/// <summary>
/// Assign permissions to a user.
/// </summary>
/// <param name="id">The ID of the user to assign permissions to.</param>
/// <param name="request">A <see cref="AssignPermissionsRequest" /> containing the permission identifiers to assign to the user.</param>
/// <returns>A <see cref="Task"/> that represents the asynchronous assignment operation.</returns>
public Task AssignPermissionsAsync(string id, AssignPermissionsRequest request)
{
return(Connection.PostAsync <object>("users/{id}/permissions", request, null, null,
new Dictionary <string, string> {
{ "id", id },
}, null, null));
}
/// <summary>
/// Remove permissions assigned to a role.
/// </summary>
/// <param name="id">The ID of the role to remove permissions from.</param>
/// <param name="request">A <see cref="AssignPermissionsRequest" /> containing the permission identifiers to remove from the role.</param>
/// <returns>A <see cref="Task"/> that represents the asynchronous remove operation.</returns>
public Task RemovePermissionsAsync(string id, AssignPermissionsRequest request)
{
return(Connection.DeleteAsync <object>("roles/{id}/permissions", request,
new Dictionary <string, string> {
{ "id", id },
}, null));
}
public async Task Test_permissions_can_be_retrieved()
{
var newRoleRequest = new RoleCreateRequest
{
Name = $"{Guid.NewGuid():N}role",
Description = $"{Guid.NewGuid():N}description",
};
var role = await _apiClient.Roles.CreateAsync(newRoleRequest);
var assignPermissionsRequest = new AssignPermissionsRequest
{
Permissions = new List <PermissionIdentity>
{
new PermissionIdentity {
Name = "dotnet:testing", Identifier = "dotnet-testing",
}
}
};
await _apiClient.Roles.AssignPermissionsAsync(role.Id, assignPermissionsRequest);
var userPermissions = await _apiClient.Roles.GetPermissionsAsync(role.Id, new PaginationInfo(0, 50, true));
Assert.Equal(1, userPermissions.Count);
await _apiClient.Roles.RemovePermissionsAsync(role.Id, assignPermissionsRequest);
await _apiClient.Roles.DeleteAsync(role.Id);
}
public async Task Test_roles_assign_unassign_permission_to_role()
{
// Add a new role
var newRoleRequest = new RoleCreateRequest
{
Name = $"{Guid.NewGuid():N}role",
Description = $"{Guid.NewGuid():N}description",
};
var role = await _apiClient.Roles.CreateAsync(newRoleRequest);
role.Should().NotBeNull();
role.Name.Should().Be(newRoleRequest.Name);
role.Description.Should().Be(newRoleRequest.Description);
// Get a resource server
var resourceServer = await _apiClient.ResourceServers.GetAsync("5cccc711773967081270a036");
var originalScopes = resourceServer.Scopes.ToList();
// Create a permission/scope
var newScope = new ResourceServerScope {
Value = $"{Guid.NewGuid():N}scope", Description = "Integration test"
};
// Update resource server with new scope
resourceServer = await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
{
Scopes = originalScopes.Concat(new[] { newScope }).ToList(),
});
// Associate a permission with the role
var assignPermissionsRequest = new AssignPermissionsRequest()
{
Permissions = new[] { new PermissionIdentity {
Identifier = resourceServer.Identifier, Name = newScope.Value
} }
};
await _apiClient.Roles.AssignPermissionsAsync(role.Id, assignPermissionsRequest);
// Ensure the permission is associated with the role
var associatedPermissions = await _apiClient.Roles.GetPermissionsAsync(role.Id, new PaginationInfo());
associatedPermissions.Should().NotBeNull();
associatedPermissions.Should().HaveCount(1);
associatedPermissions.First().Identifier.Should().Be(resourceServer.Identifier);
associatedPermissions.First().Name.Should().Be(newScope.Value);
// Unassociate a permission with the role
await _apiClient.Roles.RemovePermissionsAsync(role.Id, assignPermissionsRequest);
// Ensure the permission is unassociated with the role
associatedPermissions = await _apiClient.Roles.GetPermissionsAsync(role.Id, new PaginationInfo());
associatedPermissions.Should().NotBeNull();
associatedPermissions.Should().HaveCount(0);
// Clean Up - Remove the permission from the resource server
resourceServer = await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
{
Scopes = originalScopes
});
// Clean Up - Remove the role
await _apiClient.Roles.DeleteAsync(role.Id);
}
/// <summary>
/// Removes permissions assigned to a user.
