//TODO: maybe instead of for accepting a collection here, just take in one by one
        private async Task <List <Permission> > GetReadOnlyCollectionPermissions(string userId, List <string> collectionNames)
        {
            List <Permission> collectionPermissions = new List <Permission>();

            foreach (var collName in collectionNames)
            {
                Permission collPermission = new Permission();
                try
                {
                    // permission names are unique to the user
                    var collPermissionId = $"{userId}-{collName}";

                    // Read the permission from Cosmos (will throw a 404 if it doesn't exist)
                    collPermission = await Client.ReadPermissionAsync(UriFactory.CreatePermissionUri(databaseId, userId, collPermissionId));
                }
                catch (DocumentClientException dcx)
                {
                    if (dcx.StatusCode == HttpStatusCode.NotFound)
                    {
                        // Permission doesn't exist. First make sure the user exists
                        await CreateUserIfNotExistAsync(userId);

                        // New up a permissions for that user
                        var newPermission = new Permission
                        {
                            PermissionMode = PermissionMode.Read,
                            Id             = $"{userId}-{collName}",
                            ResourceLink   = UriFactory.CreateDocumentCollectionUri(databaseId, collName).ToString()
                        };

                        collPermission = await Client.CreatePermissionAsync(UriFactory.CreateUserUri(databaseId, userId), newPermission);
                    }
                    else
                    {
                        throw dcx;
                    }
                }

                // Add a document of this permission to Cosmos for caching reasons (so we don't have to grab it if it hasn't expired)
                var expires         = Convert.ToInt32(DateTime.UtcNow.Subtract(BeginningOfTime).TotalSeconds) + 3600;
                var permissionToken = new CollectionPermissionToken
                {
                    Expires              = expires,
                    UserId               = userId,
                    ResourceId           = collName,
                    SerializedPermission = SerializePermission(collPermission)
                };
                await CacheUserCollectionToken(permissionToken);

                collectionPermissions.Add(collPermission);
            }

            return(collectionPermissions);
        }
        private async Task <Permission> RetrieveCachedPermission(string userId, string objectToGet)
        {
            CollectionPermissionToken permissionDocument = await Client.ReadDocumentAsync <CollectionPermissionToken>(
                UriFactory.CreateDocumentUri(databaseId, collectionId, $"{userId}-{objectToGet}-permission")
                );

            if (permissionDocument == null)
            {
                return(null);
            }

            int expires    = permissionDocument.Expires;
            int fiveMinAgo = Convert.ToInt32(DateTime.UtcNow.AddMinutes(-5).Subtract(BeginningOfTime).TotalSeconds);

            if (expires > fiveMinAgo)
            {
                // deserialize the permission
                string serializedPermission = permissionDocument.SerializedPermission;

                using (var memStream = new MemoryStream())
                {
                    using (var streamWriter = new StreamWriter(memStream))
                    {
                        streamWriter.Write(serializedPermission.ToString());
                        streamWriter.Flush();
                        memStream.Position = 0;

                        var permission = Permission.LoadFrom <Permission>(memStream);

                        streamWriter.Close();

                        return(permission);
                    }
                }
            }
            return(null);
        }
        private async Task CacheUserCollectionToken(CollectionPermissionToken token)
        {
            token.Id = $"{token.UserId}-{token.ResourceId}-permission";

            await Client.UpsertDocumentAsync(UriFactory.CreateDocumentCollectionUri(databaseId, collectionId), token);
        }