Пример #1
0
        internal static RoleToken FromAuthorizationRole(AuthorizationRole Role, RoleClaims Claims)
        {
            string[] sg = (Role.SubjectIds == null ? new string[0] : Role.SubjectIds.Split(',').ToArray());

            return new RoleToken()
            {
                Role = Role,
                SubjectIdHashes = new HashSet<string>(sg, StringComparer.OrdinalIgnoreCase),
                SubjectIds = sg.ToList(),
                Claims = Claims
            };
        }
        private void UpdateClaims(AuthorizationRole AuthorizationRole, string[] ClaimKeys)
        {
            var proposedClaims = Claims.BuildClaims(ClaimKeys);

            var currentToken = RoleToken.FromAuthorizationRole(AuthorizationRole);
            var currentClaimKeys = Claims.GetClaimKeys(currentToken.Claims);
            var removedClaims = currentClaimKeys.Except(ClaimKeys).ToArray();
            var addedClaims = ClaimKeys.Except(currentClaimKeys).ToArray();

            AuthorizationRole.SetClaims(proposedClaims);
            UserService.UpdateAuthorizationRole(Database, AuthorizationRole);

            if (removedClaims.Length > 0)
                AuthorizationLog.LogRoleConfiguredClaimsRemoved(AuthorizationRole, CurrentUser.UserId, removedClaims);
            if (addedClaims.Length > 0)
                AuthorizationLog.LogRoleConfiguredClaimsAdded(AuthorizationRole, CurrentUser.UserId, addedClaims);
        }
 private void UpdateName(AuthorizationRole AuthorizationRole, string Name)
 {
     if (string.IsNullOrWhiteSpace(Name))
         throw new ArgumentNullException("Name", "Authorization Role Name is required");
     else
     {
         if (AuthorizationRole.Name != Name)
         {
             // Check for Duplicates
             var d = Database.AuthorizationRoles.Where(db => db.Id != AuthorizationRole.Id && db.Name == Name).Count();
             if (d > 0)
             {
                 throw new Exception("An Authorization Role with that name already exists");
             }
             var oldRoleName = AuthorizationRole.Name;
             AuthorizationRole.Name = Name;
             UserService.UpdateAuthorizationRole(Database, AuthorizationRole);
             AuthorizationLog.LogRoleConfiguredRenamed(AuthorizationRole, CurrentUser.UserId, oldRoleName);
         }
     }
 }
Пример #4
0
 internal static RoleToken UpdateRole(AuthorizationRole Role)
 {
     RemoveRole(Role);
     return AddRole(Role);
 }
Пример #5
0
 internal static void RemoveRole(AuthorizationRole Role)
 {
     var token = GetRoleToken(Role.Id);
     if (token != null)
         _Cache.Remove(token);
 }
Пример #6
0
 internal static RoleToken AddRole(AuthorizationRole Role)
 {
     var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role));
     _Cache.Add(token);
     return token;
 }
Пример #7
0
 /// <summary>
 /// Create a clone of an Authorization Role
 /// <para>Creates immutable clones to avoid side-effects</para>
 /// </summary>
 /// <param name="TemplateRole">Authorization Role to Clone</param>
 /// <returns>A copy of the Authorization Role</returns>
 private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole)
 {
     return new AuthorizationRole()
     {
         Id = TemplateRole.Id,
         Name = TemplateRole.Name,
         ClaimsJson = TemplateRole.ClaimsJson,
         SubjectIds = TemplateRole.SubjectIds
     };
 }
Пример #8
0
 public static void LogRoleConfiguredClaimsRemoved(AuthorizationRole Role, string UserId, IEnumerable<string> ClaimsRemoved)
 {
     var claims = string.Join("; ", ClaimsRemoved);
     Log(EventTypeIds.RoleConfiguredClaimsRemoved, Role.Id, Role.Name, UserId, claims);
 }
Пример #9
0
 public static void LogRoleConfiguredSubjectsRemoved(AuthorizationRole Role, string UserId, IEnumerable<string> SubjectsRemoved)
 {
     var subjects = string.Join("; ", SubjectsRemoved);
     Log(EventTypeIds.RoleConfiguredSubjectsRemoved, Role.Id, Role.Name, UserId, subjects);
 }
Пример #10
0
 public static void LogRoleConfiguredRenamed(AuthorizationRole Role, string UserId, string OldRoleName)
 {
     Log(EventTypeIds.RoleConfiguredRenamed, Role.Id, Role.Name, UserId, OldRoleName);
 }
Пример #11
0
 public static void LogRoleDeleted(AuthorizationRole Role, string UserId)
 {
     Log(EventTypeIds.RoleDeleted, Role.Id, Role.Name, UserId);
 }
Пример #12
0
        private void UpdateSubjects(AuthorizationRole AuthorizationRole, string[] Subjects)
        {
            string subjectIds = null;
            string[] removedSubjects = null;
            string[] addedSubjects = null;

