private ResponseCode _handleGet(HttpListenerRequest req, HttpListenerResponse resp, string accesslog, string origin) { if (req.QueryString.Count > 0) { string host = req.QueryString["h"]; if (host == null || string.IsNullOrEmpty(host.Trim())) { return(ResponseCode.NotFound); } string form = "<form method=post onsubmit=\"result = 'submit'\"><h2>Do you want to allow {0} to print?</h2><input type=hidden name=\"host\" value=\"{0}\" /><input type=hidden name=\"status\" value=\"allow\" /><button >Allow</button><button type=button onclick=\"result = 'blocked'; window.close()\">Block</button></form>"; form = string.Format(form, host); string html = "<html><body>"; html += "<script>var result = 'closed'; window.addEventListener('beforeunload', (event) => { if (result !== 'submit') window.opener.postMessage(result, '" + host + "'); });</script>"; html += form; html += "</body></html>"; ServerConfig.appendLog(accesslog); server.responseHTML(resp, html); } else { PermissionResponse json = new PermissionResponse(); json.allowed = server.config.isAllowed(origin); ServerConfig.appendLog(accesslog); server.responseJSON(resp, json); } return(ResponseCode.OK); }
/// <summary> /// Sets the permissions. /// </summary> /// <param name="request">The request.</param> /// <returns></returns> public PermissionResponse SetPermissions(PermissionRequest request) { var response = new PermissionResponse(); var permissionEntity = request.Permission; if (request.Action != PersistType.Delete) { if (!permissionEntity.Validate()) { foreach (var error in permissionEntity.ValidationErrors) { response.Message += error + Environment.NewLine; } response.Acknowledge = AcknowledgeType.Failure; return(response); } } try { if (request.Action == PersistType.Insert) { permissionEntity.PermissionId = PermissionDao.InsertPermission(permissionEntity); if (permissionEntity.PermissionId == 0) { response.Acknowledge = AcknowledgeType.Failure; return(response); } } else if (request.Action == PersistType.Update) { response.Message = PermissionDao.UpdatePermission(permissionEntity); if (response.Message != null) { response.Acknowledge = AcknowledgeType.Failure; return(response); } } else { var permissionForDelete = PermissionDao.GetPermission(request.PermissionId); response.Message = PermissionDao.DeletePermission(permissionForDelete); if (response.Message != null) { response.Acknowledge = AcknowledgeType.Failure; response.RowsAffected = 0; return(response); } response.RowsAffected = 1; } } catch (Exception ex) { response.Acknowledge = AcknowledgeType.Failure; response.Message = ex.Message; return(response); } response.PermissionId = permissionEntity != null ? permissionEntity.PermissionId : 0; return(response); }
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId) { var model = new PermissionResponse(); var allPermissions = new List <RoleClaimsResponse>(); #region GetPermissions allPermissions.GetPermissions(typeof(Permissions.Users), roleId); allPermissions.GetPermissions(typeof(Permissions.Roles), roleId); allPermissions.GetPermissions(typeof(Permissions.Products), roleId); allPermissions.GetPermissions(typeof(Permissions.Brands), roleId); #endregion var role = await _roleManager.FindByIdAsync(roleId); if (role != null) { model.RoleId = role.Id; model.RoleName = role.Name; var claims = await _roleManager.GetClaimsAsync(role); var allClaimValues = allPermissions.Select(a => a.Value).ToList(); var roleClaimValues = claims.Select(a => a.Value).ToList(); var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList(); foreach (var permission in allPermissions) { if (authorizedClaims.Any(a => a == permission.Value)) { permission.Selected = true; } } } model.RoleClaims = allPermissions; return(Result <PermissionResponse> .Success(model)); }
private static void HandleResult(string activityCode, Action <IPermissionResult> callback, GuestControllerResult <PermissionResponse> result) { if (!result.Success) { callback(MakeGenericFailure()); return; } PermissionResponse response = result.Response; if (response.error != null || response.data == null) { callback(GuestControllerErrorParser.GetPermissionResult(response.error) ?? MakeGenericFailure()); return; } ActivityApprovalStatus activityApprovalStatus = ActivityApprovalStatusConverter.Convert(response.data.approvalStatus); if (response.data.activityCode != activityCode || activityApprovalStatus == ActivityApprovalStatus.Unknown) { callback(MakeGenericFailure()); } else { callback(new PermissionResult(success: true, activityApprovalStatus)); } }
