#pragma warning disable CA1506
public async Task <IActionResult> Create([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
var existingPermissionSet = await DatabaseContext
.PermissionSets
.AsQueryable()
.Where(x => x.Id == model.PermissionSetId)
.Select(x => new Models.PermissionSet
{
UserId = x.UserId,
})
.FirstOrDefaultAsync(cancellationToken)
.ConfigureAwait(false);
if (existingPermissionSet == default)
{
return(Gone());
}
if (existingPermissionSet.UserId.HasValue)
{
var userCanonicalName = await DatabaseContext
.Users
.AsQueryable()
.Where(x => x.Id == existingPermissionSet.UserId.Value)
.Select(x => x.CanonicalName)
.FirstAsync(cancellationToken)
.ConfigureAwait(false);
if (userCanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName))
{
return(Forbid());
}
}
var dbUser = new InstancePermissionSet
{
ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None),
ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None),
ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None),
DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None),
DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None),
RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None),
InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? InstancePermissionSetRights.None),
PermissionSetId = model.PermissionSetId,
InstanceId = Instance.Id.Value,
};
DatabaseContext.InstancePermissionSets.Add(dbUser);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
return(Created(dbUser.ToApi()));
}
public async Task <IActionResult> Create([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
var userCanonicalName = await DatabaseContext
.Users
.AsQueryable()
.Where(x => x.Id == model.UserId)
.Select(x => x.CanonicalName)
.FirstOrDefaultAsync(cancellationToken)
.ConfigureAwait(false);
if (userCanonicalName == default)
{
return(BadRequest(new ErrorMessage(ErrorCode.ModelValidationFailure)));
}
if (userCanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName))
{
return(Forbid());
}
var dbUser = new Models.InstanceUser
{
ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None),
ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None),
ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None),
DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None),
DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None),
RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None),
InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? InstanceUserRights.None),
UserId = model.UserId,
InstanceId = Instance.Id
};
DatabaseContext.InstanceUsers.Add(dbUser);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
return(Created(dbUser.ToApi()));
}
#pragma warning disable CA1506 // TODO: Decomplexify
public async Task <IActionResult> Update([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
var originalPermissionSet = await DatabaseContext
.Instances
.AsQueryable()
.Where(x => x.Id == Instance.Id)
.SelectMany(x => x.InstancePermissionSets)
.Where(x => x.PermissionSetId == model.PermissionSetId)
.FirstOrDefaultAsync(cancellationToken)
.ConfigureAwait(false);
if (originalPermissionSet == null)
{
return(Gone());
}
originalPermissionSet.ByondRights = RightsHelper.Clamp(model.ByondRights ?? originalPermissionSet.ByondRights.Value);
originalPermissionSet.RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? originalPermissionSet.RepositoryRights.Value);
originalPermissionSet.InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? originalPermissionSet.InstancePermissionSetRights.Value);
originalPermissionSet.ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? originalPermissionSet.ChatBotRights.Value);
originalPermissionSet.ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? originalPermissionSet.ConfigurationRights.Value);
originalPermissionSet.DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? originalPermissionSet.DreamDaemonRights.Value);
originalPermissionSet.DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? originalPermissionSet.DreamMakerRights.Value);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
var showFullPermissionSet = originalPermissionSet.PermissionSetId == AuthenticationContext.PermissionSet.Id.Value ||
(AuthenticationContext.GetRight(RightsType.InstancePermissionSet) & (ulong)InstancePermissionSetRights.Read) != 0;
return(Json(
showFullPermissionSet
? originalPermissionSet.ToApi()
: new InstancePermissionSetResponse
{
PermissionSetId = originalPermissionSet.PermissionSetId,
}));
}
#pragma warning disable CA1506 // TODO: Decomplexify
public async Task <IActionResult> Update([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken)
{
var earlyOut = StandardModelChecks(model);
if (earlyOut != null)
{
return(earlyOut);
}
var originalUser = await DatabaseContext
.Instances
.AsQueryable()
.Where(x => x.Id == Instance.Id)
.SelectMany(x => x.InstanceUsers)
.Where(x => x.UserId == model.UserId)
.FirstOrDefaultAsync(cancellationToken)
.ConfigureAwait(false);
if (originalUser == null)
{
return(StatusCode((int)HttpStatusCode.Gone));
}
originalUser.ByondRights = RightsHelper.Clamp(model.ByondRights ?? originalUser.ByondRights.Value);
originalUser.RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? originalUser.RepositoryRights.Value);
originalUser.InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? originalUser.InstanceUserRights.Value);
originalUser.ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? originalUser.ChatBotRights.Value);
originalUser.ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? originalUser.ConfigurationRights.Value);
originalUser.DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? originalUser.DreamDaemonRights.Value);
