private async Task <dynamic> AddGranularPermissions(dynamic param) { var permissions = this.Bind <List <PermissionApiModel> >(); if (permissions.Count == 0) { return(CreateFailureResponse( "No permissions specified to add, ensure an array of permissions is included in the request.", HttpStatusCode.BadRequest)); } foreach (var perm in permissions) { await CheckAccess(_clientService, perm.Grain, perm.SecurableItem, AuthorizationManageClientsClaim); } var granularPermission = new GranularPermission { Id = $"{param.subjectId}:{param.identityProvider}", DeniedPermissions = permissions .Where(p => p.PermissionAction == PermissionAction.Deny) .Select(p => p.ToPermissionDomainModel()), AdditionalPermissions = permissions .Where(p => p.PermissionAction == PermissionAction.Allow) .Select(p => p.ToPermissionDomainModel()) }; await _permissionService.AddUserGranularPermissions(granularPermission); return(HttpStatusCode.NoContent); }
private async Task <dynamic> AddGranularPermissions(dynamic param) { var permissions = this.Bind <List <PermissionApiModel> >(); if (permissions.Count == 0) { return(CreateFailureResponse( "No permissions specified to add, ensure an array of permissions is included in the request.", HttpStatusCode.BadRequest)); } var requestErrors = new List <string>(); var permissionsWithMissingIds = permissions.Where(p => !p.Id.HasValue).ToList(); var permissionsWithInvalidActions = permissions.Where(p => p.PermissionAction != PermissionAction.Allow && p.PermissionAction != PermissionAction.Deny) .ToList(); if (permissionsWithMissingIds.Any()) { requestErrors.AddRange(permissionsWithMissingIds.Select(p => $"{p.Name} is missing its id property.")); } if (permissionsWithInvalidActions.Any()) { requestErrors.AddRange(permissionsWithInvalidActions.Select(p => $"{p.Name} {p.Id} does not have a valid permissionAction.")); } if (requestErrors.Any()) { return(CreateFailureResponse(requestErrors, HttpStatusCode.BadRequest)); } foreach (var perm in permissions) { await CheckWriteAccess(_clientService, _grainService, perm.Grain, perm.SecurableItem); } var allowedPermissions = permissions .Where(p => p.PermissionAction == PermissionAction.Allow) .Select(p => p.ToPermissionDomainModel()); var deniedPermissions = permissions .Where(p => p.PermissionAction == PermissionAction.Deny) .Select(p => p.ToPermissionDomainModel()); var granularPermission = new GranularPermission { Id = $"{param.subjectId}:{param.identityProvider}", AdditionalPermissions = allowedPermissions, DeniedPermissions = deniedPermissions }; try { await _permissionService.AddUserGranularPermissions(granularPermission); return(HttpStatusCode.NoContent); } catch (InvalidPermissionException ex) { var invalidPermissions = new StringBuilder(); foreach (DictionaryEntry item in ex.Data) { invalidPermissions.Append($"{item.Key}: {item.Value}. "); } return(CreateFailureResponse( $"{ex.Message} {invalidPermissions}", HttpStatusCode.Conflict)); } }