public void create_will_set_all_fields_and_create_v2()
{
// Arrange
var capabilityId = Guid.NewGuid();
var capabilityName = new CapabilityName("Foo");
var capabilityRootId = "foo-1234556"; // We decide between version with rootId
var capabilityDescription = "bar";
var awsAccountId = "2222222222222";
var awsRoleArn = "arn:aws:iam::528563840976:role/ADFS-Developer";
var awsRoleEmail = "*****@*****.**";
var domainMembership = new Membership(Guid.NewGuid(), new Member("*****@*****.**"));
var domainContext = new Context(Guid.NewGuid(), "baa", awsAccountId, awsRoleArn, awsRoleEmail);
var domainCapability = new Capability(
capabilityId,
capabilityName,
capabilityRootId,
capabilityDescription,
new [] { domainMembership },
new [] { domainContext }
);
// Act
var capabilityDto = WebApi.Infrastructure.Api.DTOs.CapabilityADSync.Create(domainCapability);
// Assert
Assert.Equal(capabilityRootId, capabilityDto.Identifier);
Assert.False(capabilityDto.IsV1);
var membershipDto = capabilityDto.Members.Single();
Assert.Equal(domainMembership.Member.Email, membershipDto.Email);
}
public CapabilityBuilder()
{
_id = new Guid("11111111-1111-1111-1111-111111111111");
_name = new CapabilityName("Foo");
_rootId = "foo-582a4";
_description = "bar";
_memberships = new Membership[0];
_contexts = new Context[0];
}
internal PrintTicketFeature GetBasePTFeatureObject(CapabilityName feature)
{
switch (feature)
{
case CapabilityName.DocumentCollate:
return(this.DocumentCollate);
case CapabilityName.PageDeviceFontSubstitution:
return(this.PageDeviceFontSubstitution);
case CapabilityName.JobDuplex:
return(this.JobDuplex);
case CapabilityName.JobInputBin:
return(this.JobInputBin);
case CapabilityName.DocumentInputBin:
return(this.DocumentInputBin);
case CapabilityName.PageInputBin:
return(this.PageInputBin);
case CapabilityName.PageOutputColor:
return(this.PageOutputColor);
case CapabilityName.PageOutputQuality:
return(this.PageOutputQuality);
case CapabilityName.PageBorderless:
return(this.PageBorderless);
case CapabilityName.PageMediaType:
return(this.PageMediaType);
case CapabilityName.JobPageOrder:
return(this.JobPageOrder);
case CapabilityName.PageOrientation:
return(this.PageOrientation);
case CapabilityName.JobNUp:
return(this.JobNUp.PresentationDirection);
case CapabilityName.PagePhotoPrintingIntent:
return(this.PagePhotoPrintingIntent);
case CapabilityName.JobStaple:
return(this.JobStaple);
case CapabilityName.PageTrueTypeFontMode:
return(this.PageTrueTypeFontMode);
default:
return(null);
}
}
/// <summary>
/// Gets a Boolean value indicating whether the device supports a specific capability.
/// </summary>
/// <param name="feature">Capability feature to check for device support.</param>
/// <returns>True if the capability is supported. False otherwise.</returns>
/// <exception cref="ArgumentOutOfRangeException">
/// The <paramref name="feature"/> parameter is not a standard feature defined in <see cref="CapabilityName"/>.
/// </exception>
public bool SupportsCapability(CapabilityName feature)
{
// Verify input parameter
if (feature < PrintSchema.CapabilityNameEnumMin ||
feature > PrintSchema.CapabilityNameEnumMax)
{
throw new ArgumentOutOfRangeException("feature");
}
return(_pcRootFeatures[(int)feature] != null);
}
/// <summary>
/// <see cref="ITableauPermissionService.DeleteDefaultCapabilityAsync"/>
/// </summary>
public async Task DeleteDefaultCapabilityAsync(
string projectId,
ResourceType resourceType,
GranteeType granteeType,
string granteeId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
await DeleteDefaultPermissionAsync(
projectId,
resourceType,
BuildDefaultPermission(granteeType, granteeId, capabilityName, capabilityMode)
).ConfigureAwait(false);
}
public ValueTask <Capability> Create(string name, string description)
{
var capabilityName = new CapabilityName(name);
var id = Guid.NewGuid();
var capability = new Capability(
id: id,
name: capabilityName,
rootId: GenerateRootId(name, id),
description: description,
memberships: Enumerable.Empty <Membership>(),
contexts: Enumerable.Empty <Context>()
);
return(new ValueTask <Capability>(capability));
}
/// <summary>
/// <see cref="ITableauPermissionService.AddDefaultCapabilityAsync"/>
/// </summary>
public async Task <TableauPermission> AddDefaultCapabilityAsync(
string projectId,
ResourceType resourceType,
GranteeType granteeType,
string granteeId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
return(await AddDefaultPermissionAsync(
