public IActionResult Get() { // somehow determine what the resource, action and schema are var resource = CRN.FromValue("crn:farm/1"); var action = ResourceAction.FromValue("iam:owner"); var schema = CSN.FromValue("csn:ag-data:farm"); // validate permissions var permissionsValid = this.ValidatePermissions(resource, action, schema); if (!permissionsValid) { return(Forbid()); } var rng = new Random(); return(Ok(Enumerable.Range(1, 5).Select(index => new WeatherForecast { Date = DateTime.Now.AddDays(index), TemperatureC = rng.Next(-20, 55), Summary = Summaries[rng.Next(Summaries.Length)] }) .ToArray())); }
public CRNData(CRN crn) { this.colFirst = crn.colFirst; this.colLast = crn.colLast; this.rw = crn.rw; this.oper = crn.oper; }
public static IEnumerable <object[]> PartiallyValidPermissions() { yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Data.Read, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/*:*") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Data.Read, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/*") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Data.Read, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/1234:herd/*") } }); }
public void Revoke(CRN resource, CPN principal, CSN schema = null) { var found = this.storage.FindBy(it => it.Principal == principal && it.Resources.Any(r => { if (resource.IncludesWildcard) { return(resource.IsWildcardMatch(r.Identifier)); } return(r.Identifier == resource); })); if (schema != default(CSN)) { found = found.Where(f => f.Resources.Any(r => r.Schema == schema)); } var keys = found.Select(f => f.GetHash()); foreach (var k in keys) { this.storage.Remove(k); } }
private Resource ToModel(Persistance.Models.Resource resource) { var identifier = CRN.FromValue(resource.CanonicalName); var actions = resource.Actions.Select(a => ResourceAction.FromValue(a.Action.CanonicalName)).ToArray(); return(Resource.FromIdentifier(identifier).WithActions(actions)); }
private IEnumerable <Resource> Find(CRN resource, IEnumerable <Resource> resources) { if (resource.IncludesWildcard) { return(resources.Where(r => resource.IsWildcardMatch(r.Identifier))); } return(resources.Where(r => r.Identifier == resource)); }
public IEnumerable <DataProvider> All() { return(this.context.DataProviders.Include(p => p.Principal).ToList().Select(p => new DataProvider() { Principal = CPN.FromValue(p.Principal.CanonicalName), Identifier = CRN.FromValue(p.CanonicalName), Name = p.Name })); }
public static IEnumerable <object[]> InvalidPermissions() { yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Identified.Individual, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/88756") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Iam.Owner, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/8876:*") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Iam.Delegated, Principal = Identities.Admin, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/88756") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Iam.Delegated, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/88756") } }); yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Iam.Owner, Principal = Identities.DanielB, Schema = Schemas.NumbersOnProperty, Resource = CRN.FromValue("crn:farm/*:herd/88756") } }); }
public void Remove(CRN identifier) { var found = this.context.DataProviders.FirstOrDefault(p => p.CanonicalName == identifier.ToString()); if (found == null) { return; } this.context.Remove(found); this.context.SaveChanges(); }
private PermissionGrant ToModel(Persistance.Models.PermissionGrant entity) { return(new PermissionGrant() { Id = entity.PermissionGrantId, Principal = CPN.FromValue(entity.Principal.CanonicalName), Schema = CSN.FromValue(entity.Schema.CanonicalName), Actions = entity.Actions.Select(a => ResourceAction.FromValue(a.Action.CanonicalName)).ToList(), Resource = entity.Resources.Select(r => CRN.FromValue(r.Resource.CanonicalName)).ToList() }); }
public void AllActionsValidForResources(CRN resource, ResourceAction action) { // Arrange var storage = new MockResourceStorage().Setup(); var resourceValidator = new ResourceValidator(storage); // Act var result = resourceValidator.Validate(resource, action); // Assert result.IsValid.Should().BeTrue(); }
