/// <summary>
/// Grants permissions to the specified folder for the
/// specified user.
/// </summary>
/// <param name="path">Full path to the folder.</param>
/// <param name="username">Username to grant access for.</param>
private void AddUserPermissionsToFolder(string path, string username, FileAccessPermission permission)
{
#region Old way of setting permissions with ICACLS as external process
//switch (permission)
//{
// case FileAccessPermission.ReadExecute:
// {
// System.Diagnostics.Process.Start("ICACLS", path + " /grant:r " + username + ":(OI)(CI)RX /T");
// }
// break;
// case FileAccessPermission.Full:
// {
// System.Diagnostics.Process.Start("ICACLS", path + " /grant:r " + username + ":(OI)(CI)F /T");
// }
// break;
//}
#endregion
var dirInfo = new DirectoryInfo(path);
var dirSecurity = dirInfo.GetAccessControl();
switch (permission)
{
case FileAccessPermission.ReadExecute:
dirSecurity.AddAccessRule(
new FileSystemAccessRule
(
username,
FileSystemRights.ReadAndExecute | FileSystemRights.ExecuteFile | FileSystemRights.ListDirectory,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.None,
AccessControlType.Allow
)
);
break;
case FileAccessPermission.Full:
dirSecurity.AddAccessRule(
new FileSystemAccessRule
(
username,
FileSystemRights.FullControl,
InheritanceFlags.ContainerInherit | InheritanceFlags.ObjectInherit,
PropagationFlags.InheritOnly,
AccessControlType.Allow
)
);
break;
}
dirInfo.SetAccessControl(dirSecurity);
}
private AuthoriseUserRequestHandler(AuthenticatedUser authenticatedUser, FileAccessPermission fileAccessPermission, File file)
: base(false)
{
if (authenticatedUser is null)
{
throw new ArgumentNullException(nameof(authenticatedUser));
}
if (file.IsEmpty)
{
throw new ArgumentOutOfRangeException(nameof(file));
}
if (!Enum.IsDefined(typeof(FileAccessPermission), fileAccessPermission))
{
fileAccessPermission = FileAccessPermission.View;
}
_authenticatedUser = authenticatedUser;
_file = file;
_fileAccessPermission = fileAccessPermission;
}
public static AuthoriseUserRequestHandler With(AuthenticatedUser authenticatedUser, FileAccessPermission permission, File file) => new (authenticatedUser, permission, file);
async Task <UserFileAccessToken> IUserAuthenticationService.GenerateAccessToken(AuthenticatedUser authenticatedUser, File file, FileAccessPermission fileAccessPermission, CancellationToken cancellationToken)
{
if (authenticatedUser is null)
{
throw new ArgumentNullException(nameof(authenticatedUser));
}
if (file.IsEmpty)
{
throw new ArgumentNullException(nameof(file));
}
var expiresAtUtc = _systemClock.UtcNow.AddHours(3); // TODO - Could be a configuration setting
var accessToken = await _userFileAccessTokenRepository.GenerateAsync(authenticatedUser, file, fileAccessPermission, expiresAtUtc, cancellationToken);
return(accessToken);
}
async Task <UserFileAccessToken> IUserFileAccessTokenRepository.GenerateAsync(AuthenticatedUser authenticatedUser, File file, FileAccessPermission fileAccessPermission, DateTimeOffset expiresAtUtc, CancellationToken cancellationToken)
{
if (authenticatedUser is null)
{
throw new ArgumentNullException(nameof(authenticatedUser));
}
if (authenticatedUser.Id == Guid.Empty)
{
throw new ArgumentOutOfRangeException(nameof(authenticatedUser));
}
if (file.IsEmpty)
{
throw new ArgumentNullException(nameof(file));
}
if (expiresAtUtc == DateTimeOffset.MinValue)
{
throw new ArgumentOutOfRangeException(nameof(expiresAtUtc));
}
if (expiresAtUtc == DateTimeOffset.MaxValue)
{
throw new ArgumentOutOfRangeException(nameof(expiresAtUtc));
}
if (authenticatedUser.FileMetadata is null)
{
throw new ArgumentOutOfRangeException(nameof(authenticatedUser));
}
if (file != authenticatedUser.FileMetadata.AsFile())
{
throw new ArgumentOutOfRangeException(nameof(authenticatedUser));
}
cancellationToken.ThrowIfCancellationRequested();
Debug.Assert(file.Id is not null);
var id = Guid.NewGuid();
var accessToken = new UserFileAccessToken(id, authenticatedUser, fileAccessPermission, expiresAtUtc);
var serialisedAccessToken = JsonSerializer.Serialize(accessToken);
var partitionKey = file.Id;
var rowKey = id.ToString();
var record = new Dictionary <string, object>()
{
{ "UserId", authenticatedUser.Id },
{ "FileId", file.Id },
{ "ExpiresAtUtc", expiresAtUtc },
{ "Token", serialisedAccessToken },
};
await _azureTableStoreClient.AddRecordAsync(_azureTableName, partitionKey, rowKey, record, cancellationToken);
return(accessToken);
}
