public async Task <IActionResult> RemoveUserClaim([FromQuery] string userPrincipalName, [FromQuery] string categoryName) { try { /* Validate whether authenticated user is samples administrator */ string authenticatedUserPrincipalName = User.Identity.Name; bool isAdmin = _administrators.Administrators.Contains(authenticatedUserPrincipalName); if (!isAdmin) { return(new JsonResult( $"{userPrincipalName} is not authorized to remove the user claim.") { StatusCode = StatusCodes.Status401Unauthorized }); } if (string.IsNullOrEmpty(userPrincipalName) || string.IsNullOrEmpty(categoryName)) { return(new JsonResult($"Provide both the user principal name and category name in the search parameters. " + $"e.g. /api/GraphExplorerSamplesAdmin?userprincipalname=john.doe@microsoft.com&categoryname=users") { StatusCode = StatusCodes.Status400BadRequest }); } // Get the list of policies SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync(); // Remove the user claim in the given category policy SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.RemoveUserClaim(policies, categoryName, userPrincipalName); string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList); await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource); // Get the category policy that has just been updated CategoryPolicy categoryPolicy = updatedPoliciesList.CategoryPolicies.FirstOrDefault(x => x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase)); return(Ok(categoryPolicy)); } catch (InvalidOperationException invalidOpsException) { // One or more parameters values do not exist in the list of category policies return(new JsonResult(invalidOpsException.Message) { StatusCode = StatusCodes.Status404NotFound }); } catch (Exception exception) { return(new JsonResult(exception.Message) { StatusCode = StatusCodes.Status500InternalServerError }); } }
public async Task <IActionResult> UpdateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy) { try { /* Validate whether authenticated user is samples administrator */ string userPrincipalName = User.Identity.Name; bool isAdmin = _administrators.Administrators.Contains(userPrincipalName); if (!isAdmin) { return(new JsonResult($"{userPrincipalName} is not authorized to update the user claim.") { StatusCode = StatusCodes.Status403Forbidden }); } // Get the list of policies SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync(); // Update the user claim in the given category policy SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy); string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList); await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource); // Fetch the category policy with the updated user claim categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName); // Success; return the user claim in the category policy that was just updated return(Ok(categoryPolicy)); } catch (InvalidOperationException invalidOpsException) { // Category policy provided doesn't exist return(new JsonResult(invalidOpsException.Message) { StatusCode = StatusCodes.Status404NotFound }); } catch (ArgumentNullException argNullException) { // Missing required parameter return(new JsonResult(argNullException.Message) { StatusCode = StatusCodes.Status400BadRequest }); } catch (Exception exception) { return(new JsonResult(exception.Message) { StatusCode = StatusCodes.Status500InternalServerError }); } }
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy) { try { /* Validate whether authenticated user is samples administrator */ ClaimsIdentity identity = (ClaimsIdentity)User.Identity; IEnumerable <Claim> claims = identity.Claims; string userPrincipalName = (claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ?? claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value; bool isAdmin = _administrators.Administrators.Contains(userPrincipalName); if (!isAdmin) { return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.") { StatusCode = StatusCodes.Status403Forbidden }); } // Get the list of policies SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync(); // Add the new user claim in the given category policy SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy); string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList); await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource); // Extract the first user claim from the given categoryPolicy; this is what was added UserClaim userClaim = categoryPolicy.UserClaims.First(); // Fetch the category policy with the newly created user claim categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName); // Create the query Uri for the newly created user claim string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}", Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName); return(Created(newUserClaimUri, categoryPolicy)); } catch (Exception exception) { return(new JsonResult(exception.Message) { StatusCode = StatusCodes.Status500InternalServerError }); } }