public void AllResourcesAreInvalid(CRN resource) { // Arrange var storage = new MockResourceStorage().Setup(); var resourceValidator = new ResourceValidator(storage); // Act var result = resourceValidator.Validate(resource); // Assert result.IsValid.Should().BeFalse(); }
public void FindSpecificResource(CRN rn) { // Arrange var storage = new MockResourceStorage().Setup(); var resourceFinder = new ResourceFinder(storage); // Act var result = resourceFinder.Find(rn); // Assert result.Should().ContainSingle(r => r.Identifier == rn); }
public void ResourceNotFound(CRN rn) { // Arrange var storage = new MockResourceStorage().Setup(); var resourceFinder = new ResourceFinder(storage); // Act var result = resourceFinder.Find(rn); // Assert result.Should().BeEmpty(); }
public void FindResourcesByWildcard(CRN resource, IEnumerable <Resource> expectedResources) { // Arrange var storage = new MockResourceStorage().Setup(); var resourceFinder = new ResourceFinder(storage); // Act var result = resourceFinder.Find(resource); // Assert result.Should().BeEquivalentTo(expectedResources); }
public IEnumerable <DataSource> GetSources(CRN identifier) { return(this.context.DataSources .Include(x => x.Provider) .Where(s => s.Provider.CanonicalName == identifier.ToString()) .ToList() .Select(s => new DataSource() { Identifier = CRN.FromValue(s.CanonicalName), Provider = CRN.FromValue(s.Provider.CanonicalName) })); }
public override Resource ReadJson(JsonReader reader, Type objectType, Resource existingValue, bool hasExistingValue, JsonSerializer serializer) { var token = JToken.Load(reader); if (token.Type == JTokenType.Object) { CRN identifier = null; ResourceAction[] actions = null; foreach (var t in token.Children()) { if (t.Path == "identifier") { identifier = CRN.FromValue(t.First.Value <string>()); continue; } if (t.Path == "action") { var values = t.Values(); actions = values.Select(v => ResourceAction.FromValue(v.Value <string>())).ToArray(); continue; } } if (actions != null) { return(Resource.FromIdentifier(identifier).WithActions(actions)); } return(Resource.FromIdentifier(identifier)); } if (token.Type == JTokenType.String) { var value = serializer.Deserialize <CRN>(token.CreateReader()); return(Resource.FromIdentifier(value)); } try { if (token.Value <CRN>() == default) { return(null); } var value = serializer.Deserialize <CRN>(reader); return(Resource.FromIdentifier(value)); } catch { return(null); } }
public IActionResult Delete(string resource) { var resourceName = CRN.FromValue(HttpUtility.UrlDecode(resource)); var found = this.storage.FindByIdentifier(resourceName).FirstOrDefault(); if (found == null) { return(NotFound()); } this.storage.Remove(found); return(Ok(resource)); }
public static IEnumerable <object[]> ValidPermissions() { yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Data.Read, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/*:herd/88756") } }); //yield return new object[] //{ // new PermissionTicketRequest() // { // Action = ResourceActions.Data.Read, // Principal = Identities.DanielB, // Schema = Schemas.MilkPickup, // Resource = CRN.FromValue("crn:farm/*:herd/88756:*") // } //}; yield return(new object[] { new PermissionTicketRequest() { Action = ResourceActions.Data.Read, Principal = Identities.DanielB, Schema = Schemas.MilkPickup, Resource = CRN.FromValue("crn:farm/1234:herd/88756") } }); //yield return new object[] //{ // new PermissionTicketRequest() // { // Action = ResourceActions.Data.Read, // Principal = Identities.DanielB, // Schema = Schemas.MilkPickup, // Resource = CRN.FromValue("crn:farm/1234:herd/88756:*") // } //}; }
