/// <summary> /// Get or create Cosmos permission (resource tokens) base on role (AD group) /// It will create Cosmos permision if does not exist /// </summary> /// <param name="rolePermission">The role permission record</param> /// <returns>A permission class or null</returns> private async Task <PermissionProperties> GetOrCreatePermission(CosmosRolePermission rolePermission) { // get cosmos permission by id: role_name/table_name var permission = await CosmosService.Instance.GetPermission(Name, rolePermission.Table); if (permission == null) { // create permission if not exist var newPermission = await rolePermission.CreateCosmosPermission(Name, rolePermission.Table); if (newPermission != null) { return(newPermission); } else { Logger.Log?.LogWarning($"error create permission ${Name} ${rolePermission.Table}"); } } else { if ((rolePermission.Permission.EqualsIgnoreCase("read") && permission.PermissionMode != PermissionMode.Read) || (rolePermission.Permission.EqualsIgnoreCase("read-write") && permission.PermissionMode != PermissionMode.All)) { // rolePermission is changed, need to update in cosmos var updatedPermission = await CosmosService.Instance.ReplacePermission(Name, rolePermission.Table, rolePermission.Permission.EqualsIgnoreCase("read"), rolePermission.Table); if (updatedPermission != null) { return(updatedPermission); } else { Logger.Log?.LogWarning($"error update permission ${Name} ${rolePermission.Table}"); } } else { return(permission); } } return(null); }
/// <summary> /// Get or create Cosmos permission for a user /// </summary> /// <param name="rolePermission">The role permission record</param> /// <returns>A permission class or null</returns> private async Task <PermissionProperties> GetOrCreateUserPermissions(CosmosRolePermission rolePermission) { var permission = await CosmosService.Instance.GetPermission(ObjectId, rolePermission.Table); if (permission == null) { // create permission if not exist var newPermission = await rolePermission.CreateCosmosPermission(ObjectId, rolePermission.Table, ObjectId); if (newPermission != null) { return(newPermission); } else { Logger.Log?.LogError($"error create permission ${ObjectId} ${rolePermission.Table}"); } } else { if ((rolePermission.Permission.EqualsIgnoreCase("id-read") && permission.PermissionMode == PermissionMode.All) || (rolePermission.Permission.EqualsIgnoreCase("id-read-write") && permission.PermissionMode == PermissionMode.Read)) { // rolePermission is changed, need to update in cosmos var updatedPermission = await CosmosService.Instance.ReplacePermission(ObjectId, rolePermission.Table, rolePermission.Permission.EqualsIgnoreCase("id-read"), rolePermission.Table, partition : ObjectId); if (updatedPermission != null) { return(updatedPermission); } else { Logger.Log?.LogError($"error update permission ${ObjectId} ${rolePermission.Table}"); } } else { return(permission); } } return(null); }