/// <summary> /// Removes a <see cref="UserClaim"/> from a <see cref="CategoryPolicy"/> object. /// </summary> /// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param> /// <param name="categoryPolicyName">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be removed from.</param> /// <param name="userPrincipalName">The target User Principal Name whose <see cref="UserClaim"/> needs to be removed from the <see cref="CategoryPolicy"/> object.</param> /// <returns>The updated list of <see cref="SampleQueriesPolicies"/> /// with the <see cref="UserClaim"/> of a target User Principal Name removed from the target <see cref="CategoryPolicy"/> object.</returns> public static SampleQueriesPolicies RemoveUserClaim(SampleQueriesPolicies policies, string categoryPolicyName, string userPrincipalName) { if (policies == null || policies.CategoryPolicies.Count == 0) { throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty."); } if (string.IsNullOrEmpty(categoryPolicyName)) { throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy name cannot be null or empty."); } if (string.IsNullOrEmpty(userPrincipalName)) { throw new ArgumentNullException(nameof(CategoryPolicy), "The user prinicpal name cannot be null or empty."); } // Search the target category policy from the list of policies CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find( x => x.CategoryName.ToLower() == categoryPolicyName.ToLower()); if (categoryPolicy == null) { throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicyName}"); } // This will be used later to insert the updated category policy back into the list of policies int categoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == categoryPolicy); // Fetch the user claim UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault( x => x.UserPrincipalName.ToLower() == userPrincipalName.ToLower()); if (userClaim == null) { throw new InvalidOperationException($"The specified user principal name has no claim in the specified category. " + $"UPN: {userPrincipalName}"); } // Get the location of the provided user claim from the category policy int userClaimIndex = categoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName); // Remove this user claim from the list of user claims categoryPolicy.UserClaims.RemoveAt(userClaimIndex); // Update the modified category policy back into list of policies policies.CategoryPolicies.Insert(categoryPolicyIndex, categoryPolicy); // Delete the original category policy pushed to the next index policies.CategoryPolicies.RemoveAt(++categoryPolicyIndex); return(policies); }
/// <summary> /// Gets the list of <see cref="CategoryPolicy"/> or a <see cref="CategoryPolicy"/> that a User Principal Name has claims in. /// </summary> /// <param name="policies">The list of <see cref="CategoryPolicy"/> to search in.</param> /// <param name="userPrincipalName">The target User Principal Name which to search for in the list of <see cref="CategoryPolicy"/>.</param> /// <param name="categoryName">The name of the target <see cref="CategoryPolicy"/> to be searched for in the list of <see cref="CategoryPolicy"/>. /// If unspecified, all the category policies will be included in the search.</param> /// <returns>A list of filtered <see cref="CategoryPolicy"/> or the target <see cref="CategoryPolicy"/> with the claims for the specified User Principal Name.</returns> private static List <CategoryPolicy> GetUserPrincipalCategoryPolicies(SampleQueriesPolicies policies, string userPrincipalName, string categoryName = null) { List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>(); if (string.IsNullOrEmpty(categoryName)) { // Search for all category policies that the specified user principal name has claims in categoryPolicies = policies.CategoryPolicies.FindAll(x => x.UserClaims.Exists(y => y.UserPrincipalName == userPrincipalName)); } else { // Search for the category policy that the specified user principal name has claims in CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find (x => x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase) && x.UserClaims.Exists(y => y.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase))); if (categoryPolicy == null) { return(null); } else { categoryPolicies.Add(categoryPolicy); } } if (!categoryPolicies.Any()) { return(null); } List <CategoryPolicy> filteredCategoryPolicies = new List <CategoryPolicy>(); // Filter each category policy to extract the specified user principal's claims foreach (CategoryPolicy categoryPolicy in categoryPolicies) { UserClaim userClaim = categoryPolicy.UserClaims.Find(x => x.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase)); CategoryPolicy userPrincipalPolicy = new CategoryPolicy { CategoryName = categoryPolicy.CategoryName, UserClaims = new List <UserClaim> { userClaim } }; filteredCategoryPolicies.Add(userPrincipalPolicy); } return(filteredCategoryPolicies); }
