public async Task <List <Role> > GetCollectionRolesForUserAsync(string collectionName, User user)
{
if (collectionName == null)
{
return(user.Roles);
}
var collectionMetadata = await GetCollectionMetadata(collectionName);
var isCollectionProtected = collectionMetadata?.IsProtected ?? false;
if (!isCollectionProtected)
{
return(user.Roles);
}
var collectionPermissionId = CollectionPermissions.GetId(collectionName, user.UserName);
var matchingCollectionPermissions = await collectionPermissionsCollection
.Find(x => x.Id == collectionPermissionId)
.FirstOrDefaultAsync();
var collectionRoles = matchingCollectionPermissions != null ? matchingCollectionPermissions.Roles : new List <Role>();
// Add admin and user manager roles, which always will be inherited
if (user.Roles.Contains(Role.Admin) && !collectionRoles.Contains(Role.Admin))
{
collectionRoles.Add(Role.Admin);
}
if (user.Roles.Contains(Role.UserManager) && !collectionRoles.Contains(Role.UserManager)) // TODO: Reconsider this rule. UserManager inheritance is not necessary
{
collectionRoles.Add(Role.UserManager);
}
return(collectionRoles);
}
public async Task <bool> RemoveCollectionRoleFromUser(string username, Role role, string collectionName)
{
var permissionId = CollectionPermissions.GetId(collectionName, username);
var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();
if (matchingCollectionPermission == null)
{
return(true);
}
if (!matchingCollectionPermission.Roles.Contains(role))
{
return(true);
}
return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.Pull(x => x.Roles, role)));
}
public async Task <bool> AddCollectionRoleToUser(string username, Role role, string collectionName)
{
var permissionId = CollectionPermissions.GetId(collectionName, username);
var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();
if (matchingCollectionPermission == null)
{
var collectionPermissions = new CollectionPermissions(collectionName, username, new List <Role> {
role
});
await collectionPermissionsCollection.InsertOneAsync(collectionPermissions);
return(true);
}
if (matchingCollectionPermission.Roles.Contains(role))
{
return(true);
}
return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.AddToSet(x => x.Roles, role)));
}
public async Task <bool> SetCollectionRolesForUser(string username, List <Role> roles, string collectionName)
{
var permissionId = CollectionPermissions.GetId(collectionName, username);
var matchingCollectionPermission = await collectionPermissionsCollection.Find(x => x.Id == permissionId).FirstOrDefaultAsync();
if (matchingCollectionPermission == null)
{
if (!roles.Any())
{
return(true); // Nothing to do. Empty role list clears all permissions
}
var collectionPermissions = new CollectionPermissions(collectionName, username, roles);
await collectionPermissionsCollection.InsertOneAsync(collectionPermissions);
return(true);
}
if (matchingCollectionPermission.Roles.Equivalent(roles))
{
return(true);
}
return(await UpdateCollectionPermission(matchingCollectionPermission.Id, Builders <CollectionPermissions> .Update.Set(x => x.Roles, roles)));
}