public static void ApprovePermission(AbstractLogger logger, IGuestControllerClient guestControllerClient, string activityCode, string childSwid, ActivityApprovalStatus desiredStatus, Action <IPermissionResult> callback) { if (string.IsNullOrEmpty(childSwid) || string.IsNullOrEmpty(activityCode) || desiredStatus == ActivityApprovalStatus.Pending || desiredStatus == ActivityApprovalStatus.Unknown) { callback(new PermissionFailedInvalidResult()); return; } try { ApprovePermissionRequest approvePermissionRequest = new ApprovePermissionRequest(); approvePermissionRequest.activityCode = activityCode; approvePermissionRequest.approvalStatus = ActivityApprovalStatusConverter.Convert(desiredStatus); approvePermissionRequest.swid = childSwid; ApprovePermissionRequest request = approvePermissionRequest; guestControllerClient.ApprovePermission(request, childSwid, delegate(GuestControllerResult <PermissionResponse> r) { if (!r.Success) { callback(MakeGenericFailure()); } else { PermissionResponse response = r.Response; if (response.error != null || response.data == null) { callback(ParseError(response)); } else { string activityCode2 = response.data.activityCode; ActivityApprovalStatus activityApprovalStatus = ActivityApprovalStatusConverter.Convert(response.data.approvalStatus); if (activityCode2 != activityCode || activityApprovalStatus != desiredStatus) { callback(new PermissionFailedInvalidResult()); } else { callback(new PermissionResult(success: true, activityApprovalStatus)); } } } }); } catch (Exception ex) { logger.Critical("Unhandled exception: " + ex); callback(MakeGenericFailure()); } }
/// <summary> /// Gets the permissions. /// </summary> /// <param name="request">The request.</param> /// <returns></returns> public PermissionResponse GetPermissions(PermissionRequest request) { var response = new PermissionResponse(); if (request.LoadOptions.Contains("Permissions")) { response.Permissions = request.LoadOptions.Contains("Active") ? PermissionDao.GetPermissions(request.IsActive) : PermissionDao.GetPermissions(); } if (request.LoadOptions.Contains("Permission")) { response.Permission = PermissionDao.GetPermission(request.PermissionId); } return(response); }
protected override async Task OnInitializedAsync() { _mapper = new MapperConfiguration(c => { c.AddProfile <RoleProfile>(); }).CreateMapper(); var roleId = Id; var result = await _roleManager.GetPermissionsAsync(roleId); if (result.Succeeded) { model = result.Data; if (model != null) { Description = $"{localizer["Manage"]} {model.RoleId} {model.RoleName}'s {localizer["Permissions"]}"; } } }
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId) { var model = new PermissionResponse(); var allPermissions = GetAllPermissions(); var role = await _roleManager.FindByIdAsync(roleId); if (role != null) { model.RoleId = role.Id; model.RoleName = role.Name; var roleClaimsResult = await _roleClaimService.GetAllByRoleIdAsync(role.Id); if (roleClaimsResult.Succeeded) { var roleClaims = roleClaimsResult.Data; var allClaimValues = allPermissions.Select(a => a.Value).ToList(); var roleClaimValues = roleClaims.Select(a => a.Value).ToList(); var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList(); foreach (var permission in allPermissions) { if (authorizedClaims.Any(a => a == permission.Value)) { permission.Selected = true; var roleClaim = roleClaims.SingleOrDefault(a => a.Value == permission.Value); if (roleClaim?.Description != null) { permission.Description = roleClaim.Description; } if (roleClaim?.Group != null) { permission.Group = roleClaim.Group; } } } } else { model.RoleClaims = new List <RoleClaimResponse>(); return(await Result <PermissionResponse> .FailAsync(roleClaimsResult.Messages)); } } model.RoleClaims = allPermissions; return(await Result <PermissionResponse> .SuccessAsync(model)); }
static async Task Main(string[] args) { // Create new CosmosClient to communiciate with Azure Cosmos DB using (var cosmosClient = new CosmosClient(accountEndpoint, authKey)) { // Create new database Database database = await cosmosClient.CreateDatabaseIfNotExistsAsync(databaseId); // Create new container Container container = await database.CreateContainerIfNotExistsAsync(containerId, partitionKey); for (int i = 0; i < 100; i++) { Console.WriteLine($"Run: {i}"); // This will complete successfully. var authKeyItemId = await CreateItemAsync(container); var authKeyItem = await ReadItemAsync(container, authKeyItemId); string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await database.CreateUserAsync(userId); User user = userResponse.User; string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container); PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties); using (var tokenCosmosClient = new CosmosClient(accountEndpoint, permissionResponse.Resource.Token)) { var tokenContainer = tokenCosmosClient.GetContainer(databaseId, containerId); // This will fail. var tokenItemId = await CreateItemAsync(tokenContainer); // This will succeed. var tokenItem = await ReadItemAsync(tokenContainer, authKeyItemId); } } } }
