public async Task DeleteResource(ScampResource docDbResource) { await _resourceRepository.DeleteResource(docDbResource.Id); }
public async Task<bool> UpdateResource(ScampResource resource) { await _resourceRepository.UpdateResource(resource); return true; }
public async Task<ScampResourceSummary> Post(string groupId, [FromBody]ScampResourceSummary groupResource) { // set up resource to be created // need some preliminary values for the authorization check var grpRef = new ScampResourceGroupReference() { Id = groupId }; var res = new ScampResource() { Id = Guid.NewGuid().ToString("d"), ResourceGroup = grpRef, Name = Regex.Replace(groupResource.Name.ToLowerInvariant(), "[^a-zA-Z0-9]", ""), ResourceType = ResourceType.VirtualMachine, //State = ResourceState.Allocated }; // can user preform this action var checkPermission = await CanManageResource(res, ResourceAction.Create); if (!checkPermission) { //TODO return error } await _resourceRepository.CreateResource(res); return Mapper.Map<ScampResourceSummary>(res); }
public async Task<string> GetCloudServiceName(ScampResource scampResource) { var grp = await _groupRepository.GetGroup(scampResource.ResourceGroup.Id); return grp.Name.ToLower(); }
// this method will see if the requesting user has permissions to take the action on the // specified resource private async Task<bool> CanManageResource(ScampResource resource, ResourceAction action) { ScampUser currentUser = await _securityHelper.GetOrCreateCurrentUser(); // System admin can do everything EXCEPT create a resource // to create a resource, you must be a group admin if (action != ResourceAction.Create && currentUser.IsSystemAdmin) return true; //Sysadmin can do everything // Resource owner can also do anything to their resource except create var owner = resource.Owners.Find(user => user.Id == currentUser.Id); // if current user is in list of resource owners, allow action if (action != ResourceAction.Create && owner != null) return true; // Resource's Group Managers can do anything to the resources in groups // they manage var rscGroup = currentUser.GroupMembership.Find(grp => grp.Id == resource.ResourceGroup.Id); // if current user is a manager of the group that owns the resource, allow action if (rscGroup != null && rscGroup.isManager) return true; // if no positive results, default to false and deny action return false; }