private void AssignExistingPermissionToApplicationFunction(PermissionModel existingPermission, string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult, Guid updatedByGuid)
        {
            if (ExistingPermissionIsAssignedToAnotherApplication(existingPermission, applicationName))
            {
                var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission name exists, but is not assigned to application '{applicationName}'. Cannot assign it to application '{applicationName}', as permissions can only be assigned to a single application";
                if (dryRun)
                {
                    securityContractDryRunResult.ValidationErrors.Add(errorMessage);
                    return;
                }

                throw new ItemNotProcessableException(errorMessage);
            }

            logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to application '{applicationName}'. Updating it.");
            var applicationFunctionPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name);

            // This check will be true if the permission was assigned to another function attached to the same application. Prevent this!
            if (applicationFunctionPermission == null)
            {
                var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to another application function within application '{applicationName}'. This is prohibited.";
                if (dryRun)
                {
                    securityContractDryRunResult.ValidationErrors.Add(errorMessage);
                    return;
                }

                throw new ItemNotProcessableException(errorMessage);
            }

            // Still check if the permission is to be updated.
            if (applicationFunctionPermission.Permission.Description != permission.Description)
            {
                applicationFunctionPermission.Permission.Description = permission.Description;
                applicationFunctionPermission.Permission.ChangedBy   = updatedByGuid;
            }
        }
        private void AssignNewPermissionToApplicationFunction(string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid)
        {
            logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' does not exist in A3S. Adding it.");

            applicationFunction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel
            {
                ApplicationFunction = applicationFunction,
                Permission          = new PermissionModel
                {
                    Name        = permission.Name,
                    Description = permission.Description,
                    ChangedBy   = updatedByGuid
                },
                ChangedBy = updatedByGuid
            });
        }
Esempio n. 3
0
        private void AddResourcePermissionToFunction(ApplicationFunctionModel applicationFuction, SecurityContractPermission permission)
        {
            logger.Debug($"Assinging permission {permission.Name} to function: {applicationFuction.Name}.");
            // Check if there is an existing permission within the database. Add this one if found, else create a new one and add it.
            var existingPermission = permissionRepository.GetByName(permission.Name);

            PermissionModel permissionToAdd = new PermissionModel
            {
                Name        = permission.Name,
                Description = permission.Description
            };

            if (existingPermission != null)
            {
                logger.Debug($"Permission {permission.Name} already exists within the database. Not adding it.");
                permissionToAdd = existingPermission;
            }
            else
            {
                logger.Debug($"Permission {permission.Name} does not exist in the database. Adding it.");
            }

            applicationFuction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel
            {
                ApplicationFunction = applicationFuction,
                Permission          = permissionToAdd
            });
        }
        private void AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
        {
            logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Attempting to assign permission '{permission.Name}' to function: {applicationFunction.Name}.");
            // Check if there is an existing permission within the database. Add this one if found, but only if it is assigned to the current application, else create a new one and add it.
            var existingPermission = permissionRepository.GetByName(permission.Name, true);

            if (existingPermission != null)
            {
                AssignExistingPermissionToApplicationFunction(existingPermission, applicationName, applicationFunction, permission, dryRun, securityContractDryRunResult, updatedByGuid);
            }
            else
            {
                AssignNewPermissionToApplicationFunction(applicationName, applicationFunction, permission, updatedByGuid);
            }
        }
Esempio n. 5
0
        private void AddPermissionToFunctionIfNotAlreadyAssigned(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission)
        {
            // add the permission if it does not exist.
            var applicationPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name);

            if (applicationPermission == null)
            {
                AddResourcePermissionToFunction(applicationFunction, permission);
            }
        }