/// <summary> /// Creates a default template of policies for the sample query categories. /// </summary> /// <returns>An instance of <see cref="SampleQueriesPolicies"/> containing a list of <see cref="CategoryPolicy"/>.</returns> public static SampleQueriesPolicies CreateDefaultPoliciesTemplate() { if (SampleQueriesCategories.CategoriesLinkedList.Count == 0) { throw new InvalidOperationException("Cannot create a default policy template; the list of categories is empty."); } // List to hold the category policies List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>(); // Create the default policy template for each category in the list foreach (string category in SampleQueriesCategories.CategoriesLinkedList) { CategoryPolicy categoryPolicy = new CategoryPolicy() { CategoryName = category, UserClaims = new List <UserClaim>() { new UserClaim() { UserPermissions = new List <Permission>() { new Permission() { Name = HttpMethods.Post }, new Permission() { Name = HttpMethods.Put }, new Permission() { Name = HttpMethods.Delete } } } } }; categoryPolicies.Add(categoryPolicy); } SampleQueriesPolicies policies = new SampleQueriesPolicies() { CategoryPolicies = categoryPolicies }; return(policies); }
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy) { try { /* Validate whether authenticated user is samples administrator */ string userPrincipalName = User.Identity.Name; bool isAdmin = _administrators.Administrators.Contains(userPrincipalName); if (!isAdmin) { return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.") { StatusCode = StatusCodes.Status401Unauthorized }); } // Get the list of policies SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync(); // Add the new user claim in the given category policy SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy); string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList); await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource); // Extract the first user claim from the given categoryPolicy; this is what was added UserClaim userClaim = categoryPolicy.UserClaims.First(); // Create the query Uri for the newly created sample query string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}", Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName); return(Created(newUserClaimUri, categoryPolicy)); } catch (Exception exception) { return(new JsonResult(exception.Message) { StatusCode = StatusCodes.Status500InternalServerError }); } }
/// <summary> /// Adds to or updates a <see cref="UserClaim"/> in a target <see cref="CategoryPolicy"/> object. /// </summary> /// <param name="categoryPolicy">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be updated or added into.</param> /// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param> /// <returns>The updated list of <see cref="SampleQueriesPolicies"/> /// with the new <see cref="UserClaim"/> added or updated at the target <see cref="CategoryPolicy"/> object.</returns> public static SampleQueriesPolicies ModifyUserClaim(SampleQueriesPolicies policies, CategoryPolicy categoryPolicy) { if (policies == null || policies.CategoryPolicies.Count == 0) { throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty."); } if (categoryPolicy == null) { throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy cannot be null."); } // Search the target category policy from the list of policies CategoryPolicy tempCategoryPolicy = policies.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName); if (tempCategoryPolicy == null) { throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicy.CategoryName}"); } // This will be used later to insert the updated category policy back into the list of policies int tempCategoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == tempCategoryPolicy); // Fetch the first user claim from the argument supplied UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault(); if (userClaim == null) { throw new ArgumentNullException(nameof(CategoryPolicy), "User claim information missing."); } // Get the location of the provided user claim from the temp. category policy int userClaimIndex = tempCategoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName); // Add new user claim request if (userClaimIndex < 0) { // Check first whether we have default user claim values in the temp. category policy CategoryPolicy defaultCategoryPolicyTemplate = new CategoryPolicy { UserClaims = new List <UserClaim>() { new UserClaim() } }; if (tempCategoryPolicy.UserClaims.First().UserPrincipalName == defaultCategoryPolicyTemplate.UserClaims.First().UserPrincipalName) { /* This is the first claim for this category policy; * clear the default user claim and add the new user claim. */ tempCategoryPolicy.UserClaims.Clear(); tempCategoryPolicy.UserClaims.Add(userClaim); } else // we already have other unique user claim values in this category policy { // Insert the new user claim info. to the end of list of user claims tempCategoryPolicy.UserClaims.Add(userClaim); } } else // Update user claim request { // Update the current index with new user claim info. tempCategoryPolicy.UserClaims.Insert(userClaimIndex, userClaim); // Delete the original user claim pushed to the next index tempCategoryPolicy.UserClaims.RemoveAt(++userClaimIndex); } // Update the modified category policy back into list of policies policies.CategoryPolicies.Insert(tempCategoryPolicyIndex, tempCategoryPolicy); // Delete the original category policy pushed to the next index policies.CategoryPolicies.RemoveAt(++tempCategoryPolicyIndex); return(policies); }