            // Validate Subjects
            if (Subjects != null && Subjects.Length > 0)
            {
                var subjects = Subjects
                    .Where(s => !string.IsNullOrWhiteSpace(s))
                    .Select(s => s.Trim())
                    .Select(s => Tuple.Create(s, ActiveDirectory.RetrieveADObject(s, Quick: true)))
                    .Where(s => s.Item2 is ADUserAccount || s.Item2 is ADGroup)
                    .ToList();
                var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList();

                if (invalidSubjects.Count > 0)
                    throw new ArgumentException(string.Format("Subjects not found: {0}", string.Join(", ", invalidSubjects)), "Subjects");

                var proposedSubjects = subjects.Select(s => s.Item2.Id).OrderBy(s => s).ToArray();
                var currentSubjects = AuthorizationRole.SubjectIds == null ? new string[0] : AuthorizationRole.SubjectIds.Split(',');
                removedSubjects = currentSubjects.Except(proposedSubjects).ToArray();
                addedSubjects = proposedSubjects.Except(currentSubjects).ToArray();

                subjectIds = string.Join(",", proposedSubjects);

                if (string.IsNullOrEmpty(subjectIds))
                    subjectIds = null;
            }

            if (AuthorizationRole.SubjectIds != subjectIds)
            {
                AuthorizationRole.SubjectIds = subjectIds;
                UserService.UpdateAuthorizationRole(Database, AuthorizationRole);

                if (removedSubjects != null && removedSubjects.Length > 0)
                    AuthorizationLog.LogRoleConfiguredSubjectsRemoved(AuthorizationRole, CurrentUser.UserId, removedSubjects);
                if (addedSubjects != null && addedSubjects.Length > 0)
                    AuthorizationLog.LogRoleConfiguredSubjectsAdded(AuthorizationRole, CurrentUser.UserId, addedSubjects);
            }
        }
Пример #13
0
        public static void UpdateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
        {
            if (Role == null)
                throw new ArgumentNullException("Role");
            if (Database == null)
                throw new ArgumentNullException("Database");

            Database.SaveChanges();

            // Update Role Cache
            RoleCache.UpdateRole(Role);

            // Flush User Cache
            Cache.FlushCache();
        }
Пример #14
0
        public static void DeleteAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
        {
            if (Role == null)
                throw new ArgumentNullException("Role");

            Database.AuthorizationRoles.Remove(Role);
            Database.SaveChanges();

            AuthorizationLog.LogRoleDeleted(Role, CurrentUserId);

            // Remove from Role Cache
            RoleCache.RemoveRole(Role);

            // Flush User Cache
            Cache.FlushCache();
        }
Пример #15
0
        public static int CreateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
        {
            if (Role == null)
                throw new ArgumentNullException("Role");

            if (string.IsNullOrWhiteSpace(Role.ClaimsJson))
                Role.ClaimsJson = JsonConvert.SerializeObject(new RoleClaims());

            Database.AuthorizationRoles.Add(Role);
            Database.SaveChanges();

            AuthorizationLog.LogRoleCreated(Role, CurrentUserId);

            // Add to Cache
            RoleCache.AddRole(Role);

            // Flush User Cache
            Cache.FlushCache();

            return Role.Id;
        }
Пример #16
0
        public static RoleToken FromAuthorizationRole(AuthorizationRole Role)
        {
            var claims = JsonConvert.DeserializeObject<RoleClaims>(Role.ClaimsJson);

            return FromAuthorizationRole(Role, claims);
        }