public static void AppendNewPermission(TweezersObject newObject)
{
TweezersObject rolesObj = TweezersSchemaFactory.Find(RolesSchemaName, true, true);
TweezersFieldProperties fieldProperties =
Schemas.PermissionTemplateFieldProperties.Deserialize <TweezersFieldProperties>();
fieldProperties.Name = newObject.CollectionName;
fieldProperties.DisplayName = newObject.PluralName;
rolesObj.Fields["permissions"].FieldProperties.ObjectReference.Fields.Add(newObject.CollectionName,
new TweezersField()
{
FieldProperties = fieldProperties
});
SafeAddSchema(rolesObj);
DefaultPermission permission = newObject.DefaultPermission;
TweezersMultipleResults <JObject> roles = rolesObj.FindInDb(TweezersSchemaFactory.DatabaseProxy, FindOptions <JObject> .Default(0, int.MaxValue), true);
foreach (JObject role in roles.Items)
{
role["permissions"][newObject.CollectionName] = permission.ToString();
rolesObj.Update(TweezersSchemaFactory.DatabaseProxy, role["_id"].ToString(), role);
}
}
public ActionResult <JObject> Delete(string id)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject objectMetadata =
TweezersSchemaFactory.Find(CollectionName, WithInternalObjects, true);
JObject role = objectMetadata.GetById(TweezersSchemaFactory.DatabaseProxy, id, true);
if (role == null)
{
return TweezersOk(TweezersGeneralResponse.Create("Deleted"));
}
if (role["isBuiltInRole"]?.ToString().ToLower() == "true")
{
return TweezersBadRequest("Cannot delete a built-in role");
}
long count = IdentityManager.GetUsersByRoleId(id).Count;
if (count > 0)
{
return TweezersBadRequest(
$"Role is being used by {count} users, please change their role first.");
}
bool deleted = objectMetadata.Delete(TweezersSchemaFactory.DatabaseProxy, id);
return TweezersOk();
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Delete", DefaultPermission.Edit, CollectionName));
}
protected ActionResult <TweezersMultipleResults <JObject> > List(string collection,
int skip = 0, int take = 10, string sortField = "", string direction = "asc",
DefaultPermission?minimalPermission = null)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
FindOptions <JObject> predicate = new FindOptions <JObject>()
{
Skip = skip,
Take = take,
SortField = sortField,
SortDirection = direction == "asc" ? SortDirection.Ascending : SortDirection.Descending,
};
TweezersObject objectMetadata = TweezersSchemaFactory.Find(collection, WithInternalObjects);
TweezersMultipleResults <JObject> results =
objectMetadata.FindInDb(TweezersSchemaFactory.DatabaseProxy, predicate);
HandleReferenceObjects(objectMetadata, results);
return TweezersOk(results);
}
catch (TweezersValidationException)
{
return TweezersNotFound();
}
}, "List", minimalPermission ?? DefaultPermission.View, collection));
}
public ActionResult Login([FromBody] LoginRequest request)
{
if (!IdentityManager.UsingIdentity)
{
return(TweezersNotFound());
}
try
{
if (Authenticate(request, out JObject user))
{
string sessionId = Guid.NewGuid().ToString();
user[IdentityManager.SessionIdKey] = sessionId;
user[IdentityManager.SessionExpiryKey] = (DateTime.Now + SessionTimeout).ToFileTimeUtc()
.ToString(CultureInfo.InvariantCulture);
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName,
true, true);
usersObjectMetadata.Update(TweezersSchemaFactory.DatabaseProxy, user["_id"].ToString(),
user.Just(IdentityManager.SessionIdKey, IdentityManager.SessionExpiryKey));
return(TweezersOk(user.Just(_loginResponseBody))
.WithSecureCookie(Response, IdentityManager.SessionIdKey, sessionId));
}
return(TweezersUnauthorized("Bad username or password"));
}
catch (TweezersValidationException e)
{
return(TweezersBadRequest(e.Message));
}
}
public ActionResult Logout()
{
if (!IdentityManager.UsingIdentity)
{
return(TweezersNotFound());
}
try
{
JObject user = GetUserBySessionId();
if (user == null)
{
return(TweezersOk());
}
JObject payload = new JObject()
{
