/// <summary>
/// Initializes a new instance of the <see cref="SqlServerStreamConfig"/> class.
/// </summary>
/// <param name="name">Name of the stream.</param>
/// <param name="accessKinds">Access the stream has.</param>
/// <param name="defaultConnectionTimeout">Default timeout to use when connecting to SQL Server.</param>
/// <param name="defaultCommandTimeout">Default timeout to use when running a command on SQL Server.</param>
/// <param name="defaultSerializerRepresentation">Default <see cref="SerializerRepresentation"/> to use (used for identifier serialization).</param>
/// <param name="defaultSerializationFormat">Default <see cref="SerializationFormat"/> to use.</param>
/// <param name="allLocators">All <see cref="ISqlServerLocator"/>'s.</param>
public SqlServerStreamConfig(
string name,
StreamAccessKinds accessKinds,
TimeSpan defaultConnectionTimeout,
TimeSpan defaultCommandTimeout,
SerializerRepresentation defaultSerializerRepresentation,
SerializationFormat defaultSerializationFormat,
IReadOnlyCollection <ISqlServerLocator> allLocators)
{
name.MustForArg(nameof(name)).NotBeNullNorWhiteSpace();
accessKinds.MustForArg(nameof(accessKinds)).NotBeEqualTo(StreamAccessKinds.None);
defaultConnectionTimeout.TotalMilliseconds.MustForArg(Invariant($"{nameof(defaultConnectionTimeout)}.{nameof(TimeSpan.TotalMilliseconds)}")).BeGreaterThanOrEqualTo(0d);
defaultCommandTimeout.TotalMilliseconds.MustForArg(Invariant($"{nameof(defaultCommandTimeout)}.{nameof(TimeSpan.TotalMilliseconds)}")).BeGreaterThanOrEqualTo(0d);
defaultSerializerRepresentation.MustForArg(nameof(defaultSerializerRepresentation)).NotBeNull();
defaultSerializationFormat.MustForArg(nameof(defaultSerializationFormat)).NotBeEqualTo(SerializationFormat.Invalid);
allLocators.MustForArg(nameof(allLocators)).NotBeNullNorEmptyEnumerableNorContainAnyNulls();
this.Name = name;
this.AccessKinds = accessKinds;
this.DefaultConnectionTimeout = defaultConnectionTimeout;
this.DefaultCommandTimeout = defaultCommandTimeout;
this.DefaultSerializerRepresentation = defaultSerializerRepresentation;
this.DefaultSerializationFormat = defaultSerializationFormat;
this.AllLocators = allLocators;
}
public CreateStreamUserOp DeepCloneWithStreamAccessKinds(StreamAccessKinds streamAccessKinds)
{
var result = new CreateStreamUserOp(
this.LoginName?.DeepClone(),
this.UserName?.DeepClone(),
this.ClearTextPassword?.DeepClone(),
streamAccessKinds,
this.ShouldCreateLogin.DeepClone());
return(result);
}
public SqlServerStreamConfig DeepCloneWithAccessKinds(StreamAccessKinds accessKinds)
{
var result = new SqlServerStreamConfig(
this.Name?.DeepClone(),
accessKinds,
this.DefaultConnectionTimeout.DeepClone(),
this.DefaultCommandTimeout.DeepClone(),
this.DefaultSerializerRepresentation?.DeepClone(),
this.DefaultSerializationFormat.DeepClone(),
this.AllLocators?.DeepClone());
return(result);
}
/// <summary>
/// Gets the role name from the <see cref="StreamAccessKinds"/> and the stream name.
/// </summary>
/// <param name="singleStreamAccessKind">Single <see cref="StreamAccessKinds"/>.</param>
/// <param name="streamName">Name of the stream.</param>
/// <returns>Name of role.</returns>
public static string GetRoleNameFromStreamAccessKind(
StreamAccessKinds singleStreamAccessKind,
string streamName)
{
var streamAccessKindsIndividualItems = singleStreamAccessKind.GetIndividualFlags();
streamAccessKindsIndividualItems.Count.MustForArg(nameof(streamAccessKindsIndividualItems)).BeEqualTo(1, "Can only convert a single flag to a role name.");
var roleName = streamAccessKindsIndividualItems.Single().ToString();
var result = Invariant($@"{streamName}-{roleName}");
return(result);
}
/// <summary>
/// Initializes a new instance of the <see cref="CreateStreamUserOp"/> class.