projectId,
resourceType,
BuildDefaultPermission(granteeType, granteeId, capabilityName, capabilityMode)
).ConfigureAwait(false));
}
/// <summary>
/// Build permission for specified resource (e.g. datasource, project, workbook), user/group, and capability
/// </summary>
/// <param name="granteeType"></param>
/// <param name="granteeId"></param>
/// <param name="capabilityName"></param>
/// <param name="capabilityMode"></param>
public static TableauPermission BuildDefaultPermission(
GranteeType granteeType,
string granteeId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
var permission = new TableauPermission();
var granteeCapabilities = new TableauGranteeCapabilities();
switch (granteeType)
{
case GranteeType.Group:
granteeCapabilities.Group = new TableauGroup()
{
Id = granteeId
};
break;
case GranteeType.User:
granteeCapabilities.User = new TableauUser()
{
Id = granteeId
};
break;
default:
throw new Exception("Unsupported user/group type");
}
granteeCapabilities.Capabilities = new TableauCapabilities()
{
Capability = new TableauCapability[] {
new TableauCapability()
{
Name = capabilityName.ToString(),
Mode = capabilityMode.ToString()
}
}
};
permission.GranteeCapabilities = new TableauGranteeCapabilities[] { granteeCapabilities };
return(permission);
}
/// <returns>Bool true if any change to policies have been made</returns>
public async Task <bool> SyncPoliciesAsync(RoleName roleName, Func <PolicyTemplate, string> policyTemplateFormatter = default)
{
var policyTemplates = await _policyTemplateRepository.GetLatestAsync();
var policiesResponse =
await _client.ListRolePoliciesAsync(new ListRolePoliciesRequest { RoleName = roleName });
var namesOfPoliciesToDelete =
FindPolicyNamesWithoutTemplates(policiesResponse.PolicyNames, policyTemplates);
await _identityManagementClient.DeleteRolePoliciesAsync(roleName, namesOfPoliciesToDelete);
var capabilityName = new CapabilityName(roleName);
var policies = policyTemplates.Select(p => Policy.Create(p, policyTemplateFormatter));
var policiesAdded = await _identityManagementClient.PutPoliciesAsync(roleName, policies);
return(namesOfPoliciesToDelete.Any() & policiesAdded.Any());
}
/// <summary>
/// <see cref="ITableauPermissionService.DeleteCapabilityAsync"/>
/// </summary>
public async Task DeleteCapabilityAsync(
ResourceType resourceType,
string resourceId,
GranteeType userGroupType,
string userGroupId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
await DeletePermissionAsync(
BuildPermission(
resourceType,
resourceId,
userGroupType,
userGroupId,
capabilityName,
capabilityMode
)
).ConfigureAwait(false);
}
/// <summary>
/// <see cref="ITableauPermissionService.AddCapabilityAsync"/>
/// </summary>
public async Task <TableauPermission> AddCapabilityAsync(
ResourceType resourceType,
string resourceId,
GranteeType userGroupType,
string userGroupId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
return(await AddPermissionAsync(
BuildPermission(
resourceType,
resourceId,
userGroupType,
userGroupId,
capabilityName,
capabilityMode
)
).ConfigureAwait(false));
}
/// <summary>
/// Build permission for specified resource (e.g. datasource, project, workbook), user/group, and capability
/// </summary>
/// <param name="resourceType"></param>
/// <param name="resourceId"></param>
/// <param name="granteeType"></param>
/// <param name="granteeId"></param>
/// <param name="capabilityName"></param>
/// <param name="capabilityMode"></param>
public static TableauPermission BuildPermission(
ResourceType resourceType,
string resourceId,
GranteeType granteeType,
string granteeId,
CapabilityName capabilityName,
CapabilityMode capabilityMode
)
{
var permission = BuildDefaultPermission(granteeType, granteeId, capabilityName, capabilityMode);
switch (resourceType)
{
case ResourceType.Datasource:
permission.Datasource = new TableauDatasource()
{
Id = resourceId
};
break;
case ResourceType.Project:
permission.Project = new TableauProject()
{
Id = resourceId
};
break;
case ResourceType.Workbook:
permission.Workbook = new TableauWorkbook()
{
Id = resourceId
};
break;
default:
// default permission
break;
}
return(permission);
}
public void CapabilityName_Will_Be_Replaced_In_Document()
{
// Arrange
var name = "foo";
var document = "foo capabilityName";
var policyTemplate = new PolicyTemplate(name, document);
var capabilityName = new CapabilityName("baaa");
Func <PolicyTemplate, string> policyTemplateFormatter = (template) =>
