public async Task <IActionResult> RemoveUserClaim([FromQuery] string userPrincipalName, [FromQuery] string categoryName)
{
try
{
/* Validate whether authenticated user is samples administrator */
string authenticatedUserPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(authenticatedUserPrincipalName);
if (!isAdmin)
{
return(new JsonResult(
$"{userPrincipalName} is not authorized to remove the user claim.")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
if (string.IsNullOrEmpty(userPrincipalName) || string.IsNullOrEmpty(categoryName))
{
return(new JsonResult($"Provide both the user principal name and category name in the search parameters. " +
$"e.g. /api/GraphExplorerSamplesAdmin?userprincipalname=john.doe@microsoft.com&categoryname=users")
{
StatusCode = StatusCodes.Status400BadRequest
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Remove the user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.RemoveUserClaim(policies, categoryName, userPrincipalName);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Get the category policy that has just been updated
CategoryPolicy categoryPolicy = updatedPoliciesList.CategoryPolicies.FirstOrDefault(x =>
x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase));
return(Ok(categoryPolicy));
}
catch (InvalidOperationException invalidOpsException)
{
// One or more parameters values do not exist in the list of category policies
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> UpdateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
string userPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to update the user claim.")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Update the user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Fetch the category policy with the updated user claim
categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
// Success; return the user claim in the category policy that was just updated
return(Ok(categoryPolicy));
}
catch (InvalidOperationException invalidOpsException)
{
// Category policy provided doesn't exist
return(new JsonResult(invalidOpsException.Message)
{
StatusCode = StatusCodes.Status404NotFound
});
}
catch (ArgumentNullException argNullException)
{
// Missing required parameter
return(new JsonResult(argNullException.Message)
{
StatusCode = StatusCodes.Status400BadRequest
});
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
ClaimsIdentity identity = (ClaimsIdentity)User.Identity;
IEnumerable <Claim> claims = identity.Claims;
string userPrincipalName =
(claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnJwt, StringComparison.OrdinalIgnoreCase)) ??
claims?.FirstOrDefault(x => x.Type.Equals(Constants.ClaimTypes.UpnUriSchema, StringComparison.OrdinalIgnoreCase)))?.Value;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.")
{
StatusCode = StatusCodes.Status403Forbidden
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Add the new user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Extract the first user claim from the given categoryPolicy; this is what was added
UserClaim userClaim = categoryPolicy.UserClaims.First();
// Fetch the category policy with the newly created user claim
categoryPolicy = updatedPoliciesList.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
// Create the query Uri for the newly created user claim
string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}",
Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName);
return(Created(newUserClaimUri, categoryPolicy));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Removes a <see cref="UserClaim"/> from a <see cref="CategoryPolicy"/> object.
/// </summary>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param>
/// <param name="categoryPolicyName">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be removed from.</param>
/// <param name="userPrincipalName">The target User Principal Name whose <see cref="UserClaim"/> needs to be removed from the <see cref="CategoryPolicy"/> object.</param>
/// <returns>The updated list of <see cref="SampleQueriesPolicies"/>
/// with the <see cref="UserClaim"/> of a target User Principal Name removed from the target <see cref="CategoryPolicy"/> object.</returns>
public static SampleQueriesPolicies RemoveUserClaim(SampleQueriesPolicies policies, string categoryPolicyName,
string userPrincipalName)
{
if (policies == null || policies.CategoryPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty.");
}
if (string.IsNullOrEmpty(categoryPolicyName))
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy name cannot be null or empty.");
}
if (string.IsNullOrEmpty(userPrincipalName))
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The user prinicpal name cannot be null or empty.");
}
// Search the target category policy from the list of policies
CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find(
x => x.CategoryName.ToLower() == categoryPolicyName.ToLower());
if (categoryPolicy == null)
{
throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicyName}");
}
// This will be used later to insert the updated category policy back into the list of policies
int categoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == categoryPolicy);
// Fetch the user claim
UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault(
x => x.UserPrincipalName.ToLower() == userPrincipalName.ToLower());
if (userClaim == null)
{
throw new InvalidOperationException($"The specified user principal name has no claim in the specified category. " +
$"UPN: {userPrincipalName}");
}
// Get the location of the provided user claim from the category policy
int userClaimIndex = categoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName);
// Remove this user claim from the list of user claims
categoryPolicy.UserClaims.RemoveAt(userClaimIndex);
// Update the modified category policy back into list of policies
policies.CategoryPolicies.Insert(categoryPolicyIndex, categoryPolicy);
// Delete the original category policy pushed to the next index
policies.CategoryPolicies.RemoveAt(++categoryPolicyIndex);
return(policies);
}
/// <summary>
/// Gets the list of <see cref="CategoryPolicy"/> or a <see cref="CategoryPolicy"/> that a User Principal Name has claims in.
