public static async Task <IActionResult> Run( [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req, ILogger log) { Logger.Log = log; // validate auth token, make sure only admin can call this function var actionResult = await VerifyAdminToken(req.Query["auth_token"]); if (actionResult != null) { return(actionResult); } // validate table & role string table = req.Query["table"]; string role = req.Query["role"]; // Role or table must be existed if (string.IsNullOrWhiteSpace(table) && string.IsNullOrWhiteSpace(role)) { return(CreateErrorResponse("must enter table or role")); } // Only role or table exist at a time if (!string.IsNullOrWhiteSpace(table) && !string.IsNullOrWhiteSpace(role)) { return(CreateErrorResponse("only enter table or role")); } // create role & permission by role if (!string.IsNullOrWhiteSpace(role)) { await CreateRolePermissionForRoleAsync(role.ToLower()); } else { // Validate table name in predefine list. Table name must be case sensitive, but the query parameter is not var tables = await CosmosRolePermission.GetAllTables(); var index = tables.FindIndex(t => t.Equals(table, StringComparison.OrdinalIgnoreCase)); if (index >= 0 && index < tables.Count()) { // Create role and permission by table await CreateRolePermissionForTableAsync(tables[index]); } else { return(CreateErrorResponse($"Invalid table {table}")); } } return(CreateSuccessResponse()); }
/// <summary> /// Create User (Role) and Permission in cosmos from input role /// </summary> /// <param name="role">user role</param> /// <returns>Task async</returns> private static async Task CreateRolePermissionForRoleAsync(string role) { var rolePermissions = await CosmosRolePermission.QueryByRole(role); // Create User with the role var userId = role; await CosmosRolePermission.CreateCosmosUser(userId); foreach (var item in rolePermissions) { // only process "read", "read-write" permissions if (!Configurations.Cosmos.AcceptedPermissions.Contains(item.Permission, StringComparer.OrdinalIgnoreCase)) { continue; } // create permission for this user role await item.CreateCosmosPermission(userId, item.Table); } }