public async Task <RoleDto> Handle(
Command request,
CancellationToken cancellationToken)
{
if (await _dbContext.Roles.AnyAsync(
x => x.Name == request.Name,
cancellationToken))
{
throw new HttpException(
HttpStatusCode.BadRequest,
new
{
Error = $"There is already a role with name {request.Name}."
});
}
var role = new Role(
request.Name);
role.AddPermissions(request.Permissions);
await _dbContext.Roles.AddAsync(
role,
cancellationToken);
await _dbContext.SaveChangesAsync(cancellationToken);
return(new RoleDto(
role.Id,
role.Name,
string.Join(
", ",
role.PermissionsInRole)));
}
public static async Task SeedData(
ApplicationDbContext context,
IPasswordHasher passwordHasher)
{
if (!context.Users.Any())
{
var salt = Guid.NewGuid().ToByteArray();
var user1 = new User(
"John",
"Doe",
"*****@*****.**",
"john",
string.Empty,
passwordHasher.Hash(
"test",
salt),
salt,
new Address()
);
user1.CustomFields = new[] { new CustomField("Age", "35") };
await context.Users.AddAsync(user1);
var role1 = new Role("Base User");
role1.AddPermissions(new List <Permissions> {
Permissions.ReadUsers
});
await context.Roles.AddAsync(role1);
var userRole1 = new UserRole(user1, role1);
await context.UserRoles.AddAsync(userRole1);
var user2 = new User(
"Jane",
"Doe",
"*****@*****.**",
"jane",
string.Empty,
passwordHasher.Hash(
"test",
salt),
salt,
new Address()
);
await context.Users.AddAsync(user2);
var role2 = new Role("Super User");
role2.AddPermissions(new List <Permissions> {
Permissions.SuperUser
});
await context.Roles.AddAsync(role2);
var userRole2 = new UserRole(user2, role2);
await context.UserRoles.AddAsync(userRole2);
await context.SaveChangesAsync();
}
}
private Role SeedSequrity(IDatabaseContext context)
{
var existingPermissions = context.Set <Permission>().ToList();
var existingRoleTypes = context.Set <RoleType>().ToList();
foreach (var permission in EnumExtension.ToList <PermissionEnum>())
{
if (!existingPermissions.Any(x => x.Id == permission.Value))
{
var permissionEntity = new Permission(permission.Value, 1, permission.Description);
context.Attach(permissionEntity).State = EntityState.Added;
}
}
foreach (var roleType in EnumExtension.ToList <RoleTypeEnum>())
{
if (!existingRoleTypes.Any(x => x.Id == roleType.Value))
{
var roleTypeEntity = new RoleType(roleType.Value, 1, roleType.Description);
context.Attach(roleTypeEntity).State = EntityState.Added;
}
}
var roleEntity = new Role(1, "System administrator", null, (int)RoleTypeEnum.Administrator);
roleEntity.AddPermissions(new List <int>()
{
(int)PermissionEnum.OperationsOnUser,
(int)PermissionEnum.OperationsOnUserDevice,
(int)PermissionEnum.OperationsOnUserIdentity,
(int)PermissionEnum.OperationsOnClient
}, 1);
var existingRole = context.Set <Role>().FirstOrDefault(x => x.Name.Equals(roleEntity.Name) && x.RoleTypeId == (int)RoleTypeEnum.Administrator);
if (existingRole == null)
{
context.Attach(roleEntity).State = EntityState.Added;
}
context.SaveChanges();
if (existingRole == null)
{
return(roleEntity);
}
else
{
return(existingRole);
}
}
static void Main()
{
var storage = new Dictionary <Guid, List <object> >();
Func <Guid, Tuple <Int32, IEnumerable <object> > > reader = id => {
List <object> events;
if (storage.TryGetValue(id, out events))
{
return(new Tuple <int, IEnumerable <object> >(events.Count, events));
}
return(null);
};
var unitOfWork = new UnitOfWork();
var roleRepository = new Repository <Role>(Role.Factory, unitOfWork, reader);
var roleGroupRepository = new Repository <RoleGroup>(RoleGroup.Factory, unitOfWork, reader);
var userAccountRepository = new Repository <UserAccount>(UserAccount.Factory, unitOfWork, reader);
// Setting up security (accounts, roles and authorization)
var administratorRoleId = new RoleId(Guid.NewGuid());
