/// <summary>
/// Get or create Cosmos permission (resource tokens) base on role (AD group)
/// It will create Cosmos permision if does not exist
/// </summary>
/// <param name="rolePermission">The role permission record</param>
/// <returns>A permission class or null</returns>
private async Task <PermissionProperties> GetOrCreatePermission(CosmosRolePermission rolePermission)
{
// get cosmos permission by id: role_name/table_name
var permission = await CosmosService.Instance.GetPermission(Name, rolePermission.Table);
if (permission == null)
{
// create permission if not exist
var newPermission = await rolePermission.CreateCosmosPermission(Name, rolePermission.Table);
if (newPermission != null)
{
return(newPermission);
}
else
{
Logger.Log?.LogWarning($"error create permission ${Name} ${rolePermission.Table}");
}
}
else
{
if ((rolePermission.Permission.EqualsIgnoreCase("read") && permission.PermissionMode != PermissionMode.Read) ||
(rolePermission.Permission.EqualsIgnoreCase("read-write") && permission.PermissionMode != PermissionMode.All))
{
// rolePermission is changed, need to update in cosmos
var updatedPermission = await CosmosService.Instance.ReplacePermission(Name, rolePermission.Table,
rolePermission.Permission.EqualsIgnoreCase("read"), rolePermission.Table);
if (updatedPermission != null)
{
return(updatedPermission);
}
else
{
Logger.Log?.LogWarning($"error update permission ${Name} ${rolePermission.Table}");
}
}
else
{
return(permission);
}
}
return(null);
}
/// <summary>
/// Get or create Cosmos permission for a user
/// </summary>
/// <param name="rolePermission">The role permission record</param>
/// <returns>A permission class or null</returns>
private async Task <PermissionProperties> GetOrCreateUserPermissions(CosmosRolePermission rolePermission)
{
var permission = await CosmosService.Instance.GetPermission(ObjectId, rolePermission.Table);
if (permission == null)
{
// create permission if not exist
var newPermission = await rolePermission.CreateCosmosPermission(ObjectId, rolePermission.Table, ObjectId);
if (newPermission != null)
{
return(newPermission);
}
else
{
Logger.Log?.LogError($"error create permission ${ObjectId} ${rolePermission.Table}");
}
}
else
{
if ((rolePermission.Permission.EqualsIgnoreCase("id-read") && permission.PermissionMode == PermissionMode.All) ||
(rolePermission.Permission.EqualsIgnoreCase("id-read-write") && permission.PermissionMode == PermissionMode.Read))
{
// rolePermission is changed, need to update in cosmos
var updatedPermission = await CosmosService.Instance.ReplacePermission(ObjectId, rolePermission.Table,
rolePermission.Permission.EqualsIgnoreCase("id-read"), rolePermission.Table, partition : ObjectId);
if (updatedPermission != null)
{
return(updatedPermission);
}
else
{
Logger.Log?.LogError($"error update permission ${ObjectId} ${rolePermission.Table}");
}
}
else
{
return(permission);
}
}
return(null);
}
