private void AddRules <TAccessRule>( IEntityAccessRestrictable <TAccessRule> entity, IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules, Dictionary <int, Role> roles, Dictionary <string, IUserAreaDefinition> userAreas, IExecutionContext executionContext ) where TAccessRule : IEntityAccessRule, new() { foreach (var addRuleCommand in accessRules.Where(r => !r.GetId().HasValue)) { var dbRule = new TAccessRule(); var userAreaDefinition = userAreas.GetOrDefault(addRuleCommand.UserAreaCode); EntityNotFoundException.ThrowIfNull(userAreaDefinition, addRuleCommand.RoleId); dbRule.UserAreaCode = userAreaDefinition.UserAreaCode; if (addRuleCommand.RoleId.HasValue) { var role = roles.GetOrDefault(addRuleCommand.RoleId.Value); EntityNotFoundException.ThrowIfNull(role, addRuleCommand.RoleId); ValidateRoleIsInUserArea(userAreaDefinition, role); dbRule.Role = role; } _entityAuditHelper.SetCreated(dbRule, executionContext); entity.AccessRules.Add(dbRule); } }
private void UpdateRules <TAccessRule>( IEntityAccessRestrictable <TAccessRule> entity, IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules, Dictionary <int, Role> roles, Dictionary <string, IUserAreaDefinition> userAreas) where TAccessRule : IEntityAccessRule { foreach (var updateRuleCommand in accessRules.Where(r => r.GetId().HasValue)) { var id = updateRuleCommand.GetId(); var dbRule = entity .AccessRules .FilterById(id.Value) .SingleOrDefault(); EntityNotFoundException.ThrowIfNull(dbRule, id); var userAreaDefinition = userAreas.GetOrDefault(updateRuleCommand.UserAreaCode); EntityNotFoundException.ThrowIfNull(userAreaDefinition, updateRuleCommand.RoleId); dbRule.UserAreaCode = userAreaDefinition.UserAreaCode; if (updateRuleCommand.RoleId.HasValue) { var role = roles.GetOrDefault(updateRuleCommand.RoleId.Value); EntityNotFoundException.ThrowIfNull(role, updateRuleCommand.RoleId); ValidateRoleIsInUserArea(userAreaDefinition, role); dbRule.Role = role; } else { dbRule.Role = null; } } }
private static void DeleteRules <TAccessRule>(IEntityAccessRestrictable <TAccessRule> entity, IEnumerable <AddOrUpdateAccessRuleCommandBase> accessRules) where TAccessRule : IEntityAccessRule { var rulesToDelete = entity .AccessRules .Where(r => !accessRules.Any(x => x.GetId() == r.GetId())) .ToList(); foreach (var rule in rulesToDelete) { entity.AccessRules.Remove(rule); } }
private AccessRuleViolationAction ParseViolationAction <TAccessRule>(IEntityAccessRestrictable <TAccessRule> dbEntity) where TAccessRule : IEntityAccessRule { var violationAction = EnumParser.ParseOrNull <AccessRuleViolationAction>(dbEntity.AccessRuleViolationActionId); if (violationAction == null) { _logger.LogWarning( "AccessRuleViolationAction of value {AccessRuleViolationAction} could not be parsed on rule type {TAccessRule}.", dbEntity.AccessRuleViolationActionId, typeof(TAccessRule).Name ); } return(violationAction ?? AccessRuleViolationAction.Error); }
public EntityAccessRuleSet Map <TAccessRule>(IEntityAccessRestrictable <TAccessRule> entity) where TAccessRule : IEntityAccessRule { if (entity == null) { throw new ArgumentNullException(nameof(entity)); } MissingIncludeException.ThrowIfNull(entity, e => e.AccessRules); if (!entity.AccessRules.Any()) { // no rules, so return null rather than an empty ruleset return(null); } var violationAction = EnumParser.ParseOrNull <AccessRuleViolationAction>(entity.AccessRuleViolationActionId); if (violationAction == null) { _logger.LogWarning( "AccessRuleViolationAction of value {AccessRuleViolationAction} could not be parsed on rule type {TAccessRule}.", entity.AccessRuleViolationActionId, typeof(TAccessRule).Name ); } var result = new EntityAccessRuleSet() { ViolationAction = violationAction ?? AccessRuleViolationAction.Error }; if (!string.IsNullOrWhiteSpace(entity.UserAreaCodeForSignInRedirect)) { var userArea = _userAreaDefinitionRepository.GetRequiredByCode(entity.UserAreaCodeForSignInRedirect); result.UserAreaCodeForSignInRedirect = userArea.UserAreaCode; } result.AccessRules = entity .AccessRules .OrderByDefault() .Select(r => MapAccessRule(r)) .ToArray(); return(result); }
