public void TestInit() { _resourcePermissions = new ResourcePermissions( "r",new List<Permission> { new Permission( "a",false ), new Permission( "b",true ), new Permission( "c",false ), new Permission( "c",true ), } ); }
public void TestInit() { _resourcePermissions = new ResourcePermissions("r", new List <Permission> { new Permission("a", false), new Permission("b", true), new Permission("c", false), new Permission("c", true), }); }
public bool HasDuplicateResourcePermissions() { var duplicates = ResourcePermissions .Where(i => !i.IsDeleted) .GroupBy(i => new { i.ResourceID, i.WindowsGroup }) .Where(g => g.Count() > 1) .Select(g => g.Key); return(duplicates.Any()); }
/// <summary> /// Extracts the requested permission string. /// </summary> /// <param name="permissions">The permissions to extract.</param> /// <returns>The extracted permissions.</returns> public virtual ResourcePermissions ExtractPermissions(string permissions) { if (string.IsNullOrWhiteSpace(permissions)) { throw new HttpResponseException(HttpStatusCode.BadRequest); } ResourcePermissions allowed = this.AllowedPermissions; ResourcePermissions p = ResourcePermissions.None; foreach (char c in permissions) { switch (c) { case 'r': this.ValidatePermission(ResourcePermissions.Read, p, allowed); p |= ResourcePermissions.Read; break; case 'a': this.ValidatePermission(ResourcePermissions.Add, p, allowed); p |= ResourcePermissions.Add; break; case 'u': this.ValidatePermission(ResourcePermissions.Update, p, allowed); p |= ResourcePermissions.Update; break; case 'd': this.ValidatePermission(ResourcePermissions.Delete, p, allowed); p |= ResourcePermissions.Delete; break; case 'p': this.ValidatePermission(ResourcePermissions.Process, p, allowed); p |= ResourcePermissions.Process; break; case 'w': this.ValidatePermission(ResourcePermissions.Write, p, allowed); p |= ResourcePermissions.Write; break; default: throw new HttpResponseException(HttpStatusCode.BadRequest); } } return(p); }
private void UpdateControlsStatus(IEnumerable <NavigationProperty> propertyCollection, ResourcePermissions <Resource> userPermissions, bool isAdmin, bool isOwner) { ResourceTypeControl.ResourceHierarchy = SelectedResourceType; if (IsEditMode) { ResourceTypeTab.Visible = false; //Apply security checks SummaryTab.Visible = ChangeHistoryTab.Visible = userPermissions.Permissions.Contains(UserResourcePermissions.Read) ? true : false; MetadataTab.Visible = AssociationsTab.Visible = userPermissions.Permissions.Contains(UserResourcePermissions.Update) ? true : false; //TODO: Add one more condittion to check whether the current user is admin or not(after changes in Security API) ResourcePermissionsTab.Visible = isAdmin | isOwner ? true : false; if (!userPermissions.Permissions.Contains(UserResourcePermissions.Update) || propertyCollection.Where(tuple => tuple.Name.Equals(_categoryNodesProperty)).Count() == 0) { CategoriesTab.Visible = false; } else { CategoriesTab.Visible = true; } if (!userPermissions.Permissions.Contains(UserResourcePermissions.Update) || propertyCollection.Where(tuple => tuple.Name.Equals(_tagsProperty)).Count() == 0) { TagsTab.Visible = false; } else { TagsTab.Visible = true; } } else { ResourceTypeTab.Visible = true; MetadataTab.Visible = Constants.MetadataTab.Equals(ActiveTab) ? true : false; SummaryTab.Visible = AssociationsTab.Visible = ResourcePermissionsTab.Visible = TagsTab.Visible = CategoriesTab.Visible = ChangeHistoryTab.Visible = false; } }
/// <summary> /// Throws a bad request exception if the given permission set already contains the specific permission. /// </summary> /// <param name="existingPermissions">The current permission set.</param> /// <param name="newPermission">The specific permission to check for.</param> protected virtual void ValidatePermission(ResourcePermissions newPermission, ResourcePermissions existingPermissions, ResourcePermissions allowedPermissions) { // First, determine whether we've already seen this permission before. if ((existingPermissions & newPermission) == newPermission) { throw new HttpResponseException(HttpStatusCode.BadRequest); } // Now, verify that this permission is allowed. if ((allowedPermissions & newPermission) != newPermission) { throw new HttpResponseException(HttpStatusCode.BadRequest); } }
private ResourceDto ConvertToTemplateData(ResourcePermissions m) { return(new ResourceDto { Name = m.Name, Description = m.Description, ResourceId = m.ResourceId, Permissions = m.Permissions .Select(p => new ResourceDto.Permission { PermissionId = p.PermissionId, Name = p.Name, Description = p.Description, IsAllowed = p.IsAllowed }).ToList(), HasInstancePermissions = m.HasInstancePermissions }); }
