode;
this.RequiredPermissions = requiredPermissions;
this.AccessToken = accessToken;
}
private static async Task <PermissionToken> GetPermissionAsync(string userId, CosmosDBRepository repo, string permissionId, PermissionMode permissionMode = PermissionMode.Read)
{
Permission permission = null;
User user = await CreateUserIfNotExistAsync(userId, repo);
string userStr = userId;
string[] userArr = userStr.Split('@');
userStr = userArr[0];
try
{
permission = await repo.GetPermissionAsync(user, permissionId, new RequestOptions { ResourceTokenExpirySeconds = (int)TOKEN_EXPIRY.TotalSeconds });
// System.Diagnostics.Debug.WriteLine($"Retreived Existing Permission. {permission.Id}");
}
catch (DocumentClientException e)
{
if (e.StatusCode == System.Net.HttpStatusCode.NotFound)
{
DocumentCollection collection = await repo.GetDocumentCollectionAsync();
permission = new Permission
{
PermissionMode = permissionMode,
ResourceLink = collection.SelfLink,
// Permission restricts access to this partition key
ResourcePartitionKey = new PartitionKey(userStr),
// Unique per user
Id = permissionId
};
try
{
permission = await repo.UpsertPermissionAsync(user, permission, new RequestOptions { ResourceTokenExpirySeconds = (int)TOKEN_EXPIRY.TotalSeconds });
}
catch (Exception ex)
{
throw ex;
}
}
else
{
throw e;
}
}
var expires = DateTimeOffset.Now.Add(TOKEN_EXPIRY).ToUnixTimeSeconds();
return(new PermissionToken()
{
Token = permission.Token,
Expires = expires,
UserId = userId
});
}
public PermissionGatewayAttribute(PermissionMode mode, params string[] permissions)
{
this.Mode = mode;
this.Permissions = permissions ?? new string[0];
}
/// <summary>默认构造</summary>
/// <param name="Mode">权限认证模式</param>
public ManagerPermissionAttribute(PermissionMode Mode)
{
_CustomMode = Mode;
}
/// <summary>默认构造</summary>
/// <param name="Mode">权限认证模式</param>
public ManagerPermissionAttribute(PermissionMode Mode)
{
_customMode = Mode;
}
/// <summary>
/// Creates a permission with an access token for the specified user and the specified collection
/// </summary>
public async Task<Permission> CreateUserPermission(User user, DocumentCollection collection, PermissionMode permission)
{
var permissionId = permission + collection.Id;
// The permission may already exists on database, try to find it
var collectionPermission =
Client.CreatePermissionQuery("/dbs/" + Database.ResourceId + "/users/" + user.ResourceId + "/permissions")
.AsEnumerable()
.FirstOrDefault(u => u.Id == permissionId);
// If permission not found, create a new one
if (collectionPermission == null)
{
collectionPermission = new Permission { PermissionMode = permission, ResourceLink = collection.SelfLink, Id = permissionId };
}
return await Client.CreatePermissionAsync(user.SelfLink, collectionPermission);
}
/// <summary>
/// Serialize the object
/// </summary>
/// <returns>
/// Returns the json model for the type Permission
/// </returns>
public virtual JToken SerializeJson(JToken outputObject)
{
if (outputObject == null)
{
outputObject = new JObject();
}
if (Id == null)
{
throw new ArgumentNullException(nameof(Id));
}
var mode = PermissionMode as ILazyCollection;
if (mode != null && !mode.IsInitialized || PermissionMode == null)
{
throw new ArgumentNullException(nameof(PermissionMode));
}
if (Resource == null)
{
throw new ArgumentNullException(nameof(Resource));
}
if (Etag != null)
{
outputObject["_etag"] = Etag;
}
if (Rid != null)
{
outputObject["_rid"] = Rid;
}
if (Self != null)
{
outputObject["_self"] = Self;
}
if (Token != null)
{
outputObject["_token"] = Token;
}
if (Ts != null)
{
outputObject["_ts"] = Ts;
}
if (Id != null)
{
outputObject["id"] = Id;
}
if (PermissionMode != null)
{
var collection = PermissionMode as ILazyCollection;
if (collection != null == false ||
((ILazyCollection)PermissionMode).IsInitialized)
{
var permissionModeSequence = new JArray();
outputObject["permissionMode"] = permissionModeSequence;
foreach (var permissionModeItem in PermissionMode.Where(permissionModeItem => permissionModeItem != null))
{
permissionModeSequence.Add(permissionModeItem);
}
}
}
if (Resource != null)
{
outputObject["resource"] = Resource;
}
return(outputObject);
}