/// </summary>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> to search in.</param>
/// <param name="userPrincipalName">The target User Principal Name which to search for in the list of <see cref="CategoryPolicy"/>.</param>
/// <param name="categoryName">The name of the target <see cref="CategoryPolicy"/> to be searched for in the list of <see cref="CategoryPolicy"/>.
/// If unspecified, all the category policies will be included in the search.</param>
/// <returns>A list of filtered <see cref="CategoryPolicy"/> or the target <see cref="CategoryPolicy"/> with the claims for the specified User Principal Name.</returns>
private static List <CategoryPolicy> GetUserPrincipalCategoryPolicies(SampleQueriesPolicies policies, string userPrincipalName, string categoryName = null)
{
List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>();
if (string.IsNullOrEmpty(categoryName))
{
// Search for all category policies that the specified user principal name has claims in
categoryPolicies = policies.CategoryPolicies.FindAll(x => x.UserClaims.Exists(y => y.UserPrincipalName == userPrincipalName));
}
else
{
// Search for the category policy that the specified user principal name has claims in
CategoryPolicy categoryPolicy = policies.CategoryPolicies.Find
(x => x.CategoryName.Equals(categoryName, StringComparison.OrdinalIgnoreCase) &&
x.UserClaims.Exists(y => y.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase)));
if (categoryPolicy == null)
{
return(null);
}
else
{
categoryPolicies.Add(categoryPolicy);
}
}
if (!categoryPolicies.Any())
{
return(null);
}
List <CategoryPolicy> filteredCategoryPolicies = new List <CategoryPolicy>();
// Filter each category policy to extract the specified user principal's claims
foreach (CategoryPolicy categoryPolicy in categoryPolicies)
{
UserClaim userClaim = categoryPolicy.UserClaims.Find(x => x.UserPrincipalName.Equals(userPrincipalName, StringComparison.OrdinalIgnoreCase));
CategoryPolicy userPrincipalPolicy = new CategoryPolicy
{
CategoryName = categoryPolicy.CategoryName,
UserClaims = new List <UserClaim> {
userClaim
}
};
filteredCategoryPolicies.Add(userPrincipalPolicy);
}
return(filteredCategoryPolicies);
}
/// <summary>
/// Creates a default template of policies for the sample query categories.
/// </summary>
/// <returns>An instance of <see cref="SampleQueriesPolicies"/> containing a list of <see cref="CategoryPolicy"/>.</returns>
public static SampleQueriesPolicies CreateDefaultPoliciesTemplate()
{
if (SampleQueriesCategories.CategoriesLinkedList.Count == 0)
{
throw new InvalidOperationException("Cannot create a default policy template; the list of categories is empty.");
}
// List to hold the category policies
List <CategoryPolicy> categoryPolicies = new List <CategoryPolicy>();
// Create the default policy template for each category in the list
foreach (string category in SampleQueriesCategories.CategoriesLinkedList)
{
CategoryPolicy categoryPolicy = new CategoryPolicy()
{
CategoryName = category,
UserClaims = new List <UserClaim>()
{
new UserClaim()
{
UserPermissions = new List <Permission>()
{
new Permission()
{
Name = HttpMethods.Post
},
new Permission()
{
Name = HttpMethods.Put
},
new Permission()
{
Name = HttpMethods.Delete
}
}
}
}
};
categoryPolicies.Add(categoryPolicy);
}
SampleQueriesPolicies policies = new SampleQueriesPolicies()
{
CategoryPolicies = categoryPolicies
};
return(policies);
}
public async Task <IActionResult> CreateUserClaimAsync([FromBody] CategoryPolicy categoryPolicy)
{
try
{
/* Validate whether authenticated user is samples administrator */
string userPrincipalName = User.Identity.Name;
bool isAdmin = _administrators.Administrators.Contains(userPrincipalName);
if (!isAdmin)
{
return(new JsonResult($"{userPrincipalName} is not authorized to create the user claim.")