private void Initialize() { ResourceType type = null; IEnumerable <NavigationProperty> propertyCollection = null; ResourcePermissions <Resource> userPermissions = null; bool isAdmin = false; bool isOwner = false; using (ResourceDataAccess dataAccess = new ResourceDataAccess()) { if (IsEditMode) { AuthenticatedToken token = Session[Constants.AuthenticationTokenKey] as AuthenticatedToken; userPermissions = dataAccess.GetResourcePermissions(token, ResourceId); //Throw exception is user is not having atleast read permission on the resource. if (userPermissions == null || !userPermissions.Permissions.Contains(UserResourcePermissions.Read)) { throw new UnauthorizedAccessException(string.Format(CultureInfo.InvariantCulture, Resources.Resources.MsgUnAuthorizeAccess, UserResourcePermissions.Read)); } isAdmin = dataAccess.IsAdmin(token); isOwner = dataAccess.IsOwner(token, userPermissions.Resource); type = dataAccess.GetResourceType(ResourceId); propertyCollection = dataAccess.GetNavigationProperties(Cache, ResourceId); } else { string resType = Convert.ToString(Request.QueryString[_resourceTypeKey]); if (!string.IsNullOrEmpty(resType)) { type = dataAccess.GetResourceType(resType); } } } if (type != null) { SelectedResourceType = type.Name; } UpdateControlsStatus(propertyCollection, userPermissions, isAdmin, isOwner); }
void OnPermissionPropertyChanged(object sender, PropertyChangedEventArgs args) { IsDirty = true; UpdateOverridingPermission(sender as WindowsGroupPermission, args.PropertyName); if (args.PropertyName == "WindowsGroup" || args.PropertyName == "ResourceName") { var permission = (WindowsGroupPermission)sender; if (permission.IsNew) { if (permission.IsValid) { permission.IsNew = false; var newPermission = CreateNewPermission(permission.IsServer); if (permission.IsServer) { ServerPermissions.Add(newPermission); } else { ResourcePermissions.Add(newPermission); } } } else { var isEmpty = string.IsNullOrEmpty(permission.WindowsGroup); if (isEmpty) { if (permission.IsServer) { ServerPermissions.Remove(permission); } else { ResourcePermissions.Remove(permission); } } } } }
/// <summary> /// Creates a SAS key for a queue with the given name, permissions, and expiration. /// </summary> /// <param name="queueName">The name of the queue to create.</param> /// <param name="permissions">The permissions to apply to the queue.</param> /// <param name="expiration">The expiration time for the token.</param> /// <returns>Returns the blob's URI access string.</returns> public ResourceToken CreateQueueAccessToken(string queueName, ResourcePermissions permissions, DateTime?expiration = null) { if (string.IsNullOrWhiteSpace(queueName)) { throw new ArgumentException("must not be null or empty", "queueName"); } // Set up the SAS constraints. SharedAccessQueuePolicy sasConstraints = GetQueueSasConstraints(permissions, expiration); // Get a reference to the queue. CloudQueue queue = this.QueueClient.GetQueueReference(queueName); // Get the queue SAS. string sasQueueToken = queue.GetSharedAccessSignature(sasConstraints); // Append this to the URI. return(new ResourceToken { Uri = queue.Uri + sasQueueToken }); }
public async Task <IEnumerable <ResourcePermissions> > GetResourcePermissionsAsync(ICollection <TKey> roleIds, CancellationToken token = default(CancellationToken)) { var resources = _resourceRegistry.ResourceTypes .Select((r, i) => new { Index = i, Name = _namingConvertor.GetResourceUniqueName(r.ResourceType), Type = r.ResourceType, Permissions = r.StaticPermissions }).ToList(); var result = new ResourcePermissions[resources.Count]; foreach (var resource in resources) { var permissions = new List <Permission>(); foreach (var permissionType in resource.Permissions) { var enumNames = Enum.GetNames(permissionType); foreach (var enumName in enumNames) { var memberInfo = permissionType.GetField(enumName); var permissionUniqueIdentifier = _namingConvertor.GetPermissionUniqueIdentifier(permissionType, memberInfo); permissions.Add(new Permission { Identifier = permissionUniqueIdentifier, IsAllowed = (await _permissionStore.IsAllowedAsync(roleIds, resource.Name, permissionUniqueIdentifier, token)) ?? false }); } } result.SetValue(new ResourcePermissions { UniqueName = resource.Name, Permissions = permissions }, resource.Index); } return(result); }