public async Task <Result <PermissionResponse> > GetAllPermissionsAsync(string roleId) { var model = new PermissionResponse(); var allPermissions = new List <RoleClaimsResponse>(); #region GetPermissions allPermissions.GetPermissions(typeof(Permissions.Users), roleId); allPermissions.GetPermissions(typeof(Permissions.Roles), roleId); allPermissions.GetPermissions(typeof(Permissions.Products), roleId); allPermissions.GetPermissions(typeof(Permissions.Brands), roleId); allPermissions.GetPermissions(typeof(Permissions.Preferences), roleId); //You could have your own method to refactor the below line, maybe by using Reflection and fetch directly from a class, else assume that Admin has all the roles assigned and retreive the Admin's roles here via the DB/Identity.RoleClaims table. allPermissions.Add(new RoleClaimsResponse { Value = "Permissions.Communication.Chat", Type = ApplicationClaimTypes.Permission }); #endregion GetPermissions var role = await _roleManager.FindByIdAsync(roleId); if (role != null) { model.RoleId = role.Id; model.RoleName = role.Name; var claims = await _roleManager.GetClaimsAsync(role); var allClaimValues = allPermissions.Select(a => a.Value).ToList(); var roleClaimValues = claims.Select(a => a.Value).ToList(); var authorizedClaims = allClaimValues.Intersect(roleClaimValues).ToList(); foreach (var permission in allPermissions) { if (authorizedClaims.Any(a => a == permission.Value)) { permission.Selected = true; } } } model.RoleClaims = allPermissions; return(await Result <PermissionResponse> .SuccessAsync(model)); }
//Verify if user is permitted access before granting and writing an access time entry private async void VerifyAccess(string userId) { PermissionResponse rep = new PermissionResponse(); rep.UserId = userId; RestService service = new RestService(); LocationsResponse[] locations = await service.PostUserPermissions(rep); bool permissionFound = false; for (int i = 0; i < locations.Length; i++) { Console.WriteLine($"Location: {locations[i]}"); if (locations[i].Location == App.LOCATION_ID.ToString()) { permissionFound = true; break; } } if (permissionFound) { Device.BeginInvokeOnMainThread(async() => { await Xamarin.Forms.Application.Current.MainPage.DisplayAlert("Success", "Successfully scanned", "OK"); }); SetAccessTimeResponse accessRep = new SetAccessTimeResponse(); accessRep.userId = userId; accessRep.locationId = App.LOCATION_ID; service.PostTimeRequest <SetAccessTimeResponse>(accessRep); } else { Device.BeginInvokeOnMainThread(async() => { await Xamarin.Forms.Application.Current.MainPage.DisplayAlert("Permission Violation", "You are not permitted entry", "OK"); }); } }
public IActionResult Authorize([FromBody] PermissionRequest permission) { var response = new PermissionResponse { Result = ResultType.Error }; var permissionRecord = _permissionService.GetPermissionRecordBySystemName(permission.PermissionSystemName); if (permissionRecord is null) { return(Ok(response)); } var isAuthorize = _permissionService.Authorize(permissionRecord); if (!isAuthorize) { return(Ok(response)); } response.Result = ResultType.Success; return(Ok(response)); }
public async Task PermissionTests(bool directMode) { CosmosClient client = directMode ? DirectCosmosClient : GatewayCosmosClient; Database database = client.GetDatabase(DatabaseId); List <string> createdPermissionIds = new List <string>(); List <string> createdContainerIds = new List <string>(); string userId = Guid.NewGuid().ToString(); UserCore user = null; try { UserResponse createUserResponse = await database.CreateUserAsync(userId); Assert.AreEqual(HttpStatusCode.Created, createUserResponse.StatusCode); user = (UserInlineCore)createUserResponse.User; ContainerResponse createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); Container container = createContainerResponse.Container; PermissionResponse permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission1", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); container = createContainerResponse.Container; permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission2", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); createContainerResponse = await database.CreateContainerIfNotExistsAsync(Guid.NewGuid().ToString(), partitionKeyPath : "/pk"); container = createContainerResponse.Container; permissionResponse = await user.CreatePermissionAsync(new PermissionProperties("BasicQueryPermission3", PermissionMode.All, container)); createdContainerIds.Add(createContainerResponse.Container.Id); createdPermissionIds.Add(permissionResponse.Permission.Id); //Read All List <PermissionProperties> results = await this.ToListAsync( user.GetPermissionQueryStreamIterator, user.GetPermissionQueryIterator <PermissionProperties>, null, CosmosBasicQueryTests.RequestOptions ); CollectionAssert.IsSubsetOf(createdPermissionIds, results.Select(x => x.Id).ToList()); //Basic query List <PermissionProperties> queryResults = await this.ToListAsync( user.GetPermissionQueryStreamIterator, user.GetPermissionQueryIterator <PermissionProperties>, "select * from T where STARTSWITH(T.id, \"BasicQueryPermission\")", CosmosBasicQueryTests.RequestOptions ); CollectionAssert.AreEquivalent(createdPermissionIds, queryResults.Select(x => x.Id).ToList()); } finally { foreach (string id in createdPermissionIds) { await user.GetPermission(id).DeleteAsync(); } foreach (string id in createdContainerIds) { await database.GetContainer(id).DeleteContainerAsync(); } await user?.DeleteAsync(); } }
