public ReplyBase DoSomething()
{
try
{
_logger.Information("Our service is doing something!");
return(ReplyBase.Success());
}
catch (Exception e)
{
return(ReplyFromFatal <ReplyBase>(e, "Unable to do something"));
}
}
public async Task <ReplyBase> RemoveUserFromRole(string userId, int roleId)
{
using (var authContext = GetContext())
{
var existingRole = authContext.UserRoles.FirstOrDefault(c => c.RoleId == roleId && c.UserId == userId);
if (existingRole == null)
{
return(ReplyBase.NotFound($"Unable to find user role for user '{userId}' with id {roleId}"));
}
authContext.UserRoles.Remove(existingRole);
authContext.SaveChanges();
}
return(ReplyBase.Success());
}
public async Task <ReplyBase> RemoveRole(int id)
{
using (var authContext = GetContext())
{
var existingRole = authContext.Roles.Find(id);
if (existingRole == null)
{
return(ReplyBase.NotFound($"Unable to find role with id {id}"));
}
authContext.Roles.Remove(existingRole);
authContext.SaveChanges();
}
return(ReplyBase.Success());
}
public async Task <ReplyBase> UpdateAuthorizationNamespace(AuthorizationNamespaceDto authorizationNamespaceDto)
{
using (var authContext = GetContext())
{
var existingNamespace = authContext.AuthorizationNamespaces.Find(authorizationNamespaceDto.Id);
if (existingNamespace == null)
{
return(ReplyBase.NotFound($"Unable to find authorization namespace with id {authorizationNamespaceDto.Id}"));
}
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> RemoveResourceDetail(int id)
{
using (var authContext = GetContext())
{
var existingResourceDetail = authContext.ResourceDetails.Find(id);
if (existingResourceDetail == null)
{
return(ReplyBase.NotFound($"Unable to find resource detail with ID {id}"));
}
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> RemoveResource(int id)
{
using (var authContext = GetContext())
{
var existingResource = authContext.Resources.Find(id);
if (existingResource == null)
{
return(ReplyBase.NotFound($"Resource with id {id} not found"));
}
authContext.Resources.Remove(existingResource);
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> RemovePermission(int id)
{
using (var authContext = GetContext())
{
var existingPermission = authContext.Permissions.Find(id);
if (existingPermission == null)
{
return(ReplyBase.NotFound($"Unable to find permission with id {id}"));
}
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> UpdateRole(RoleDto roleDto)
{
using (var authContext = GetContext())
{
var existingRole = authContext.Roles
.Include(c => c.RolePermissions)
.FirstOrDefault(c => c.Id == roleDto.Id);
if (existingRole == null)
{
return(ReplyBase.NotFound($"Unable to find role with id {roleDto.Id}"));
}
var existingPermissions = authContext.Permissions.Where(c => c.RoleId == roleDto.Id).ToList();
var permissionsToDelete = existingPermissions
.Where(c => !roleDto.RolePermissions.Select(d => d.Id).Contains(c.Id)).ToList();
authContext.Permissions.RemoveRange(permissionsToDelete);
foreach (var roleDtoRolePermission in roleDto.RolePermissions)
{
if (roleDtoRolePermission.Id == 0)
{
existingRole.RolePermissions.Add(new Permission
{
OwnerScoped = roleDtoRolePermission.OwnerScoped,
PermissionType = roleDtoRolePermission.PermissionType,
ResourceDetailId = roleDtoRolePermission.ResourceDetailId,
RoleId = roleDtoRolePermission.RoleId
});
}
else
{
var existingPerm = existingRole.RolePermissions.First(c => c.Id == roleDtoRolePermission.Id);
existingPerm.PermissionType = roleDtoRolePermission.PermissionType;
existingPerm.OwnerScoped = roleDtoRolePermission.OwnerScoped;
existingPerm.ResourceDetailId = roleDtoRolePermission.ResourceDetailId;
}
}
existingRole.Description = roleDto.Description;
existingRole.NamespaceId = roleDto.NamespaceId;
existingRole.ParentRoleId = roleDto.ParentRoleId;
authContext.SaveChanges();
};
return(ReplyBase.Success());
}
public async Task <ReplyBase> UpdateResource(ResourceDto resourceDto)
{
using (var authContext = GetContext())
{
var existingResource = authContext.Resources.Find(resourceDto.Id);
if (existingResource == null)
{
return(ReplyBase.NotFound($"Resource with id {resourceDto.Id} not found"));
}
existingResource.Description = resourceDto.Description;
existingResource.Key = resourceDto.Key;