/// <summary> /// Creates SAS constraints from the given parameters. /// </summary> /// <param name="permissions">The permission set.</param> /// <param name="expiration">The expiration time.</param> /// <returns>Returns the access policy.</returns> private static SharedAccessBlobPolicy GetBlobSasConstraints(ResourcePermissions permissions, DateTime?expiration) { SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy(); // Set the start time to five minutes in the past. sasConstraints.SharedAccessStartTime = DateTimeOffset.Now - TimeSpan.FromMinutes(5); // Expiration. if (expiration != null) { sasConstraints.SharedAccessExpiryTime = expiration.Value; } // Permissions. sasConstraints.Permissions = SharedAccessBlobPermissions.None; if ((permissions & ResourcePermissions.Read) == ResourcePermissions.Read) { sasConstraints.Permissions |= SharedAccessBlobPermissions.Read; } if ((permissions & ResourcePermissions.Write) == ResourcePermissions.Write) { sasConstraints.Permissions |= SharedAccessBlobPermissions.Write; } else { if ((permissions & ResourcePermissions.Add) == ResourcePermissions.Add || (permissions & ResourcePermissions.Update) == ResourcePermissions.Update || (permissions & ResourcePermissions.Delete) == ResourcePermissions.Delete) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Blobs do not support Add, Update, or Delete permissions. Use the Write permission instead.") }); } } return(sasConstraints); }
/// <summary> /// Creates SAS constraints from the given parameters. /// </summary> /// <param name="permissions">The permission set.</param> /// <param name="expiration">The expiration time.</param> /// <returns>Returns the access policy.</returns> private static SharedAccessQueuePolicy GetQueueSasConstraints(ResourcePermissions permissions, DateTime?expiration) { SharedAccessQueuePolicy sasConstraints = new SharedAccessQueuePolicy(); // Set the start time to five minutes in the past. sasConstraints.SharedAccessStartTime = DateTimeOffset.Now - TimeSpan.FromMinutes(5); // Expiration. if (expiration != null) { sasConstraints.SharedAccessExpiryTime = expiration.Value; } // Permissions. sasConstraints.Permissions = SharedAccessQueuePermissions.None; if ((permissions & ResourcePermissions.Read) == ResourcePermissions.Read) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Read; } if ((permissions & ResourcePermissions.Add) == ResourcePermissions.Add) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Add; } if ((permissions & ResourcePermissions.Update) == ResourcePermissions.Update) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Update; } if ((permissions & ResourcePermissions.Process) == ResourcePermissions.Process) { sasConstraints.Permissions |= SharedAccessQueuePermissions.ProcessMessages; } return(sasConstraints); }
/// <summary> /// Creates a SAS key for a queue with the given name, permissions, and expiration. /// </summary> /// <param name="queueName">The name of the queue to create.</param> /// <param name="permissions">The permissions to apply to the queue.</param> /// <param name="expiration">The expiration time for the token.</param> /// <returns>Returns the blob's URI access string.</returns> public ResourceToken CreateQueueAccessToken(string queueName, ResourcePermissions permissions, DateTime? expiration = null) { if (string.IsNullOrWhiteSpace(queueName)) { throw new ArgumentException("must not be null or empty", "queueName"); } // Set up the SAS constraints. SharedAccessQueuePolicy sasConstraints = GetQueueSasConstraints(permissions, expiration); // Get a reference to the queue. CloudQueue queue = this.QueueClient.GetQueueReference(queueName); // Get the queue SAS. string sasQueueToken = queue.GetSharedAccessSignature(sasConstraints); // Append this to the URI. return new ResourceToken { Uri = queue.Uri + sasQueueToken }; }
/// <summary> /// Creates a SAS key for a blob with the given name, permissions, and expiration. /// </summary> /// <param name="containerName">The name of the container to create the blob within.</param> /// <param name="blobName">The name of the blob to create.</param> /// <param name="permissions">The permissions to apply to the blob.</param> /// <param name="expiration">The expiration time for the token.</param> /// <returns>Returns the blob's URI access string.</returns> public ResourceToken CreateBlobAccessToken(string containerName, string blobName, ResourcePermissions permissions, DateTime?expiration = null) { if (string.IsNullOrWhiteSpace(containerName)) { throw new ArgumentException("must not be null or empty", "containerName"); } if (string.IsNullOrWhiteSpace(blobName)) { throw new ArgumentException("must not be null or empty", "blobName"); } // Set up the container connection. CloudBlobContainer container = this.BlobClient.GetContainerReference(containerName); // Set up the SAS constraints. SharedAccessBlobPolicy sasConstraints = GetBlobSasConstraints(permissions, expiration); // Get a reference to the blob. CloudBlockBlob blob = container.GetBlockBlobReference(blobName); // Get the blob SAS. string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints); // Append this to the URI. return(new ResourceToken { Uri = blob.Uri + sasBlobToken }); }