var administratorRole = new Role(administratorRoleId, new Name("Administrator"));
administratorRole.AddPermissions(SecurityPermissions.All);
administratorRole.AllowPermissions(SecurityPermissions.All);
roleRepository.Add(administratorRole.Id, administratorRole);
var subRole1Id = new RoleId(Guid.NewGuid());
var subRole1 = new Role(subRole1Id, new Name("SubRole1"));
subRole1.AddPermission(SecurityPermissions.AddRole);
subRole1.DenyPermission(SecurityPermissions.AddRole);
roleRepository.Add(subRole1.Id, subRole1);
var subRole2Id = new RoleId(Guid.NewGuid());
var subRole2 = new Role(subRole2Id, new Name("SubRole2"));
subRole2.AddPermission(SecurityPermissions.AddRole);
subRole2.AllowPermission(SecurityPermissions.AddRole);
roleRepository.Add(subRole2.Id, subRole2);
var group1Id = new RoleGroupId(Guid.NewGuid());
var group1 = new RoleGroup(group1Id, new Name("SubRole 1 & 2"));
group1.AddRole(subRole1);
group1.AddRole(subRole2);
roleGroupRepository.Add(group1.Id, group1);
var administratorId = new UserAccountId(Guid.NewGuid());
var administrator = new UserAccount(administratorId, new UserAccountName("Administrator"));
administrator.GrantRole(administratorRole);
administrator.GrantRoleGroup(group1);
userAccountRepository.Add(administrator.Id, administrator);
// Using security - in domain layer code
var combinator = new AccessDecisionCombinator();
administrator.CombineDecisions(combinator, roleRepository, roleGroupRepository);
var decider = combinator.BuildDecider();
Console.WriteLine(decider.IsAllowed(SecurityPermissions.AddUserAccount));
// Using security - in application layer code
var command = new AddUserAccount(
new Guid("735A259F-996B-4174-9899-3D40242BF6B1"),
"Pierke Pol");
var resolver = new PermissionResolver();
var service =
new UserAccountApplicationService(
userAccountRepository,
roleRepository,
roleGroupRepository);
var authorizer =
new MessageAuthorizer(
resolver,
userAccountRepository,
roleRepository,
roleGroupRepository);
var commandHandler = service.Secure <AddUserAccount>(authorizer);
commandHandler.Handle(new SecurityContext <AddUserAccount>(administratorId, command));
// Using security - in projection code
var builder = new SqlConnectionStringBuilder("Data Source=.\\SQLEXPRESS;Initial Catalog=<YourStoreHere>;Integrated Security=SSPI;");
// What that table could look like ...
//CREATE TABLE [UserAccountEffectiveRoles](
// [UserAccountId] [uniqueidentifier] NOT NULL,
// [RoleId] [uniqueidentifier] NULL,
// [RoleGroupId] [uniqueidentifier] NULL,
// [Id] [int] IDENTITY(1,1) NOT NULL,
// CONSTRAINT [PK_UserAccountEffectiveRoles] PRIMARY KEY CLUSTERED ( [Id] ASC )
//)
var observer = new SqlStatementObserver();
// var lookup = new MemoryRoleGroupLookup(new Dictionary<Guid, HashSet<Guid>>());
var lookupInitializer = new SqlBasedLookupRolesOfRoleGroupInitializer(builder);
var lookup = lookupInitializer.Initialize();
var projectionHandler = new UserAccountEffectiveRolesProjectionHandler(observer, lookup);
var compositeProjectionHandler = new CompositeHandler(
new IHandle <object>[] {
new HandlerAdapter <AddedRoleToRoleGroup>(lookup),
new HandlerAdapter <RemovedRoleFromRoleGroup>(lookup),
new HandlerAdapter <DisabledUserAccount>(projectionHandler),
new HandlerAdapter <RoleGrantedToUserAccount>(projectionHandler),
new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
new HandlerAdapter <RoleGroupGrantedToUserAccount>(projectionHandler),
new HandlerAdapter <RoleRevokedFromUserAccount>(projectionHandler),
new HandlerAdapter <AddedRoleToRoleGroup>(projectionHandler),
new HandlerAdapter <RemovedRoleFromRoleGroup>(projectionHandler)
});
foreach (var change in unitOfWork.GetChanges())
{
compositeProjectionHandler.Handle(change);
}
new BatchedSqlStatementFlusher(
builder).
Flush(observer.Statements);
Console.ReadLine();
}