var details = authContext.ResourceDetails.Where(c => c.ResourceId == existingResource.Id).ToList();
var resourceDetailsToDelete =
details.Where(d => !resourceDto.ResourceDetails.Select(c => c.Id).Contains(d.Id)).ToList();
authContext.ResourceDetails.RemoveRange(resourceDetailsToDelete);
foreach (var resourceDtoResourceDetail in resourceDto.ResourceDetails)
{
if (resourceDtoResourceDetail.Id != 0)
{
var existingResourceDetail = authContext.ResourceDetails.Find(resourceDtoResourceDetail.Id);
existingResourceDetail.Description = resourceDtoResourceDetail.Description;
existingResourceDetail.Key = resourceDtoResourceDetail.Key;
}
else
{
resourceDtoResourceDetail.ResourceId = resourceDto.Id;
authContext.ResourceDetails.Add(new ResourceDetail
{
Description = resourceDtoResourceDetail.Description,
ResourceId = resourceDto.Id,
Key = resourceDtoResourceDetail.Key
});
}
}
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> UpdateResourceDetail(ResourceDetailDto resourceDetailDto)
{
using (var authContext = GetContext())
{
var existingResourceDetail = authContext.ResourceDetails.Find(resourceDetailDto.Id);
if (existingResourceDetail == null)
{
return(ReplyBase.NotFound($"Unable to find resource with ID {resourceDetailDto.Id}"));
}
existingResourceDetail.Description = resourceDetailDto.Description;
existingResourceDetail.Key = resourceDetailDto.Key;
existingResourceDetail.ResourceId = resourceDetailDto.ResourceId;
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public async Task <ReplyBase> UpdatePermission(PermissionDto permissionDto)
{
using (var authContext = GetContext())
{
var existingPermission = authContext.Permissions.Find(permissionDto.Id);
if (existingPermission == null)
{
return(ReplyBase.NotFound($"Unable to find permission with id {permissionDto.Id}"));
}
existingPermission.OwnerScoped = permissionDto.OwnerScoped;
existingPermission.PermissionType = permissionDto.PermissionType;
existingPermission.RoleId = permissionDto.RoleId;
existingPermission.ResourceDetailId = permissionDto.ResourceDetailId;
authContext.SaveChanges();
return(ReplyBase.Success());
}
}
public ReplyBase IsAuthorized(string userId, string resourceKey, string resourceDetailKey, string specificResourceId = null)
{
using (var context = new AuthorizationDbContext(_authContextSettings.ConnectionString))
{
var userRoles = context.UserRoles.Where(c => c.UserId == userId).ToList();
if (!userRoles.Any())
{
return(ReplyBase.Unauthorized());
}
var resource = context.Resources.FirstOrDefault(c => c.Key == resourceKey);
if (resource == null)
{
resource = new Resource
{
Description = resourceKey,
Key = resourceKey
};
context.Resources.Add(resource);
context.SaveChanges();
//return ReplyBase.Unauthorized("Invalid resource key");
}
var resourceDetail =
context.ResourceDetails.FirstOrDefault(c =>
c.ResourceId == resource.Id && c.Key == resourceDetailKey);
if (resourceDetail == null)
{
resourceDetail = new ResourceDetail
{
Description = resourceDetailKey,
Key = resourceDetailKey,
ResourceId = resource.Id
};
context.ResourceDetails.Add(resourceDetail);
context.SaveChanges();
//return ReplyBase.Unauthorized("Invalid resource detail id");
}
var roles = context.Roles.Where(c => userRoles.Select(u => u.RoleId).Contains(c.Id)).ToList();
if (roles.Any(c => c.Description == "Super User"))
{
return(ReplyBase.Success());
}
var roleIds = roles.Select(c => c.Id).ToList();
var permissions = context.Permissions
.Where(c => roleIds.Contains(c.RoleId) && c.ResourceDetailId == resourceDetail.Id).ToList();
if (!permissions.Any())
{
return(ReplyBase.Unauthorized());
}
if (permissions.Any(c =>
c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Deny))
{
return(ReplyBase.Unauthorized());
}
var allowedPermission = permissions.FirstOrDefault(c =>
c.ResourceDetailId == resourceDetail.Id && c.PermissionType == PermissionType.Allow);
if (allowedPermission != null)
{
if (allowedPermission.OwnerScoped && specificResourceId != null)
{
var allowed = context.ResourceOwners.Any(c =>
c.ResourceId == resource.Id && c.SpecificResourceId == specificResourceId &&
c.UserId == userId);
if (!allowed)
{
return(ReplyBase.Unauthorized());
}
}
return(ReplyBase.Success());
}
}
return(ReplyBase.Unauthorized("Unknown resource check"));
}