public async Task <ApplicationFunctionModel> UpdateAsync(ApplicationFunctionModel applicationFunction)
{
a3SContext.Entry(applicationFunction).State = EntityState.Modified;
await a3SContext.SaveChangesAsync();
return(applicationFunction);
}
public async Task <ApplicationFunctionModel> CreateAsync(ApplicationFunctionModel applicationFunction)
{
a3SContext.ApplicationFunction.Add(applicationFunction);
await a3SContext.SaveChangesAsync();
return(applicationFunction);
}
private void AddResourcePermissionToFunction(ApplicationFunctionModel applicationFuction, SecurityContractPermission permission)
{
logger.Debug($"Assinging permission {permission.Name} to function: {applicationFuction.Name}.");
// Check if there is an existing permission within the database. Add this one if found, else create a new one and add it.
var existingPermission = permissionRepository.GetByName(permission.Name);
PermissionModel permissionToAdd = new PermissionModel
{
Name = permission.Name,
Description = permission.Description
};
if (existingPermission != null)
{
logger.Debug($"Permission {permission.Name} already exists within the database. Not adding it.");
permissionToAdd = existingPermission;
}
else
{
logger.Debug($"Permission {permission.Name} does not exist in the database. Adding it.");
}
applicationFuction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel
{
ApplicationFunction = applicationFuction,
Permission = permissionToAdd
});
}
private void AddPermissionToFunctionIfNotAlreadyAssigned(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission)
{
// add the permission if it does not exist.
var applicationPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name);
if (applicationPermission == null)
{
AddResourcePermissionToFunction(applicationFunction, permission);
}
}
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource)
{
// Remove any permissions from the application function that are not within the updated definition.
// Note! We are deleting items from the List so we cannot use a foreach.
for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--)
{
if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name))
{
logger.Debug($"[applications.fullname: '{applicationFunction.Application.Name}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}']: Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} was previously assigned to applicationFunction: '{applicationFunction.Name}' but is no longer assigned in the security contract being processed. Removing permission '{applicationFunction.ApplicationFunctionPermissions[i].Permission.Name}' from function '{applicationFunction.Name}'!");
// Note: This only removes the function permissions association. The permission will still exist.
applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]);
}
}
}
public ApplicationFunctionService_Tests()
{
var config = new MapperConfiguration(cfg =>
{
cfg.AddProfile(new ApplicationFunctionResourceApplicationFunctionModelProfile());
cfg.AddProfile(new UserResourceUserModelProfile());
});
mapper = config.CreateMapper();
applicationFunctionGuid = Guid.NewGuid();
mockedApplicationFunction = new ApplicationFunctionModel();
mockedApplicationFunction.Name = "Test applicationFunction";
mockedApplicationFunction.Id = applicationFunctionGuid;
}
private void DetectAndUnassignPermissionsRemovedFromFunctions(ApplicationFunctionModel applicationFunction, SecurityContractFunction functionResource)
{
// Remove any permissions from the application function that are not within the updated definition.
// Note! We are deleting items from the List so we cannot use a foreach.
for (int i = applicationFunction.ApplicationFunctionPermissions.Count - 1; i >= 0; i--)
{
logger.Debug($"Checking whether permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} should unassigned from function '" + applicationFunction.Name + "'.");
if (!functionResource.Permissions.Exists(fp => fp.Name == applicationFunction.ApplicationFunctionPermissions[i].Permission.Name))
{
logger.Debug($"Permission: {applicationFunction.ApplicationFunctionPermissions[i].Permission.Name} is being unassigned from function {applicationFunction.Name}!");
// Note: This only removes the function permissions association. The permission will still exist.
applicationFunction.ApplicationFunctionPermissions.Remove(applicationFunction.ApplicationFunctionPermissions[i]);
}
}
}
private ApplicationFunctionModel CreateNewFunctionFromResourceServerFunction(SecurityContractFunction functionResource, Guid updatedByGuid)
{
ApplicationFunctionModel newFunction = new ApplicationFunctionModel
{
Name = functionResource.Name,
Description = functionResource.Description,
ChangedBy = updatedByGuid
};
newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>();
if (functionResource.Permissions != null)
{
foreach (var permission in functionResource.Permissions)
{
AddResourcePermissionToFunction(newFunction, permission);
}
}
return(newFunction);
}
private ApplicationFunctionModel CreateNewApplicationFunctionFromSecurityContractApplicationFunction(SecurityContractFunction functionResource, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
{
logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{functionResource.Name}']: Adding function '{functionResource.Name}' to application '{applicationName}'.");
ApplicationFunctionModel newFunction = new ApplicationFunctionModel
{
Name = functionResource.Name,
Description = functionResource.Description,
ChangedBy = updatedByGuid
};
newFunction.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>();
if (functionResource.Permissions != null)
{
foreach (var permission in functionResource.Permissions)
{
AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(newFunction, permission, updatedByGuid, applicationName, dryRun, securityContractDryRunResult);
}
}
return(newFunction);
}
public SecurityContractApplicationService_Tests()
{
//set up some Guids.