/// </summary>
/// <param name="id">The ID of the user to remove permissions from.</param>
/// <param name="request">A <see cref="AssignPermissionsRequest" /> containing the permission identifiers to remove from the user.</param>
/// <returns>A <see cref="Task"/> that represents the asynchronous remove operation.</returns>
public Task RemovePermissionsAsync(string id, AssignPermissionsRequest request)
{
return(Connection.SendAsync <object>(HttpMethod.Delete, BuildUri($"users/{EncodePath(id)}/permissions"), request, DefaultHeaders));
}
public async Task Test_roles_assign_unassign_permission_to_user()
{
var userCreateRequest = new UserCreateRequest
{
Connection = _connection.Name,
Email = $"{Guid.NewGuid():N}@nonexistingdomain.aaa",
EmailVerified = true,
Password = Password
};
var user = await _apiClient.Users.CreateAsync(userCreateRequest);
// Get a resource server
var resourceServer = await _apiClient.ResourceServers.GetAsync("5cccc711773967081270a036");
var originalScopes = resourceServer.Scopes.ToList();
// Create a permission/scope
var newScope = new ResourceServerScope {
Value = $"{Guid.NewGuid():N}scope", Description = "Integration test"
};
// Update resource server with new scope
resourceServer = await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
{
Scopes = originalScopes.Concat(new[] { newScope }).ToList(),
});
// Associate a permission with the user
var assignPermissionsRequest = new AssignPermissionsRequest()
{
Permissions = new[] { new PermissionIdentity {
Identifier = resourceServer.Identifier, Name = newScope.Value
} }
};
await _apiClient.Users.AssignPermissionsAsync(user.UserId, assignPermissionsRequest);
// Ensure the permission is associated with the user
var associatedPermissions = await _apiClient.Users.GetPermissionsAsync(user.UserId, new PaginationInfo());
associatedPermissions.Should().NotBeNull();
associatedPermissions.Should().HaveCount(1);
associatedPermissions.First().Identifier.Should().Be(resourceServer.Identifier);
associatedPermissions.First().Name.Should().Be(newScope.Value);
// Unassociate a permission with the user
await _apiClient.Users.RemovePermissionsAsync(user.UserId, assignPermissionsRequest);
// Ensure the permission is unassociated with the user
associatedPermissions = await _apiClient.Users.GetPermissionsAsync(user.UserId, new PaginationInfo());
associatedPermissions.Should().NotBeNull();
associatedPermissions.Should().HaveCount(0);
// Clean Up - Remove the permission from the resource server
await _apiClient.ResourceServers.UpdateAsync(resourceServer.Id, new ResourceServerUpdateRequest
{
Scopes = originalScopes
});
// Clean Up - Remove the user
await _apiClient.Users.DeleteAsync(user.UserId);
}
/// <summary>
/// Assign permissions to a user.
/// </summary>
/// <param name="id">The ID of the user to assign permissions to.</param>
/// <param name="request">A <see cref="AssignPermissionsRequest" /> containing the permission identifiers to assign to the user.</param>
/// <returns>A <see cref="Task"/> that represents the asynchronous assignment operation.</returns>
public Task AssignPermissionsAsync(string id, AssignPermissionsRequest request)
{
return(Connection.SendAsync <object>(HttpMethod.Post, BuildUri($"users/{id}/permissions"), request, DefaultHeaders));
}
