예제 #1
0
        private async Task <dynamic> AddGranularPermissions(dynamic param)
        {
            var permissions = this.Bind <List <PermissionApiModel> >();

            if (permissions.Count == 0)
            {
                return(CreateFailureResponse(
                           "No permissions specified to add, ensure an array of permissions is included in the request.",
                           HttpStatusCode.BadRequest));
            }

            foreach (var perm in permissions)
            {
                await CheckAccess(_clientService, perm.Grain, perm.SecurableItem, AuthorizationManageClientsClaim);
            }

            var granularPermission = new GranularPermission
            {
                Id = $"{param.subjectId}:{param.identityProvider}",
                DeniedPermissions = permissions
                                    .Where(p => p.PermissionAction == PermissionAction.Deny)
                                    .Select(p => p.ToPermissionDomainModel()),
                AdditionalPermissions = permissions
                                        .Where(p => p.PermissionAction == PermissionAction.Allow)
                                        .Select(p => p.ToPermissionDomainModel())
            };

            await _permissionService.AddUserGranularPermissions(granularPermission);

            return(HttpStatusCode.NoContent);
        }
        private async Task <dynamic> AddGranularPermissions(dynamic param)
        {
            var permissions = this.Bind <List <PermissionApiModel> >();

            if (permissions.Count == 0)
            {
                return(CreateFailureResponse(
                           "No permissions specified to add, ensure an array of permissions is included in the request.",
                           HttpStatusCode.BadRequest));
            }

            var requestErrors = new List <string>();

            var permissionsWithMissingIds     = permissions.Where(p => !p.Id.HasValue).ToList();
            var permissionsWithInvalidActions = permissions.Where(p => p.PermissionAction != PermissionAction.Allow &&
                                                                  p.PermissionAction != PermissionAction.Deny)
                                                .ToList();

            if (permissionsWithMissingIds.Any())
            {
                requestErrors.AddRange(permissionsWithMissingIds.Select(p => $"{p.Name} is missing its id property."));
            }

            if (permissionsWithInvalidActions.Any())
            {
                requestErrors.AddRange(permissionsWithInvalidActions.Select(p => $"{p.Name} {p.Id} does not have a valid permissionAction."));
            }

            if (requestErrors.Any())
            {
                return(CreateFailureResponse(requestErrors, HttpStatusCode.BadRequest));
            }

            foreach (var perm in permissions)
            {
                await CheckWriteAccess(_clientService, _grainService, perm.Grain, perm.SecurableItem);
            }

            var allowedPermissions = permissions
                                     .Where(p => p.PermissionAction == PermissionAction.Allow)
                                     .Select(p => p.ToPermissionDomainModel());

            var deniedPermissions = permissions
                                    .Where(p => p.PermissionAction == PermissionAction.Deny)
                                    .Select(p => p.ToPermissionDomainModel());

            var granularPermission = new GranularPermission
            {
                Id = $"{param.subjectId}:{param.identityProvider}",
                AdditionalPermissions = allowedPermissions,
                DeniedPermissions     = deniedPermissions
            };

            try
            {
                await _permissionService.AddUserGranularPermissions(granularPermission);

                return(HttpStatusCode.NoContent);
            }
            catch (InvalidPermissionException ex)
            {
                var invalidPermissions = new StringBuilder();
                foreach (DictionaryEntry item in ex.Data)
                {
                    invalidPermissions.Append($"{item.Key}: {item.Value}. ");
                }

                return(CreateFailureResponse(
                           $"{ex.Message} {invalidPermissions}",
                           HttpStatusCode.Conflict));
            }
        }