[IdentityManager.SessionExpiryKey] = (DateTime.Now - 1.Hours()).ToFileTimeUtc().ToString()
};
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName,
true, true);
usersObjectMetadata.Update(TweezersSchemaFactory.DatabaseProxy, user["_id"].ToString(), payload);
return(TweezersOk());
}
catch (TweezersValidationException e)
{
return(TweezersBadRequest(e.Message));
}
}
public ActionResult <TweezersObject> Get(string collectionName, [FromQuery] bool internalObj)
{
return(WrapWithAuthorizationCheck(() =>
{
if (collectionName == TweezersSchemaKey && SchemaManagement.CanChangeSchema)
{
return TweezersOk(SchemaManagement.SchemaMetadata);
}
try
{
TweezersObject objectMetadata =
TweezersSchemaFactory.Find(collectionName, withInternalObjects: internalObj);
objectMetadata.Fields = objectMetadata.Fields.OrderBy(f => f.Value.FieldProperties.OrderNum)
.ToDictionary(f => f.Key, f => f.Value);
return TweezersOk(objectMetadata);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Get", DefaultPermission.None, TweezersSchemaKey));
}
public static void EditPermissionName(TweezersObject editedObject)
{
TweezersObject rolesObj = TweezersSchemaFactory.Find(RolesSchemaName, true, true);
TweezersField field = rolesObj.Fields["permissions"].FieldProperties.ObjectReference.Fields[editedObject.CollectionName];
field.FieldProperties.DisplayName = editedObject.PluralName;
SafeAddSchema(rolesObj);
}
public static TweezersMultipleResults <JObject> GetUsersByRoleId(string roleId)
{
FindOptions <JObject> sessionIdPredicate = new FindOptions <JObject>()
{
Predicate = (u) => u["roleId"].ToString().Equals(roleId, StringComparison.InvariantCultureIgnoreCase),
Take = 1,
};
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find(UsersCollectionName, true);
return(usersObjectMetadata.FindInDb(TweezersSchemaFactory.DatabaseProxy, sessionIdPredicate, true));
}
public static void RegisterIdentity()
{
TweezersObject rolesSchema = CreateRolesSchema();
SafeAddSchema(rolesSchema);
CreateDefaultRoles();
var usersSchema = CreateUsersSchema();
SafeAddSchema(usersSchema, true);
UsingIdentity = true;
}
public void Run()
{
IEnumerable <string> collections = DatabaseProxy.GetCollections().Intersect(_tweezersInternalSchemas);
foreach (string collection in collections)
{
TweezersObject obj = TweezersSchemaFactory.Find(collection, false, true, true);
if (obj == null)
{
// Create TweezersObj instance for collection
}
}
}
public static TweezersInternalSettings Init()
{
if (File.Exists(internalSettingsFileName))
{
string settings = File.ReadAllText(internalSettingsFileName);
TweezersInternalSettings internalSettings = settings.Deserialize <TweezersInternalSettings>();
TweezersSchemaFactory.DatabaseProxy = GetDatabaseProxyInstance(internalSettings.DBDetails);
SchemaManagement.CanChangeSchema = internalSettings.AppDetails.CanChangeSchema;
if (internalSettings.AppDetails.UseIdentity)
{
IdentityManager.RegisterIdentity();
if (!TweezersRuntimeSettings.Instance.IsInitialized)
{
string username = internalSettings.AppDetails.InitialUsername;
JObject user = UsersController.FindUser(username);
if (user != null)
{
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName,
true, true);
usersObjectMetadata.Delete(TweezersSchemaFactory.DatabaseProxy, user["_id"].ToString());
}
UsersController.CreateUser(new CreateUserRequest()
{
Username = username,
Password = internalSettings.AppDetails.InitialPassword,
Name = "Administrator",
RoleId = Schemas.AdministratorRoleTemplate.Deserialize <JObject>()["_id"].ToString(),
});
}
}
if (internalSettings.Schema != null)
{
foreach (TweezersObject obj in internalSettings.Schema)
{
if (TweezersSchemaFactory.Find(obj.CollectionName, safe: true) == null)
{
TweezersSchemaFactory.AddObject(obj);
}
}
}
Instance = internalSettings;
}
return(Instance);
}
public static JObject FindUser(string username)
{
FindOptions <JObject> userOpts = new FindOptions <JObject>()
{
Predicate = (u) => u["username"].ToString().Equals(username),
