public static ErrorResponse GetUnauthorizedError(string userName, eProjectRoles role)
{
return(new ErrorResponse
{
ErrorText = $"Unauthorized Request: User {userName} doesn't have {role} role for given project"
});
}
public static List <ErrorResponse> GetUnauthorizedErrorList(string userName, eProjectRoles role)
{
return(new List <ErrorResponse>
{
GetUnauthorizedError(userName, role)
});
}
private async Task <bool> userHasRole(HttpClient client, string userName, eProjectRoles role)
{
var response = await client.GetAsync(ApiRoutes.UserRoles.GetAllByUser.Replace("{userName}", userName));
var responseUserRoles = await response.Content.ReadAsAsync <List <UserRoleResponse> >();
return(responseUserRoles.Any(ll => ll.Role == role));
}
public async Task <bool> AuthorizeProjectRoleByComment(eProjectRoles projectRole, long commentId, ClaimsPrincipal user = null)
{
var comment = _ticketService.GetComment(commentId);
if (comment == null)
{
return(false);
}
return(await AuthorizeProjectRoleByTicket(projectRole, comment.TicketId, comment.User, user));
}
public async Task <bool> AuthorizeProjectRoleByTicket(eProjectRoles projectRole, long ticketId, string author = "", ClaimsPrincipal user = null)
{
var ticket = _ticketService.GetTicket(ticketId);
if (ticket == null)
{
return(false);
}
return(await AuthorizeProjectRole(projectRole, ticket.Project.Id, author, user));
}
public async Task <bool> AuthorizeProjectRole(eProjectRoles projectRole, long projectId, string author = "", ClaimsPrincipal user = null)
{
var project = _ticketService.GetProject(projectId);
if (project == null)
{
return(false);
}
return(await AuthorizeProjectRole(projectRole, project.Name, author, user));
}
public static string GetPolicy(eProjectRoles projectRole)
{
switch (projectRole)
{
case eProjectRoles.Reporter:
return(PolicyReporter);
case eProjectRoles.Developer:
return(PolicyDeveloper);
case eProjectRoles.Manager:
return(PolicyManager);
}
throw new NotSupportedException($"ProjectRole: {projectRole} is not supported (no policy)");
}
public async Task <bool> AuthorizeProjectRole(eProjectRoles projectRole, string project, string author = "", ClaimsPrincipal user = null)
{
if (user == null)
{
if (!_httpContextAccessor.HttpContext.User.Identity.IsAuthenticated)
{
return(false);
}
user = _httpContextAccessor.HttpContext.User;
}
var policy = ProjectRoles.GetPolicy(projectRole);
var resource = new ProjectRoleAuthResource()
{
ProjectName = project, Author = author
};
return((await _authorizationService.AuthorizeAsync(user, resource, policy)).Succeeded);
}
public async Task SetProjectRole(string projectName, string userName, eProjectRoles role)
{
if (string.IsNullOrEmpty(projectName) || string.IsNullOrEmpty(userName))
{
return;
}
var possibleRoles = Enum.GetValues(typeof(eProjectRoles));
foreach (var roleToRemove in possibleRoles.OfType <eProjectRoles>().Where(ll => ll > role))
{
await removeProjectRole(projectName, userName, roleToRemove);
}
foreach (var roleToAdd in possibleRoles.OfType <eProjectRoles>().Where(ll => ll <= role && ll > eProjectRoles.None))
{
await innerSetProjectRole(projectName, userName, roleToAdd);
}
}
private async Task removeProjectRole(string projectName, string userName, eProjectRoles role)
{
var user = await _userManager.FindByNameAsync(userName);
if (user == null)
{
throw new Exception($"User {userName} does not exist.");
}
var projRoleClaim = await getProjectRoleClaim(projectName, userName, role);
if (projRoleClaim == null)
{
return;
}
var identityResult = await _userManager.RemoveClaimAsync(user, projRoleClaim);
if (!identityResult.Succeeded)
{
throw new Exception($"Error at removeProjectRole. Project: {projectName}, user: {userName}, role: {role} Errors: {string.Join(',', identityResult.Errors.Select(ll => ll.Description))}");
}
}
private async Task innerSetProjectRole(string projectName, string userName, eProjectRoles role)
{
var user = await _userManager.FindByNameAsync(userName);
if (user == null)
{
throw new Exception($"User {userName} does not exist.");
}
var foo = await getProjectRoleClaim(projectName, userName, role);
if (foo != null)
{
return;
}
string claimType = ProjectRoles.GetClaimType(projectName);
var identityResult = await _userManager.AddClaimAsync(user, new Claim(claimType, role.ToString()));
if (!identityResult.Succeeded)
{
throw new Exception($"Error at removeProjectRole. Project: {projectName}, user: {userName}, role: {role} Errors: {string.Join(',', identityResult.Errors.Select(ll => ll.Description))}");
}
}
public ProjectRoleAuthRequirement(eProjectRoles projectRole)
{
ProjectRole = projectRole;
}
private async Task <Claim> getProjectRoleClaim(string projectName, string userName, eProjectRoles role)
{
var user = await _userManager.FindByNameAsync(userName);
if (user == null)
{
return(null);
}
string claimType = ProjectRoles.GetClaimType(projectName);
var foo = await _userManager.GetClaimsAsync(user);
return(foo.FirstOrDefault(ll => ll.Type == claimType && ll.Value == role.ToString()));
}