applicationGuid = Guid.NewGuid();
permissionGuid1 = Guid.NewGuid();
permissionGuid2 = Guid.NewGuid();
permissionGuid3 = Guid.NewGuid();
functionGuid1 = Guid.NewGuid();
functionGuid2 = Guid.NewGuid();
// Set up an application mock
mockedApplication = new ApplicationModel();
mockedApplication.Name = "Mocked Application Name";
mockedApplication.Id = applicationGuid;
// Set up some permissions to assign to mocked functions
PermissionModel permissionTest1 = new PermissionModel
{
Id = permissionGuid1,
Name = "Permissions 1"
};
PermissionModel permissionTest2 = new PermissionModel
{
Id = permissionGuid2,
Name = "Permissions 2"
};
PermissionModel permissionTest3 = new PermissionModel
{
Id = permissionGuid3,
Name = "Permissions 3"
};
// Define function 1 and add permission 1 to it.
ApplicationFunctionModel applicationFunction1 = new ApplicationFunctionModel();
applicationFunction1.Id = functionGuid1;
applicationFunction1.Name = "Function 1";
applicationFunction1.Description = "Function 1 Description";
applicationFunction1.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>
{
new ApplicationFunctionPermissionModel
{
ApplicationFunction = applicationFunction1,
Permission = permissionTest1
}
};
// Define function 2 and add permissions 2 and 3 to it.
ApplicationFunctionModel applicationFunction2 = new ApplicationFunctionModel();
applicationFunction2.Id = functionGuid2;
applicationFunction2.Name = "Function 2";
applicationFunction2.Description = "Function 2 Description";
applicationFunction2.ApplicationFunctionPermissions = new List <ApplicationFunctionPermissionModel>
{
new ApplicationFunctionPermissionModel
{
ApplicationFunction = applicationFunction2,
Permission = permissionTest2
},
new ApplicationFunctionPermissionModel
{
ApplicationFunction = applicationFunction2,
Permission = permissionTest3
}
};
mockedApplication.ApplicationFunctions = new List <ApplicationFunctionModel>
{
applicationFunction1,
applicationFunction2
};
}
public async Task DeleteAsync(ApplicationFunctionModel applicationFunction)
{
a3SContext.ApplicationFunction.Remove(applicationFunction);
await a3SContext.SaveChangesAsync();
}
private void AssignExistingPermissionToApplicationFunction(PermissionModel existingPermission, string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult, Guid updatedByGuid)
{
if (ExistingPermissionIsAssignedToAnotherApplication(existingPermission, applicationName))
{
var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission name exists, but is not assigned to application '{applicationName}'. Cannot assign it to application '{applicationName}', as permissions can only be assigned to a single application";
if (dryRun)
{
securityContractDryRunResult.ValidationErrors.Add(errorMessage);
return;
}
throw new ItemNotProcessableException(errorMessage);
}
logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to application '{applicationName}'. Updating it.");
var applicationFunctionPermission = applicationFunction.ApplicationFunctionPermissions.Find(fp => fp.Permission.Name == permission.Name);
// This check will be true if the permission was assigned to another function attached to the same application. Prevent this!
if (applicationFunctionPermission == null)
{
var errorMessage = $"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' already assigned to another application function within application '{applicationName}'. This is prohibited.";
if (dryRun)
{
securityContractDryRunResult.ValidationErrors.Add(errorMessage);
return;
}
throw new ItemNotProcessableException(errorMessage);
}
// Still check if the permission is to be updated.
if (applicationFunctionPermission.Permission.Description != permission.Description)
{
applicationFunctionPermission.Permission.Description = permission.Description;
applicationFunctionPermission.Permission.ChangedBy = updatedByGuid;
}
}
private void AssignNewPermissionToApplicationFunction(string applicationName, ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid)
{
logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Permission '{permission.Name}' does not exist in A3S. Adding it.");
applicationFunction.ApplicationFunctionPermissions.Add(new ApplicationFunctionPermissionModel
{
ApplicationFunction = applicationFunction,
Permission = new PermissionModel
{
Name = permission.Name,
Description = permission.Description,
ChangedBy = updatedByGuid
},
ChangedBy = updatedByGuid
});
}
private void AddSecurityContractPermissionToApplicationFunctionAndUpdatePermissionIfChanged(ApplicationFunctionModel applicationFunction, SecurityContractPermission permission, Guid updatedByGuid, string applicationName, bool dryRun, SecurityContractDryRunResult securityContractDryRunResult)
{
logger.Debug($"[applications.fullname: '{applicationName}'].[applicationFunctions.name: '{applicationFunction.Name}'].[permissions.name: '{permission.Name}']: Attempting to assign permission '{permission.Name}' to function: {applicationFunction.Name}.");
// Check if there is an existing permission within the database. Add this one if found, but only if it is assigned to the current application, else create a new one and add it.
var existingPermission = permissionRepository.GetByName(permission.Name, true);
if (existingPermission != null)
{
AssignExistingPermissionToApplicationFunction(existingPermission, applicationName, applicationFunction, permission, dryRun, securityContractDryRunResult, updatedByGuid);
}
else
{
AssignNewPermissionToApplicationFunction(applicationName, applicationFunction, permission, updatedByGuid);
}
}
