private async Task ApplyIndividualDefaultApplication(SecurityContractDefaultConfigurationApplication defaultApplication, Guid updatedById) { // Ensure that the application actually exists. Obtain all the application function relations too, as they will be used for validation. var application = await applicationRepository.GetByNameAsync(defaultApplication.Name); if (application == null) { logger.Warn($"Application '{defaultApplication.Name}' does not exist! Skipping and ignoring default application configuration for this application."); return; } if (defaultApplication.Functions == null || defaultApplication.Functions.Count == 0) { logger.Warn($"Default application '{defaultApplication.Name}' has no 'functions' configuration. Ignoring default configuration for this application."); return; } // Use the currrent state of the assigned application functions to determine which ones are potentially no longer in the YAML. await DetectFunctionsRemovedFromSecurityContractDefaultsAndRemoveFromApplication(application, defaultApplication.Functions); // Reset the state of the application functions, as the security contract declares the desired state and we have already used to the historic state // to clear any functions that don't appear within the security contract. application.Functions = new List <FunctionModel>(); application.ChangedBy = updatedById; foreach (var defaultFunction in defaultApplication.Functions) { if (defaultFunction.Permissions == null || defaultFunction.Permissions.Count == 0) { break; } var functionModelToAdd = new FunctionModel(); // check to see if there is an existing function. var existingFunction = await functionRepository.GetByNameAsync(defaultFunction.Name); if (existingFunction != null) { functionModelToAdd = existingFunction; } functionModelToAdd.Application = application; functionModelToAdd.Description = defaultFunction.Description; functionModelToAdd.Name = defaultFunction.Name; functionModelToAdd.ChangedBy = updatedById; // Clear the current permissions assigned to the function as they are to be re-created. functionModelToAdd.FunctionPermissions = new List <FunctionPermissionModel>(); AddPermissionsToFunctionsEnsuringTheyExistsAndAreAssigedToTheApplication(application, defaultFunction, defaultApplication, functionModelToAdd, updatedById); } // Update the application with its new application function state. await applicationRepository.Update(application); }
private async Task <List <SecurityContractDefaultConfigurationApplication> > RetrieveDefaultConfigApplications() { var contractAppList = new List <SecurityContractDefaultConfigurationApplication>(); List <ApplicationModel> applications = await applicationRepository.GetListAsync(); foreach (var application in applications.OrderBy(o => o.SysPeriod.LowerBound)) { logger.Debug($"Retrieving default configuration contract definition for Application [{application.Name}]."); var contractApplication = new SecurityContractDefaultConfigurationApplication() { Name = application.Name, Functions = new List <SecurityContractDefaultConfigurationFunction>() }; foreach (var function in application.Functions.OrderBy(o => o.SysPeriod.LowerBound)) { logger.Debug($"Retrieving default configuration contract definition for Function [{function.Name}]."); var contractFunction = new SecurityContractDefaultConfigurationFunction() { Name = function.Name, Description = function.Description, Permissions = new List <string>() }; foreach (var permission in function.FunctionPermissions.OrderBy(o => o.Permission.SysPeriod.LowerBound)) { contractFunction.Permissions.Add(permission.Permission.Name); } contractApplication.Functions.Add(contractFunction); } contractAppList.Add(contractApplication); } return(contractAppList); }
/// <summary> /// Adds permissions to an application function. However, before this is done, checks are run to ensure that the permissions is defined for the application by being present /// within at least one of the application functions (created by the micro-service). /// </summary> /// <param name="application"></param> /// <param name="defaultFunction"></param> /// <param name="defaultApplication"></param> /// <param name="functionModelToAdd"></param> private void AddPermissionsToFunctionsEnsuringTheyExistsAndAreAssigedToTheApplication(ApplicationModel application, SecurityContractDefaultConfigurationFunction defaultFunction, SecurityContractDefaultConfigurationApplication defaultApplication, FunctionModel functionModelToAdd, Guid updatedById) { foreach (var permissionToAddToFunction in defaultFunction.Permissions) { bool permissionIsApplicationPermission = false; // Ensure the permission actually exists in at least one of the application functions. Only add the permission to the function if it does. if (application.ApplicationFunctions == null || application.ApplicationFunctions.Count == 0) { logger.Warn($"Application '{defaultApplication.Name}' does not have any associated application functions!"); break; } foreach (var applicationFunction in application.ApplicationFunctions) { var permission = applicationFunction.ApplicationFunctionPermissions.Find(afp => afp.Permission.Name == permissionToAddToFunction); if (permission != null) { logger.Debug($"Assigning permission '{permissionToAddToFunction}' to function: '{functionModelToAdd.Name}'."); permission.ChangedBy = updatedById; permissionIsApplicationPermission = true; functionModelToAdd.FunctionPermissions.Add(new FunctionPermissionModel { Function = functionModelToAdd, Permission = permission.Permission, ChangedBy = updatedById }); } } if (!permissionIsApplicationPermission) { logger.Warn($"Permission '{permissionToAddToFunction}' is not an existing application permission. Not adding it!"); } } // Persist the application function, but only if there is at least a single permission associated with it. if (functionModelToAdd.FunctionPermissions.Count > 0) { logger.Debug($"Assigning function '{functionModelToAdd.Name}' to application '{application.Name}'"); application.Functions.Add(functionModelToAdd); } }