/// </summary>
/// <param name="loginName">The login name of the user.</param>
/// <param name="userName">The username of the user.</param>
/// <param name="clearTextPassword">The clear text password.</param>
/// <param name="streamAccessKinds"><see cref="Database.Domain.StreamAccessKinds"/> to grant access for.</param>
/// <param name="shouldCreateLogin">A value indicating whether or not to create the login or look it up.</param>
public CreateStreamUserOp(
string loginName,
string userName,
string clearTextPassword,
StreamAccessKinds streamAccessKinds,
bool shouldCreateLogin)
{
userName.MustForArg(nameof(userName)).NotBeNullNorWhiteSpace().And().BeAlphanumeric(new[] { '-' });
streamAccessKinds.MustForArg(nameof(streamAccessKinds)).NotBeEqualTo(Database.Domain.StreamAccessKinds.None);
if (shouldCreateLogin)
{
clearTextPassword.MustForArg(nameof(clearTextPassword)).NotBeNullNorWhiteSpace();
}
else
{
loginName.MustForArg(nameof(loginName)).NotBeNullNorWhiteSpace();
}
if (!string.IsNullOrWhiteSpace(loginName))
{
loginName.MustForArg(nameof(loginName)).BeAlphanumeric(new[] { '-' });
}
var individualStreamAccessKinds = streamAccessKinds.GetIndividualFlags <StreamAccessKinds>();
if (individualStreamAccessKinds.Except(CreateStreamUserOp.SupportedStreamAccessKinds).Any())
{
var supportedValuesString = SupportedStreamAccessKinds.Select(_ => _.ToString()).ToDelimitedString(",");
var providedValuesString = individualStreamAccessKinds.Select(_ => _.ToString()).ToDelimitedString(",");
throw new ArgumentException(Invariant($"Unsupported access type provided; supported: '{supportedValuesString}', provided: '{providedValuesString}'."), nameof(streamAccessKinds));
}
this.LoginName = loginName;
this.UserName = userName;
this.ClearTextPassword = clearTextPassword;
this.StreamAccessKinds = streamAccessKinds;
this.ShouldCreateLogin = shouldCreateLogin;
}
public static string BuildGrantScriptByStreamAccessKind(
StreamAccessKinds singleStreamAccessKind,
string streamName)
{
var result = new StringBuilder();
var roleName = GetRoleNameFromStreamAccessKind(singleStreamAccessKind, streamName);
string BuildGrant(string resourceName, string permission)
{
var fullName = Invariant($"[{streamName}].[{resourceName}]");
var grantExec = Invariant($"GRANT {permission} ON {fullName} TO [{roleName}]");
return(grantExec);
}
var execute = "EXECUTE";
var read = "SELECT";
var readWrite = "SELECT,INSERT";
// Base permissions for all roles.
result.AppendLine(BuildGrant(Funcs.GetTagsTableVariableFromTagsXml.Name, read));
result.AppendLine(BuildGrant(Sprocs.GetIdAddIfNecessarySerializerRepresentation.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetIdAddIfNecessaryTypeWithoutVersion.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetIdAddIfNecessaryTypeWithVersion.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetIdsAddIfNecessaryTagSet.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetSerializerRepresentationFromId.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetTypeFromId.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetTagSetFromIds.Name, execute));
result.AppendLine(BuildGrant(Tables.SerializerRepresentation.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.TypeWithoutVersion.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.TypeWithVersion.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.Tag.Table.Name, readWrite));
if (singleStreamAccessKind == StreamAccessKinds.Read)
{
result.AppendLine(BuildGrant(Sprocs.GetLatestRecord.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetDistinctStringSerializedIds.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetLatestStringSerializedObject.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetInternalRecordIds.Name, execute));
result.AppendLine(BuildGrant(Tables.Record.Table.Name, read));
result.AppendLine(BuildGrant(Tables.RecordTag.Table.Name, read));
}
else if (singleStreamAccessKind == StreamAccessKinds.Write)
{
result.AppendLine(BuildGrant(Sprocs.PutRecord.Name, execute));
result.AppendLine(BuildGrant(Sprocs.GetNextUniqueLong.Name, execute));
result.AppendLine(BuildGrant(Tables.NextUniqueLong.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.Record.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.RecordTag.Table.Name, readWrite));
}
else if (singleStreamAccessKind == StreamAccessKinds.Handle)
{
result.AppendLine(BuildGrant(Sprocs.TryHandleRecord.Name, execute));
result.AppendLine(BuildGrant(Sprocs.PutHandling.Name, execute));
result.AppendLine(BuildGrant(Tables.Record.Table.Name, read));
result.AppendLine(BuildGrant(Tables.RecordTag.Table.Name, read));
result.AppendLine(BuildGrant(Tables.Handling.Table.Name, readWrite));
result.AppendLine(BuildGrant(Tables.HandlingTag.Table.Name, readWrite));
}
else if (singleStreamAccessKind == StreamAccessKinds.Manage)
{
result.AppendLine(BuildGrant(Sprocs.CreateStreamUser.Name, execute));
}
else
{
throw new NotSupportedException(Invariant($"{nameof(StreamAccessKinds)} {singleStreamAccessKind} is not supported for granting table/sproc/function access."));
}
return(result.ToString());
}
