private async Task <dynamic> AddGranularPermissions(dynamic param)
{
var permissions = this.Bind <List <PermissionApiModel> >();
if (permissions.Count == 0)
{
return(CreateFailureResponse(
"No permissions specified to add, ensure an array of permissions is included in the request.",
HttpStatusCode.BadRequest));
}
foreach (var perm in permissions)
{
await CheckAccess(_clientService, perm.Grain, perm.SecurableItem, AuthorizationManageClientsClaim);
}
var granularPermission = new GranularPermission
{
Id = $"{param.subjectId}:{param.identityProvider}",
DeniedPermissions = permissions
.Where(p => p.PermissionAction == PermissionAction.Deny)
.Select(p => p.ToPermissionDomainModel()),
AdditionalPermissions = permissions
.Where(p => p.PermissionAction == PermissionAction.Allow)
.Select(p => p.ToPermissionDomainModel())
};
await _permissionService.AddUserGranularPermissions(granularPermission);
return(HttpStatusCode.NoContent);
}
private async Task <dynamic> AddGranularPermissions(dynamic param)
{
var permissions = this.Bind <List <PermissionApiModel> >();
if (permissions.Count == 0)
{
return(CreateFailureResponse(
"No permissions specified to add, ensure an array of permissions is included in the request.",
HttpStatusCode.BadRequest));
}
var requestErrors = new List <string>();
var permissionsWithMissingIds = permissions.Where(p => !p.Id.HasValue).ToList();
var permissionsWithInvalidActions = permissions.Where(p => p.PermissionAction != PermissionAction.Allow &&
p.PermissionAction != PermissionAction.Deny)
.ToList();
if (permissionsWithMissingIds.Any())
{
requestErrors.AddRange(permissionsWithMissingIds.Select(p => $"{p.Name} is missing its id property."));
}
if (permissionsWithInvalidActions.Any())
{
requestErrors.AddRange(permissionsWithInvalidActions.Select(p => $"{p.Name} {p.Id} does not have a valid permissionAction."));
}
if (requestErrors.Any())
{
return(CreateFailureResponse(requestErrors, HttpStatusCode.BadRequest));
}
foreach (var perm in permissions)
{
await CheckWriteAccess(_clientService, _grainService, perm.Grain, perm.SecurableItem);
}
var allowedPermissions = permissions
.Where(p => p.PermissionAction == PermissionAction.Allow)
.Select(p => p.ToPermissionDomainModel());
var deniedPermissions = permissions
.Where(p => p.PermissionAction == PermissionAction.Deny)
.Select(p => p.ToPermissionDomainModel());
var granularPermission = new GranularPermission
{
Id = $"{param.subjectId}:{param.identityProvider}",
AdditionalPermissions = allowedPermissions,
DeniedPermissions = deniedPermissions
};
try
{
await _permissionService.AddUserGranularPermissions(granularPermission);
return(HttpStatusCode.NoContent);
}
catch (InvalidPermissionException ex)
{
var invalidPermissions = new StringBuilder();
foreach (DictionaryEntry item in ex.Data)
{
invalidPermissions.Append($"{item.Key}: {item.Value}. ");
}
return(CreateFailureResponse(
$"{ex.Message} {invalidPermissions}",
HttpStatusCode.Conflict));
}
}