public static bool ValidatePermissions <T>( this T controller, CRN resource, ResourceAction action, CSN schema) where T : ControllerBase { var principal = controller.User; // parse out resources var resourceClaims = principal.Claims.Where(c => c.Type.StartsWith("resource")); var resourcesAllowed = resourceClaims.Select(c => { var base64 = c.Value; var json = base64.FromBase64Encoded(); return(JsonConvert.DeserializeObject <PermissionTicketResource>(json)); }); // find resources matching schema var forSchema = resourcesAllowed.Where(r => r.Schema == schema).ToList(); if (!forSchema.Any()) { return(false); } // find resources matching either wildcard or direct match var matching = forSchema.Where(r => { if (resource.IncludesWildcard) { return(resource.IsWildcardMatch(r.Identifier)); } return(resource == r.Identifier); }).ToList(); if (!matching.Any()) { return(false); } // find resources matching required action var withAction = matching.Where(r => r.Actions.Contains(action)); return(withAction.Any()); }
public ValidationResult <CRN> Validate(CRN resource) { if (!resource.IsValid) { return(ValidationResult <CRN> .Invalid(resource, InvalidResourceName)); } if (resource.Parts.Any(p => p.Contains("*"))) { return(ValidationResult <CRN> .Invalid(resource, ResourceNameCannotContainAny)); } var exists = this.storage.FindByIdentifier(resource); if (exists?.Any() == true) { return(ValidationResult <CRN> .Valid(resource)); } return(ValidationResult <CRN> .Invalid(resource, ResourceDoesNotExist)); }
public void RemovePolicy(CRN identifier, CSN schema) { var provider = this.context.DataProviders.FirstOrDefault(p => p.CanonicalName == identifier.ToString()); var foundSchema = this.context.Schemas.FirstOrDefault(s => s.CanonicalName == schema.ToString()); if (provider == null || foundSchema == null) { return; } var found = this.context.DataProviderPolicies.FirstOrDefault(p => p.DataProviderId == provider.DataProviderId && p.SchemaId == foundSchema.SchemaId); if (found == null) { return; } this.context.Remove(found); this.context.SaveChanges(); }
public IEnumerable <DataProviderPolicy> GetPoliciesForSchema(CSN schema) { return(this.context.DataProviderPolicies .Include(p => p.Provider) .Include(p => p.Schema) .Include(p => p.PolicyItems) .ThenInclude(i => i.Principal) .Where(p => p.Schema.CanonicalName == schema.ToString()) .ToList() .Select(p => new DataProviderPolicy() { Provider = CRN.FromValue(p.Provider.CanonicalName), Schema = CSN.FromValue(p.Schema.CanonicalName), Rule = p.PolicyItems.Select(i => new DataProviderPolicyRule() { Principal = CPN.FromValue(i.Principal.CanonicalName), Allow = i.Allow, Deny = i.Deny }).ToList() })); }
public void TicketIsRevoked() { // Arrange var resourceMask = CRN.FromParts("farm/*", "herd/*"); var ticket = this.manager.Request(new PermissionTicketRequest() { Schema = Schemas.MilkPickup, Action = ResourceActions.Iam.Owner, Principal = Identities.DanielB, Resource = resourceMask }); var ticketHash = ticket.GetHash(); // Act this.manager.Revoke(resourceMask, Identities.DanielB); // Assert var validationResult = this.manager.Validate(ticket); var existing = this.storage.Find(ticketHash); validationResult.Should().BeFalse(); existing.Should().BeNull(); }
public ValidationResult <CRN, ResourceAction> Validate(CRN resource, ResourceAction action) { var resourceValid = Validate(resource); if (!resourceValid.IsValid) { return(ValidationResult <CRN, ResourceAction> .Invalid(resource, action, resourceValid.Reason)); } var found = this.storage.FindByIdentifier(resource).FirstOrDefault(); if (found == null) { return(ValidationResult <CRN, ResourceAction> .Invalid(resource, action, ResourceDoesNotExist)); } if (!found.ValidActions.Contains(action)) { return(ValidationResult <CRN, ResourceAction> .Invalid(resource, action, ActionInvalidForResource)); } return(ValidationResult <CRN, ResourceAction> .Valid(resource, action)); }
public static DataProviderPolicy ForProvider(CRN provider) => new DataProviderPolicy() { Provider = provider };
public IEnumerable <DataProviderPolicy> GetPolicies(CRN identifier) => this.policies.Where(p => p.Provider == identifier);
public IEnumerable <DataSource> GetSources(CRN identifier) => this.sources.Where(s => s.Provider == identifier);
public void RemovePolicy(CRN identifier, CSN schema) => this.policies.RemoveAll(p => p.Provider == identifier && p.Schema == schema);
public void Remove(CRN identifier) => this.providers.RemoveAll(p => p.Identifier == identifier);