Take = 1
};
TweezersObject usersObjectMetadata =
TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName, true, true);
return(usersObjectMetadata.FindInDb(TweezersSchemaFactory.DatabaseProxy, userOpts, true)?.Items
.SingleOrDefault());
}
public ActionResult <TweezersObject> Post([FromBody] TweezersObject data)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject obj = ReplaceTweezersObject(data);
IdentityManager.AppendNewPermission(obj);
SchemaManagement.AddObjectReference(obj.CollectionName);
return TweezersCreated(obj);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Post", DefaultPermission.Edit, TweezersSchemaKey));
}
private static TweezersObject ReplaceTweezersObject(TweezersObject data)
{
data.Fields = data.Fields.ToDictionary(kvp => kvp.Value.FieldProperties.Name, kvp => kvp.Value);
JObject dataAsJObject = JObject.FromObject(data, Serializer.JsonSerializer);
dataAsJObject["fields"] = JArray.FromObject(
data.Fields.Select(kvp => JObject.FromObject(kvp.Value.FieldProperties, Serializer.JsonSerializer)));
TweezersValidationResult validationResult =
SchemaManagement.SchemaMetadata.Validate(dataAsJObject, false);
TweezersSchemaFactory.AddObject(data);
TweezersObject obj = TweezersSchemaFactory.Find(data.CollectionName);
return(obj);
}
public static JObject CreateUser(CreateUserRequest suggestedUser)
{
JObject user = new JObject
{
["username"] = suggestedUser.Username,
["passwordHash"] = Hash.Create(suggestedUser.Password),
["name"] = suggestedUser.Name,
["roleId"] = suggestedUser.RoleId,
};
TweezersObject usersObjectMetadata =
TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName, true, true);
usersObjectMetadata.Validate(user, false);
user = usersObjectMetadata.Create(TweezersSchemaFactory.DatabaseProxy, user, suggestedUser.Username);
return(user);
}
private static void SafeAddSchema(TweezersObject schema, bool addPermission = false)
{
if (TweezersSchemaFactory.Find(schema.CollectionName, true, safe: true) == null)
{
TweezersSchemaFactory.AddObject(schema);
if (addPermission)
{
AppendNewPermission(schema);
}
}
else
{
TweezersSchemaFactory.DeleteObject(schema.CollectionName);
TweezersSchemaFactory.AddObject(schema);
}
}
public static void DeletePermission(string deletedCollectionName)
{
TweezersObject rolesObj = TweezersSchemaFactory.Find(RolesSchemaName, true, true);
rolesObj.Fields["permissions"].FieldProperties.ObjectReference.Fields.Remove(deletedCollectionName);
SafeAddSchema(rolesObj);
TweezersMultipleResults <JObject> roles = rolesObj.FindInDb(TweezersSchemaFactory.DatabaseProxy, FindOptions <JObject> .Default(0, int.MaxValue), true);
foreach (JObject role in roles.Items)
{
JObject permissions = JObject.FromObject(role["permissions"]);
permissions.Remove(deletedCollectionName);
role["permissions"] = permissions;
rolesObj.Update(TweezersSchemaFactory.DatabaseProxy, role["_id"].ToString(), role);
}
}
private static void CreateDefaultRoles()
{
JObject administrator = Schemas.AdministratorRoleTemplate.Deserialize <JObject>();
TweezersObject rolesObj = TweezersSchemaFactory.Find(RolesSchemaName, true, true);
if (rolesObj.GetById(TweezersSchemaFactory.DatabaseProxy, administrator["_id"].ToString()) == null)
{
JObject permissions = new JObject();
foreach (string collectionName in rolesObj.Fields["permissions"].FieldProperties.ObjectReference.Fields.Keys)
{
permissions.Add(collectionName, DefaultPermission.Edit.ToString());
}
administrator["permissions"] = permissions;
rolesObj.Create(TweezersSchemaFactory.DatabaseProxy, administrator, administrator["_id"].ToString());
}
}
protected ActionResult <JObject> Post(string collection, JObject data, string suggestedId = null,
DefaultPermission?minimalPermission = null)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject objectMetadata = TweezersSchemaFactory.Find(collection, WithInternalObjects);
objectMetadata.Validate(data, false);