public async Task UpdateAsync <TAccessRule, TAddOrUpdateAccessRuleCommand>( IEntityAccessRestrictable <TAccessRule> entity, UpdateAccessRuleSetCommandBase <TAddOrUpdateAccessRuleCommand> command, IExecutionContext executionContext ) where TAccessRule : IEntityAccessRule, new() where TAddOrUpdateAccessRuleCommand : AddOrUpdateAccessRuleCommandBase { var accessRules = EnumerableHelper.Enumerate(command.AccessRules); var roles = await GetRolesAsync(accessRules); var userAreas = await GetUserAreasAsync(accessRules, executionContext); DeleteRules(entity, accessRules); UpdateRules(entity, accessRules, roles, userAreas); AddRules(entity, accessRules, roles, userAreas, executionContext); UpdateEntity(entity, command, userAreas); }
private async Task MapAccessRules <TAccessRule, TEntityAccessRuleSummary>( IEntityAccessRestrictable <TAccessRule> dbEntity, IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result, IExecutionContext executionContext, Action <TAccessRule, TEntityAccessRuleSummary> ruleMapper ) where TAccessRule : IEntityAccessRule where TEntityAccessRuleSummary : IEntityAccessRuleSummary, new() { var userAreas = await _queryExecutor.ExecuteAsync(new GetAllUserAreaMicroSummariesQuery(), executionContext); var roleIds = dbEntity .AccessRules .Where(r => r.RoleId.HasValue) .Select(r => r.RoleId.Value) .ToArray(); IDictionary <int, RoleMicroSummary> roles = null; if (roleIds.Any()) { roles = await _queryExecutor.ExecuteAsync(new GetRoleMicroSummariesByIdRangeQuery(roleIds), executionContext); } foreach (var dbRule in dbEntity .AccessRules .OrderByDefault()) { var rule = new TEntityAccessRuleSummary(); ruleMapper(dbRule, rule); rule.UserArea = userAreas.SingleOrDefault(a => a.UserAreaCode == dbRule.UserAreaCode); EntityNotFoundException.ThrowIfNull(rule.UserArea, dbRule.UserAreaCode); if (dbRule.RoleId.HasValue) { rule.Role = roles.GetOrDefault(dbRule.RoleId.Value); EntityNotFoundException.ThrowIfNull(rule.Role, dbRule.RoleId.Value); } result.AccessRules.Add(rule); } }
public async Task MapAsync <TAccessRule, TEntityAccessRuleSummary>( IEntityAccessRestrictable <TAccessRule> dbEntity, IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result, IExecutionContext executionContext, Action <TAccessRule, TEntityAccessRuleSummary> ruleMapper ) where TAccessRule : IEntityAccessRule where TEntityAccessRuleSummary : IEntityAccessRuleSummary, new() { if (dbEntity == null) { throw new ArgumentNullException(nameof(dbEntity)); } if (result == null) { throw new ArgumentNullException(nameof(result)); } if (executionContext == null) { throw new ArgumentNullException(nameof(executionContext)); } if (ruleMapper == null) { throw new ArgumentNullException(nameof(ruleMapper)); } result.ViolationAction = ParseViolationAction(dbEntity); if (result.AccessRules == null) { result.AccessRules = new List <TEntityAccessRuleSummary>(); } if (!dbEntity.AccessRules.Any()) { return; } await MapAccessRules(dbEntity, result, executionContext, ruleMapper); MapUserAreaForSignInRedirect(dbEntity, result); }
private static void UpdateEntity <TAccessRule, TAddOrUpdateAccessRuleCommand>( IEntityAccessRestrictable <TAccessRule> entity, UpdateAccessRuleSetCommandBase <TAddOrUpdateAccessRuleCommand> command, Dictionary <string, IUserAreaDefinition> userAreas ) where TAccessRule : IEntityAccessRule where TAddOrUpdateAccessRuleCommand : AddOrUpdateAccessRuleCommandBase { entity.AccessRuleViolationActionId = (int)command.ViolationAction; if (string.IsNullOrEmpty(command.UserAreaCodeForSignInRedirect)) { entity.UserAreaCodeForSignInRedirect = null; } else { var userArea = userAreas.GetOrDefault(command.UserAreaCodeForSignInRedirect); EntityNotFoundException.ThrowIfNull(userArea, command.UserAreaCodeForSignInRedirect); entity.UserAreaCodeForSignInRedirect = userArea.UserAreaCode; } }
private void MapUserAreaForSignInRedirect <TAccessRule, TEntityAccessRuleSummary>( IEntityAccessRestrictable <TAccessRule> dbEntity, IEntityAccessRuleSetDetails <TEntityAccessRuleSummary> result ) where TAccessRule : IEntityAccessRule where TEntityAccessRuleSummary : IEntityAccessRuleSummary { if (dbEntity.UserAreaCodeForSignInRedirect != null) { result.UserAreaForSignInRedirect = result .AccessRules .Select(r => r.UserArea) .Where(a => a.UserAreaCode == dbEntity.UserAreaCodeForSignInRedirect) .FirstOrDefault(); if (result.UserAreaForSignInRedirect == null) { _logger.LogWarning( "UserAreaCodeForSignInRedirect of value '{UserAreaCodeForSignInRedirect}' is expected to exist in the AccessRules collection, but could not be found.", dbEntity.UserAreaCodeForSignInRedirect ); } } }