// </Main> // <RunDemoAsync> private static async Task RunDemoAsync( CosmosClient client, Database database) { //-------------------------------------------------------------------------------------------------- // We need Two Containers, Two Users, and some permissions for this sample, // So let's go ahead and set these up initially //-------------------------------------------------------------------------------------------------- // Get, or Create, two separate Containers Container container1 = await database.CreateContainerAsync( id : "Container1", partitionKeyPath : "/AccountNumber"); Container container2 = await database.CreateContainerAsync( id : "Container2", partitionKeyPath : "/AccountNumber"); // Insert two documents in to col1 SalesOrder salesOrder1 = new SalesOrder() { Id = "order1", AccountNumber = "partitionKey1" }; await container1.CreateItemAsync <SalesOrder>( salesOrder1, new PartitionKey(salesOrder1.AccountNumber)); SalesOrder salesOrder2 = new SalesOrder() { Id = "order2", AccountNumber = "pk2" }; await container1.CreateItemAsync <SalesOrder>( salesOrder2, new PartitionKey(salesOrder2.AccountNumber)); // Create a user User user1 = await database.CreateUserAsync("Thomas Andersen"); // Get an existing user and permission. // This is a client side reference and does no verification against Cosmos DB. user1 = database.GetUser("Thomas Andersen"); // Verify the user exists UserProperties userProperties = await user1.ReadAsync(); //Add the read permission to the user and validate the user can //read only the container it has access to await ValidateReadPermissions( client.Endpoint.OriginalString, database.Id, container1, user1); // Insert one item in to container 2 SalesOrder salesOrder3 = new SalesOrder() { Id = "doc3", AccountNumber = "partitionKey" }; await container2.CreateItemAsync <SalesOrder>( salesOrder3, new PartitionKey(salesOrder3.AccountNumber)); // Create a new user User user2 = await database.CreateUserAsync("Robin Wakefield"); //Add the all permission to the user for a single item and validate the user can //only access the single item await ValidateAllPermissionsForItem( client.Endpoint.OriginalString, database.Id, container2, user2, salesOrder3); // Add read permission to user1 on container 2 so query has multiple results PermissionResponse permissionUser1Container2Response = await user1.CreatePermissionAsync( new PermissionProperties( id : "permissionUser1Container2", permissionMode : PermissionMode.Read, container : container2)); Permission permissionUser1Container2 = permissionUser1Container2Response; PermissionProperties user1Container2Properties = permissionUser1Container2Response; Console.WriteLine(); Console.WriteLine($"Created {permissionUser1Container2.Id} with resource URI: {user1Container2Properties.ResourceUri}"); // Get an existing permission and token permissionUser1Container2 = user1.GetPermission("permissionUser1Container2"); // Get an existing permission properties user1Container2Properties = await permissionUser1Container2.ReadAsync(); Console.WriteLine($"Read existing {permissionUser1Container2.Id} with resource URI: {user1Container2Properties.ResourceUri}"); // All user1's permissions in a List List <PermissionProperties> user1Permissions = new List <PermissionProperties>(); FeedIterator <PermissionProperties> feedIterator = user1.GetPermissionQueryIterator <PermissionProperties>(); while (feedIterator.HasMoreResults) { FeedResponse <PermissionProperties> permissions = await feedIterator.ReadNextAsync(); user1Permissions.AddRange(permissions); } }