JObject createdObj =
objectMetadata.Create(TweezersSchemaFactory.DatabaseProxy, data, suggestedId);
return TweezersCreated(createdObj);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Post", minimalPermission ?? DefaultPermission.Edit, collection));
}
public static JObject FindUserBySessionId(string sessionId, bool allFields = false)
{
FindOptions <JObject> sessionIdPredicate = new FindOptions <JObject>()
{
Predicate = (u) =>
{
bool sessionIdEq = u[SessionIdKey]?.ToString().Equals(sessionId) ?? false;
var sessionExpiryTime = long.Parse(u[SessionExpiryKey]?.ToString() ?? "0");
var now = DateTime.Now.ToFileTimeUtc();
bool sessionExpiryOk = sessionExpiryTime > now;
return(sessionIdEq && sessionExpiryOk);
},
Take = 1,
};
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find(UsersCollectionName, true, allFields);
return(usersObjectMetadata.FindInDb(TweezersSchemaFactory.DatabaseProxy, sessionIdPredicate, allFields)
?.Items.SingleOrDefault());
}
private static void HandleReferenceObjects(TweezersObject objectMetadata, TweezersMultipleResults <JObject> results)
{
IEnumerable <KeyValuePair <string, TweezersField> > fields =
objectMetadata.Fields.Where(f =>
f.Value.FieldProperties.FieldType == TweezersFieldType.Object &&
!string.IsNullOrWhiteSpace(f.Value.FieldProperties.ObjectName));
Dictionary <string, TweezersObject> referenceObjects = fields
.Select(f =>
{
string key = f.Key;
TweezersObject value = TweezersSchemaFactory.Find(f.Value.FieldProperties.ObjectName,
true, true, true);
return(new KeyValuePair <string, TweezersObject>(key, value));
})
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
foreach (var obj in referenceObjects)
{
IEnumerable <string> objIds = results.Items.Select(r => r[obj.Key]?.ToString()).Where(v => !string.IsNullOrWhiteSpace(v)).Distinct();
string titleFieldId = obj.Value.Fields.Single(f => f.Value.FieldProperties.UiTitle).Key;
Dictionary <string, string> idToTitle = objIds.Select(id =>
{
string title =
obj.Value.GetById(TweezersSchemaFactory.DatabaseProxy, id, true)[titleFieldId]
.ToString();
return(new KeyValuePair <string, string>(id, title));
})
.ToDictionary(kvp => kvp.Key, kvp => kvp.Value);
foreach (JObject item in results.Items)
{
string refKey = item[obj.Key]?.ToString();
if (string.IsNullOrWhiteSpace(refKey))
{
continue;
}
item[obj.Key] = idToTitle[refKey];
}
}
}
public ActionResult <JObject> Patch(string id, [FromBody] CreateUserRequest patchRequest)
{
if (!IdentityManager.UsingIdentity)
{
return(TweezersNotFound());
}
return(WrapWithAuthorizationCheck(() =>
{
try
{
if (FindUser(patchRequest.Username) == null)
{
throw new TweezersValidationException(TweezersValidationResult.Reject($"Unable to find user"));
}
JObject userJObject = JObject.FromObject(patchRequest, Serializer.JsonSerializer);
if (patchRequest.Password != null)
{
TweezersValidationResult passwordOk =
UsersLoginSchema.Fields["password"].Validate(patchRequest.Password);
if (!passwordOk.Valid)
{
throw new TweezersValidationException(passwordOk);
}
userJObject["passwordHash"] = Hash.Create(patchRequest.Password);
}
TweezersObject usersObjectMetadata = TweezersSchemaFactory.Find
(IdentityManager.UsersCollectionName, true, true);
usersObjectMetadata.Validate(userJObject, true);
JObject user = usersObjectMetadata.Update(TweezersSchemaFactory.DatabaseProxy, id, userJObject);
return TweezersOk(user);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Patch", DefaultPermission.Edit, IdentityManager.UsersCollectionName));
}
private ActionResult DoChangePassword(JObject user, ChangePasswordRequest changePasswordRequest)
{
JObject passwordChange = new JObject()
{
["passwordHash"] = Hash.Create(changePasswordRequest.NewPassword)
};
try
{
TweezersObject usersObjectMetadata =
TweezersSchemaFactory.Find(IdentityManager.UsersCollectionName, true);
usersObjectMetadata.Update(TweezersSchemaFactory.DatabaseProxy, user["_id"].ToString(),
passwordChange);