/// <summary> /// Creates SAS constraints from the given parameters. /// </summary> /// <param name="permissions">The permission set.</param> /// <param name="expiration">The expiration time.</param> /// <returns>Returns the access policy.</returns> private static SharedAccessBlobPolicy GetBlobSasConstraints(ResourcePermissions permissions, DateTime? expiration) { SharedAccessBlobPolicy sasConstraints = new SharedAccessBlobPolicy(); // Set the start time to five minutes in the past. sasConstraints.SharedAccessStartTime = DateTimeOffset.Now - TimeSpan.FromMinutes(5); // Expiration. if (expiration != null) { sasConstraints.SharedAccessExpiryTime = expiration.Value; } // Permissions. sasConstraints.Permissions = SharedAccessBlobPermissions.None; if ((permissions & ResourcePermissions.Read) == ResourcePermissions.Read) { sasConstraints.Permissions |= SharedAccessBlobPermissions.Read; } if ((permissions & ResourcePermissions.Write) == ResourcePermissions.Write) { sasConstraints.Permissions |= SharedAccessBlobPermissions.Write; } else { if ((permissions & ResourcePermissions.Add) == ResourcePermissions.Add || (permissions & ResourcePermissions.Update) == ResourcePermissions.Update || (permissions & ResourcePermissions.Delete) == ResourcePermissions.Delete) { throw new HttpResponseException(new HttpResponseMessage(HttpStatusCode.BadRequest) { Content = new StringContent("Blobs do not support Add, Update, or Delete permissions. Use the Write permission instead.") }); } } return sasConstraints; }
/// <summary> /// Creates SAS constraints from the given parameters. /// </summary> /// <param name="permissions">The permission set.</param> /// <param name="expiration">The expiration time.</param> /// <returns>Returns the access policy.</returns> private static SharedAccessQueuePolicy GetQueueSasConstraints(ResourcePermissions permissions, DateTime? expiration) { SharedAccessQueuePolicy sasConstraints = new SharedAccessQueuePolicy(); // Set the start time to five minutes in the past. sasConstraints.SharedAccessStartTime = DateTimeOffset.Now - TimeSpan.FromMinutes(5); // Expiration. if (expiration != null) { sasConstraints.SharedAccessExpiryTime = expiration.Value; } // Permissions. sasConstraints.Permissions = SharedAccessQueuePermissions.None; if ((permissions & ResourcePermissions.Read) == ResourcePermissions.Read) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Read; } if ((permissions & ResourcePermissions.Add) == ResourcePermissions.Add) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Add; } if ((permissions & ResourcePermissions.Update) == ResourcePermissions.Update) { sasConstraints.Permissions |= SharedAccessQueuePermissions.Update; } if ((permissions & ResourcePermissions.Process) == ResourcePermissions.Process) { sasConstraints.Permissions |= SharedAccessQueuePermissions.ProcessMessages; } return sasConstraints; }
/// <summary> /// Creates a SAS key for a blob with the given name, permissions, and expiration. /// </summary> /// <param name="containerName">The name of the container to create the blob within.</param> /// <param name="blobName">The name of the blob to create.</param> /// <param name="permissions">The permissions to apply to the blob.</param> /// <param name="expiration">The expiration time for the token.</param> /// <returns>Returns the blob's URI access string.</returns> public ResourceToken CreateBlobAccessToken(string containerName, string blobName, ResourcePermissions permissions, DateTime? expiration = null) { if (string.IsNullOrWhiteSpace(containerName)) { throw new ArgumentException("must not be null or empty", "containerName"); } if (string.IsNullOrWhiteSpace(blobName)) { throw new ArgumentException("must not be null or empty", "blobName"); } // Set up the container connection. CloudBlobContainer container = this.BlobClient.GetContainerReference(containerName); // Set up the SAS constraints. SharedAccessBlobPolicy sasConstraints = GetBlobSasConstraints(permissions, expiration); // Get a reference to the blob. CloudBlockBlob blob = container.GetBlockBlobReference(blobName); // Get the blob SAS. string sasBlobToken = blob.GetSharedAccessSignature(sasConstraints); // Append this to the URI. return new ResourceToken { Uri = blob.Uri + sasBlobToken }; }