public async Task CRUDTest() { string containerId = Guid.NewGuid().ToString(); ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId); User user = userResponse.User; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, user.Id); string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, containerResponse.Container); PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties); Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(permissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode); Assert.IsNotNull(permissionResponse.Resource.Token); SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink); PermissionProperties newPermissionProperties = new PermissionProperties(permissionId, PermissionMode.All, containerResponse.Container); permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(newPermissionProperties); //Backend returns Created instead of OK Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(newPermissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode); SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink); permissionResponse = await user.GetPermission(permissionId).ReadAsync(); Assert.AreEqual(HttpStatusCode.OK, permissionResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink); permissionResponse = await user.GetPermission(permissionId).DeleteAsync(); Assert.AreEqual(HttpStatusCode.NoContent, permissionResponse.StatusCode); try { permissionResponse = await user.GetPermission(permissionId).ReadAsync(); Assert.Fail(); } catch (CosmosException ex) { Assert.AreEqual(HttpStatusCode.NotFound, ex.StatusCode); } permissionId = Guid.NewGuid().ToString(); permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, containerResponse.Container); permissionResponse = await user.CreatePermissionAsync(permissionProperties); Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(permissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode); Assert.IsNotNull(permissionResponse.Resource.Token); newPermissionProperties = new PermissionProperties(permissionId, PermissionMode.All, containerResponse.Container); permissionResponse = await user.UpsertPermissionAsync(newPermissionProperties); Assert.AreEqual(HttpStatusCode.OK, permissionResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(newPermissionProperties.PermissionMode, permissionResponse.Resource.PermissionMode); }
public async Task ItemResourcePermissionTest() { //create user string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId); Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, userResponse.Resource.Id); User user = userResponse.User; //create resource string containerId = Guid.NewGuid().ToString(); ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); Container container = containerResponse.Container; string itemId = Guid.NewGuid().ToString(); PartitionKey partitionKey = new PartitionKey(itemId); ItemResponse <dynamic> itemRespnose = await container.CreateItemAsync <dynamic>(new { id = itemId }, partitionKey); Assert.AreEqual(HttpStatusCode.Created, itemRespnose.StatusCode); //create permission string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container, partitionKey, itemId); PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties); PermissionProperties permission = permissionResponse.Resource; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permission.Id); Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode); //delete resource with PermissionMode.Read using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) { Container tokenContainer = tokenCosmosClient.GetContainer(this.cosmosDatabase.Id, containerId); ItemResponse <dynamic> readPermissionItem = await tokenContainer.ReadItemAsync <dynamic>(itemId, partitionKey); Assert.AreEqual(itemId, readPermissionItem.Resource.id.ToString()); try { ItemResponse <dynamic> response = await tokenContainer.DeleteItemAsync <dynamic>( itemId, partitionKey); Assert.Fail(); } catch (CosmosException ex) { Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode); } } //update permission to PermissionMode.All permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container); permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties); permission = permissionResponse.Resource; //delete resource with PermissionMode.All using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) { using (FeedIterator <dynamic> feed = tokenCosmosClient .GetDatabase(this.cosmosDatabase.Id) .GetContainer(containerId) .GetItemQueryIterator <dynamic>(new QueryDefinition("select * from t"))) { while (feed.HasMoreResults) { FeedResponse <dynamic> response = await feed.ReadNextAsync(); Assert.IsNotNull(response); } } } }
public async Task ContainerPartitionResourcePermissionTest(ConnectionMode connectionMode) { CosmosClientOptions cosmosClientOptions = new CosmosClientOptions() { ConnectionMode = connectionMode }; CosmosClient cosmosClient = TestCommon.CreateCosmosClient(cosmosClientOptions); Database database = await cosmosClient.CreateDatabaseIfNotExistsAsync("PermissionTest"); //create user string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await database.CreateUserAsync(userId); Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, userResponse.Resource.Id); User user = userResponse.User; //create resource string containerId = Guid.NewGuid().ToString(); ContainerResponse containerResponse = await database.CreateContainerAsync( id : containerId, partitionKeyPath : "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); Container container = containerResponse.Container; // Create items to read ToDoActivity itemAccess = ToDoActivity.CreateRandomToDoActivity(); ToDoActivity itemNoAccess = ToDoActivity.CreateRandomToDoActivity(); await container.CreateItemAsync <ToDoActivity>( itemAccess, new PartitionKey(itemAccess.id)); await container.CreateItemAsync <ToDoActivity>( itemNoAccess, new PartitionKey(itemNoAccess.id)); //create permission string permissionId = Guid.NewGuid().ToString(); PartitionKey partitionKey = new PartitionKey(itemAccess.id); PermissionProperties permissionProperties = new PermissionProperties( permissionId, PermissionMode.Read, container, partitionKey); PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties); PermissionProperties permission = permissionResponse.Resource; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permission.Id); Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode); using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: cosmosClientOptions, resourceToken: permission.Token)) { Container tokenContainer = tokenCosmosClient.GetContainer(database.Id, containerId); await tokenContainer.ReadItemAsync <ToDoActivity>(itemAccess.id, new PartitionKey(itemAccess.id)); try { await tokenContainer.ReadItemAsync <ToDoActivity>(itemNoAccess.id, new PartitionKey(itemNoAccess.id)); Assert.Fail(); } catch (CosmosException ex) { Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode); } QueryRequestOptions queryRequestOptions = new QueryRequestOptions() { PartitionKey = new PartitionKey(itemAccess.id) }; FeedIterator <ToDoActivity> feedIterator = tokenContainer.GetItemQueryIterator <ToDoActivity>( queryText: "select * from T", requestOptions: queryRequestOptions); List <ToDoActivity> result = new List <ToDoActivity>(); while (feedIterator.HasMoreResults) { FeedResponse <ToDoActivity> toDoActivities = await feedIterator.ReadNextAsync(); result.AddRange(toDoActivities); } Assert.AreEqual(1, result.Count); // Test query with no service interop via gateway query plan to replicate x32 app ContainerInternal containerCore = (ContainerInlineCore)tokenContainer; MockCosmosQueryClient mock = new MockCosmosQueryClient( clientContext: containerCore.ClientContext, cosmosContainerCore: containerCore, forceQueryPlanGatewayElseServiceInterop: true); Container tokenGatewayQueryPlan = new ContainerInlineCore( containerCore.ClientContext, (DatabaseInternal)containerCore.Database, containerCore.Id, mock); FeedIterator <ToDoActivity> feedIteratorGateway = tokenGatewayQueryPlan.GetItemQueryIterator <ToDoActivity>( queryText: "select * from T", requestOptions: queryRequestOptions); List <ToDoActivity> resultGateway = new List <ToDoActivity>(); while (feedIteratorGateway.HasMoreResults) { FeedResponse <ToDoActivity> toDoActivities = await feedIteratorGateway.ReadNextAsync(); resultGateway.AddRange(toDoActivities); } Assert.AreEqual(1, resultGateway.Count); } }
public async Task ContainerResourcePermissionTest() { //create user string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await this.cosmosDatabase.CreateUserAsync(userId); Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, userResponse.Resource.Id); User user = userResponse.User; //create resource string containerId = Guid.NewGuid().ToString(); ContainerResponse containerResponse = await this.cosmosDatabase.CreateContainerAsync(containerId, "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); Container container = containerResponse.Container; //create permission string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, PermissionMode.Read, container); PermissionResponse permissionResponse = await user.CreatePermissionAsync(permissionProperties); PermissionProperties permission = permissionResponse.Resource; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(permissionId, permission.Id); Assert.AreEqual(permissionProperties.PermissionMode, permission.PermissionMode); //delete resource with PermissionMode.Read using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) { try { ContainerResponse response = await tokenCosmosClient .GetDatabase(this.cosmosDatabase.Id) .GetContainer(containerId) .DeleteContainerAsync(); Assert.Fail(); } catch (CosmosException ex) { Assert.AreEqual(HttpStatusCode.Forbidden, ex.StatusCode); } } //update permission to PermissionMode.All permissionProperties = new PermissionProperties(permissionId, PermissionMode.All, container); permissionResponse = await user.GetPermission(permissionId).ReplaceAsync(permissionProperties); permission = permissionResponse.Resource; //delete resource with PermissionMode.All using (CosmosClient tokenCosmosClient = TestCommon.CreateCosmosClient(clientOptions: null, resourceToken: permission.Token)) { ContainerResponse response = await tokenCosmosClient .GetDatabase(this.cosmosDatabase.Id) .GetContainer(containerId) .DeleteContainerAsync(); Assert.AreEqual(HttpStatusCode.NoContent, response.StatusCode); } }