return(TweezersOk(TweezersGeneralResponse.Create("OK")));
}
catch
{
return(TweezersBadRequest("Could not update password"));
}
}
protected ActionResult <JObject> Get(string collection, string id, DefaultPermission?minimalPermission = null)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject objectMetadata = TweezersSchemaFactory.Find(collection, WithInternalObjects);
JObject obj = objectMetadata.GetById(TweezersSchemaFactory.DatabaseProxy, id);
if (obj == null)
{
return TweezersNotFound();
}
return TweezersOk(obj);
}
catch (TweezersValidationException)
{
return TweezersNotFound();
}
}, "Get", minimalPermission ?? DefaultPermission.View, collection));
}
private static TweezersObject CreateRolesSchema()
{
TweezersObject rolesInitialSchema = Schemas.RolesMetaJson.Deserialize <TweezersObject>();
IEnumerable <TweezersObject> additionalInternalSchemas = new[] { rolesInitialSchema };
if (SchemaManagement.CanChangeSchema)
{
additionalInternalSchemas = additionalInternalSchemas.Append(SchemaManagement.SchemaMetadata);
}
IEnumerable <TweezersObject> otherObjects =
TweezersSchemaFactory.GetAll(true).Concat(additionalInternalSchemas);
TweezersObject permissionsObjectReference =
rolesInitialSchema.Fields["permissions"].FieldProperties.ObjectReference;
foreach (TweezersObject @object in otherObjects)
{
TweezersFieldProperties fieldProperties =
Schemas.PermissionTemplateFieldProperties.Deserialize <TweezersFieldProperties>();
fieldProperties.Name = @object.CollectionName;
fieldProperties.DisplayName = @object.PluralName;
if (permissionsObjectReference.Fields.ContainsKey(@object.CollectionName))
{
continue;
}
permissionsObjectReference.Fields.Add(@object.CollectionName,
new TweezersField()
{
FieldProperties = fieldProperties
});
}
return(rolesInitialSchema);
}
protected ActionResult <JObject> Delete(string collection, string id,
DefaultPermission?minimalPermission = null)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject objectMetadata = TweezersSchemaFactory.Find(collection, WithInternalObjects);
if (objectMetadata.GetById(TweezersSchemaFactory.DatabaseProxy, id) == null)
{
return TweezersOk(TweezersGeneralResponse.Create("Deleted"));
}
bool deleted = objectMetadata.Delete(TweezersSchemaFactory.DatabaseProxy, id);
return TweezersOk();
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Delete", minimalPermission ?? DefaultPermission.Edit, collection));
}
public ActionResult <TweezersObject> Patch(string collectionName, [FromBody] TweezersObject data)
{
return(WrapWithAuthorizationCheck(() =>
{
if (collectionName == TweezersSchemaKey)
{
return TweezersNotFound();
}
try
{
data.CollectionName = collectionName;
TweezersObject obj = ReplaceTweezersObject(data);
IdentityManager.EditPermissionName(obj);
return TweezersOk(obj);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Patch", DefaultPermission.Edit, TweezersSchemaKey));
}
protected ActionResult <JObject> Patch(string collection, string id, JObject data,
DefaultPermission?minimalPermission = null)
{
return(WrapWithAuthorizationCheck(() =>
{
try
{
TweezersObject objectMetadata = TweezersSchemaFactory.Find(collection, WithInternalObjects);
JObject obj = objectMetadata.GetById(TweezersSchemaFactory.DatabaseProxy, id);
if (obj == null)
{
return TweezersNotFound();
}
objectMetadata.Validate(data, true);
JObject updatedObj = objectMetadata.Update(TweezersSchemaFactory.DatabaseProxy, id, data);
return TweezersOk(updatedObj);
}
catch (TweezersValidationException e)
{
return TweezersBadRequest(e.Message);
}
}, "Patch", minimalPermission ?? DefaultPermission.Edit, collection));
}
private TweezersObjectReferenceValidator(string objectCollectionName)
{
ObjectCollectionName = objectCollectionName;
ObjectReference = TweezersSchemaFactory.Find(objectCollectionName, true, true, true);
}
static UsersController()
{
UsersLoginSchema = Schemas.UserExternalSchema.Deserialize <TweezersObject>();
}