{
return(template.Document.Replace("capabilityName", capabilityName.ToString().ToLower()));
};
// Act
var policy = Policy.Create(policyTemplate, policyTemplateFormatter);
// Assert
var expectedDocument = "foo baaa";
Assert.Equal(expectedDocument, policy.Document);
}
public void create_will_set_all_fields()
{
// Arrange
var capabilityId = Guid.NewGuid();
var capabilityName = new CapabilityName("Foo");
var capabilityRootId = "foo-1234556";
var capabilityDescription = "bar";
var domainMembership = new Membership(Guid.NewGuid(), new Member("*****@*****.**"));
var domainContext = new Context(Guid.NewGuid(), "baa");
var domainCapability = new Capability(
capabilityId,
capabilityName,
capabilityRootId,
capabilityDescription,
new [] { domainMembership },
new [] { domainContext }
);
// Act
var capabilityDto = WebApi.Infrastructure.Api.DTOs.Capability.Create(domainCapability);
// Assert
Assert.Equal(capabilityId, capabilityDto.Id);
Assert.Equal(capabilityName.Name, capabilityDto.Name);
Assert.Equal(capabilityRootId, capabilityDto.RootId);
Assert.Equal(capabilityDescription, capabilityDto.Description);
var membershipDto = capabilityDto.Members.Single();
Assert.Equal(domainMembership.Member.Email, membershipDto.Email);
var contextDto = capabilityDto.Contexts.Single();
Assert.Equal(domainContext.Id, contextDto.Id);
Assert.Equal(domainContext.Name, contextDto.Name);
}
public Type VerifyUploader(int megabytes, bool useAsync, CapabilityName[] capabilityNames)
{
var shareFileClient = GetShareFileClient();
var testFolder = new Folder { Name = RandomString(30) + ".txt" };
var file = GetFileToUpload(1024 * 1024 * megabytes, false);
var uploadSpec = new UploadSpecificationRequest(file.Name, file.Length, testFolder.url);
if (capabilityNames != null)
{
uploadSpec.ProviderCapabilities =
new List<Capability>(capabilityNames.Select(x => new Capability { Name = x }));
}
UploaderBase uploader;
if (useAsync)
{
uploader = shareFileClient.GetAsyncFileUploader(uploadSpec, file);
}
else
{
uploader = shareFileClient.GetFileUploader(uploadSpec, file);
}
return uploader.GetType();
}
/// <summary>
/// Process record.
/// </summary>
protected override void ProcessRecord()
{
IEnumerable <Sid> sids;
switch (ParameterSetName)
{
case "sddl":
sids = Sddl.Select(s => new Sid(s));
break;
case "name":
sids = Name.Select(s => NtSecurity.LookupAccountName(s));
break;
case "service":
sids = ServiceName.Select(s => NtSecurity.GetServiceSid(s));
break;
case "il":
sids = IntegrityLevel.Select(s => NtSecurity.GetIntegritySid(s));
break;
case "il_raw":
sids = IntegrityLevelRaw.Select(s => NtSecurity.GetIntegritySidRaw(s));
break;
case "package":
sids = PackageName.Select(s => TokenUtils.DerivePackageSidFromName(s));
if (RestrictedPackageName != null)
{
sids = sids.Select(s => TokenUtils.DeriveRestrictedPackageSidFromSid(s, RestrictedPackageName));
}
if (AsCapability)
{
sids = sids.Select(s => NtSecurity.PackageSidToCapability(s));
}
break;
case "known":
sids = KnownSid.Select(s => KnownSids.GetKnownSid(s));
break;
case "token":
using (NtToken token = NtToken.OpenProcessToken())
{
Sid temp = null;
if (PrimaryGroup)
{
temp = token.PrimaryGroup;
}
else if (Owner)
{
temp = token.Owner;
}
else if (LogonGroup)
{
temp = token.LogonSid.Sid;
}
else if (AppContainer)
{
temp = token.AppContainerSid;
}
else if (Label)
{
temp = token.IntegrityLevelSid.Sid;
}
else
{
temp = token.User.Sid;
}
sids = new[] { temp };
}
break;
case "cap":
sids = CapabilityName.Select(s => CapabilityGroup ? NtSecurity.GetCapabilityGroupSid(s)
: NtSecurity.GetCapabilitySid(s));
break;
case "sid":
sids = new[] { new Sid(SecurityAuthority, RelativeIdentifier ?? new uint[0]) };
break;
case "rawsa":
sids = new[] { new Sid(new SidIdentifierAuthority(SecurityAuthorityByte), RelativeIdentifier) };
break;
case "logon":
sids = new[] { NtSecurity.GetLogonSessionSid() };
break;
case "trust":
sids = new[] { NtSecurity.GetTrustLevelSid(TrustType, TrustLevel) };
break;
case "ace":
sids = AccessControlEntry.Select(a => a.Sid);
break;
case "relsid":
sids = new[] { Sibling?BaseSid.CreateSibling(RelativeIdentifier) : BaseSid.CreateRelative(RelativeIdentifier) };
break;
case "bytes":
sids = new[] { new Sid(Byte) };
break;
default:
throw new ArgumentException("No SID type specified");
}
if (AsSddl)
{
WriteObject(sids.Select(s => s.ToString()), true);
}
else if (AsName)
{
WriteObject(sids.Select(s => s.Name), true);
}
else
{
WriteObject(sids, true);
}
}