public async Task ValidateAzureKeyCredentialDirectModeUpdateAsync() { string authKey = ConfigurationManager.AppSettings["MasterKey"]; string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"]; AzureKeyCredential masterKeyCredential = new AzureKeyCredential(authKey); using (CosmosClient client = new CosmosClient( endpoint, masterKeyCredential)) { string databaseName = Guid.NewGuid().ToString(); try { Cosmos.Database database = client.GetDatabase(databaseName); ResponseMessage responseMessage = await database.ReadStreamAsync(); Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode); { // Random key: Next set of actions are expected to fail => 401 (UnAuthorized) masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()))); responseMessage = await database.ReadStreamAsync(); Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode); string diagnostics = responseMessage.Diagnostics.ToString(); Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString()); } { // Resetting back to master key => 404 (NotFound) masterKeyCredential.Update(authKey); responseMessage = await database.ReadStreamAsync(); Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode); } // Test with resource token interchageability masterKeyCredential.Update(authKey); database = await client.CreateDatabaseAsync(databaseName); string containerId = Guid.NewGuid().ToString(); ContainerResponse containerResponse = await database.CreateContainerAsync(containerId, "/id"); Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode); { // Resource token with ALL permissoin's string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await database.CreateUserAsync(userId); Cosmos.User user = userResponse.User; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, user.Id); string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.All, client.GetContainer(databaseName, containerId)); PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties); Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(Cosmos.PermissionMode.All, permissionResponse.Resource.PermissionMode); Assert.IsNotNull(permissionResponse.Resource.Token); SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink); // Valdiate ALL on contianer masterKeyCredential.Update(permissionResponse.Resource.Token); ToDoActivity item = ToDoActivity.CreateRandomToDoActivity(); Cosmos.Container container = client.GetContainer(databaseName, containerId); responseMessage = await container.ReadContainerStreamAsync(); Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode); responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id)); Assert.AreEqual(HttpStatusCode.Created, responseMessage.StatusCode); // Read Only resorce token } // Reset to master key for new permission creation masterKeyCredential.Update(authKey); { // Resource token with Read-ONLY permissoin's string userId = Guid.NewGuid().ToString(); UserResponse userResponse = await database.CreateUserAsync(userId); Cosmos.User user = userResponse.User; Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode); Assert.AreEqual(userId, user.Id); string permissionId = Guid.NewGuid().ToString(); PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.Read, client.GetContainer(databaseName, containerId)); PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties); //Backend returns Created instead of OK Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode); Assert.AreEqual(permissionId, permissionResponse.Resource.Id); Assert.AreEqual(Cosmos.PermissionMode.Read, permissionResponse.Resource.PermissionMode); // Valdiate read on contianer masterKeyCredential.Update(permissionResponse.Resource.Token); ToDoActivity item = ToDoActivity.CreateRandomToDoActivity(); Cosmos.Container container = client.GetContainer(databaseName, containerId); responseMessage = await container.ReadContainerStreamAsync(); Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode); responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id)); Assert.AreEqual(HttpStatusCode.Forbidden, responseMessage.StatusCode); // Read Only resorce token } { // Reset to master key for new permission creation masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString()))); ToDoActivity item = ToDoActivity.CreateRandomToDoActivity(); Cosmos.Container container = client.GetContainer(databaseName, containerId); responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id)); Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode); // Read Only resorce token string diagnostics = responseMessage.Diagnostics.ToString(); Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString()); } } finally { // Reset to master key for clean-up masterKeyCredential.Update(authKey); await TestCommon.DeleteDatabaseAsync(client, client.GetDatabase(databaseName)); } } }