originalUser.DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? originalUser.DreamMakerRights.Value);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
return(Json(originalUser.UserId == AuthenticationContext.User.Id || (AuthenticationContext.GetRight(RightsType.InstanceUser) & (ulong)InstanceUserRights.ReadUsers) != 0 ? originalUser.ToApi() : new Api.Models.InstanceUser
{
UserId = originalUser.UserId
}));
}
public async Task <IActionResult> Create([FromBody] Api.Models.InstanceUser model, CancellationToken cancellationToken)
{
// Don't check the result as how can a new user have an ID
StandardModelChecks(model);
var dbUser = new Models.InstanceUser
{
ByondRights = RightsHelper.Clamp(model.ByondRights ?? ByondRights.None),
ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None),
ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None),
DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None),
DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None),
RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None),
InstanceUserRights = RightsHelper.Clamp(model.InstanceUserRights ?? InstanceUserRights.None),
UserId = model.UserId,
InstanceId = Instance.Id
};
DatabaseContext.InstanceUsers.Add(dbUser);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
return(StatusCode((int)HttpStatusCode.Created, dbUser.ToApi()));
}
#pragma warning disable CA1502 // TODO: Decomplexify
#pragma warning disable CA1506
public async Task <IActionResult> Update([FromBody] UserUpdate model, CancellationToken cancellationToken)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
if (!model.Id.HasValue)
{
return(BadRequest(new ErrorMessage(ErrorCode.ModelValidationFailure)));
}
var callerAdministrationRights = (AdministrationRights)AuthenticationContext.GetRight(RightsType.Administration);
var passwordEditOnly = !callerAdministrationRights.HasFlag(AdministrationRights.WriteUsers);
var originalUser = passwordEditOnly
? AuthenticationContext.User
: await DatabaseContext
.Users
.AsQueryable()
.Where(x => x.Id == model.Id)
.Include(x => x.CreatedBy)
.FirstOrDefaultAsync(cancellationToken)
.ConfigureAwait(false);
if (originalUser == default)
{
return(NotFound());
}
if (originalUser.CanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName))
{
return(Forbid());
}
// Ensure they are only trying to edit password (system identity change will trigger a bad request)
if (passwordEditOnly &&
(model.Id != originalUser.Id ||
model.InstanceManagerRights.HasValue ||
model.AdministrationRights.HasValue ||
model.Enabled.HasValue ||
model.Name != null))
{
return(Forbid());
}
if (model.SystemIdentifier != null && model.SystemIdentifier != originalUser.SystemIdentifier)
{
return(BadRequest(new ErrorMessage(ErrorCode.UserSidChange)));
}
if (model.Password != null)
{
var result = TrySetPassword(originalUser, model.Password, false);
if (result != null)
{
return(result);
}
}
if (model.Name != null && Models.User.CanonicalizeName(model.Name) != originalUser.CanonicalName)
{
return(BadRequest(new ErrorMessage(ErrorCode.UserNameChange)));
}
originalUser.InstanceManagerRights = RightsHelper.Clamp(model.InstanceManagerRights ?? originalUser.InstanceManagerRights.Value);
originalUser.AdministrationRights = RightsHelper.Clamp(model.AdministrationRights ?? originalUser.AdministrationRights.Value);
if (model.Enabled.HasValue)
{
if (originalUser.Enabled.Value && !model.Enabled.Value)
{
originalUser.LastPasswordUpdate = DateTimeOffset.Now;
}
originalUser.Enabled = model.Enabled.Value;
}
var fail = CheckValidName(model, false);
if (fail != null)
{
return(fail);
}
originalUser.Name = model.Name ?? originalUser.Name;
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
// return id only if not a self update and cannot read users
return(Json(
model.Id == originalUser.Id ||
callerAdministrationRights.HasFlag(AdministrationRights.ReadUsers)
? originalUser.ToApi(true)
: new Api.Models.User
{
Id = originalUser.Id
}));
}
public async Task <IActionResult> Create([FromBody] UserUpdate model, CancellationToken cancellationToken)
{
if (model == null)
{
throw new ArgumentNullException(nameof(model));
}
if (!(model.Password == null ^ model.SystemIdentifier == null))
{
return(BadRequest(new ErrorMessage(ErrorCode.UserMismatchPasswordSid)));
}
model.Name = model.Name?.Trim();
if (model.Name?.Length == 0)
{
model.Name = null;
}
if (!(model.Name == null ^ model.SystemIdentifier == null))
{
return(BadRequest(new ErrorMessage(ErrorCode.UserMismatchNameSid)));
}
var fail = CheckValidName(model, true);
if (fail != null)
{
return(fail);
}
var dbUser = new Models.User
{
AdministrationRights = RightsHelper.Clamp(model.AdministrationRights ?? AdministrationRights.None),
CreatedAt = DateTimeOffset.Now,
CreatedBy = AuthenticationContext.User,
Enabled = model.Enabled ?? false,
InstanceManagerRights = RightsHelper.Clamp(model.InstanceManagerRights ?? InstanceManagerRights.None),
Name = model.Name,
SystemIdentifier = model.SystemIdentifier,
InstanceUsers = new List <Models.InstanceUser>()
};
if (model.SystemIdentifier != null)
{
try
{
using var sysIdentity = await systemIdentityFactory.CreateSystemIdentity(dbUser, cancellationToken).ConfigureAwait(false);
if (sysIdentity == null)
{
return(Gone());
}
dbUser.Name = sysIdentity.Username;
dbUser.SystemIdentifier = sysIdentity.Uid;
}
catch (NotImplementedException)
{
return(RequiresPosixSystemIdentity());
}
}
else
{
var result = TrySetPassword(dbUser, model.Password, true);
if (result != null)
{
return(result);
}
}
dbUser.CanonicalName = Models.User.CanonicalizeName(dbUser.Name);
DatabaseContext.Users.Add(dbUser);
await DatabaseContext.Save(cancellationToken).ConfigureAwait(false);
return(Created(dbUser.ToApi(true)));
}