{
StatusCode = StatusCodes.Status401Unauthorized
});
}
// Get the list of policies
SampleQueriesPolicies policies = await GetSampleQueriesPoliciesAsync();
// Add the new user claim in the given category policy
SampleQueriesPolicies updatedPoliciesList = SamplesPolicyService.ModifyUserClaim(policies, categoryPolicy);
string updatedPoliciesJson = SamplesPolicyService.SerializeSampleQueriesPolicies(updatedPoliciesList);
await _fileUtility.WriteToFile(updatedPoliciesJson, _policiesFilePathSource);
// Extract the first user claim from the given categoryPolicy; this is what was added
UserClaim userClaim = categoryPolicy.UserClaims.First();
// Create the query Uri for the newly created sample query
string newUserClaimUri = string.Format("{0}://{1}{2}?userprincipalname={3}&categoryname={4}",
Request.Scheme, Request.Host, Request.Path.Value, userClaim.UserPrincipalName, categoryPolicy.CategoryName);
return(Created(newUserClaimUri, categoryPolicy));
}
catch (Exception exception)
{
return(new JsonResult(exception.Message)
{
StatusCode = StatusCodes.Status500InternalServerError
});
}
}
/// <summary>
/// Adds to or updates a <see cref="UserClaim"/> in a target <see cref="CategoryPolicy"/> object.
/// </summary>
/// <param name="categoryPolicy">The target <see cref="CategoryPolicy"/> object where the <see cref="UserClaim"/> needs to be updated or added into.</param>
/// <param name="policies">The list of <see cref="CategoryPolicy"/> where the target <see cref="CategoryPolicy"/> object is contained.</param>
/// <returns>The updated list of <see cref="SampleQueriesPolicies"/>
/// with the new <see cref="UserClaim"/> added or updated at the target <see cref="CategoryPolicy"/> object.</returns>
public static SampleQueriesPolicies ModifyUserClaim(SampleQueriesPolicies policies, CategoryPolicy categoryPolicy)
{
if (policies == null || policies.CategoryPolicies.Count == 0)
{
throw new ArgumentNullException(nameof(SampleQueriesPolicies), "The list of policies cannot be null or empty.");
}
if (categoryPolicy == null)
{
throw new ArgumentNullException(nameof(CategoryPolicy), "The category policy cannot be null.");
}
// Search the target category policy from the list of policies
CategoryPolicy tempCategoryPolicy = policies.CategoryPolicies.Find(x => x.CategoryName == categoryPolicy.CategoryName);
if (tempCategoryPolicy == null)
{
throw new InvalidOperationException($"The specified category policy doesn't exist: {categoryPolicy.CategoryName}");
}
// This will be used later to insert the updated category policy back into the list of policies
int tempCategoryPolicyIndex = policies.CategoryPolicies.FindIndex(x => x == tempCategoryPolicy);
// Fetch the first user claim from the argument supplied
UserClaim userClaim = categoryPolicy.UserClaims.FirstOrDefault();
if (userClaim == null)
{
throw new ArgumentNullException(nameof(CategoryPolicy), "User claim information missing.");
}
// Get the location of the provided user claim from the temp. category policy
int userClaimIndex = tempCategoryPolicy.UserClaims.FindIndex(x => x.UserPrincipalName == userClaim.UserPrincipalName);
// Add new user claim request
if (userClaimIndex < 0)
{
// Check first whether we have default user claim values in the temp. category policy
CategoryPolicy defaultCategoryPolicyTemplate = new CategoryPolicy
{
UserClaims = new List <UserClaim>()
{
new UserClaim()
}
};
if (tempCategoryPolicy.UserClaims.First().UserPrincipalName ==
defaultCategoryPolicyTemplate.UserClaims.First().UserPrincipalName)
{
/* This is the first claim for this category policy;
* clear the default user claim and add the new user claim. */
tempCategoryPolicy.UserClaims.Clear();
tempCategoryPolicy.UserClaims.Add(userClaim);
}
else // we already have other unique user claim values in this category policy
{
// Insert the new user claim info. to the end of list of user claims
tempCategoryPolicy.UserClaims.Add(userClaim);
}
}
else // Update user claim request
{
// Update the current index with new user claim info.
tempCategoryPolicy.UserClaims.Insert(userClaimIndex, userClaim);
// Delete the original user claim pushed to the next index
tempCategoryPolicy.UserClaims.RemoveAt(++userClaimIndex);
}
// Update the modified category policy back into list of policies
policies.CategoryPolicies.Insert(tempCategoryPolicyIndex, tempCategoryPolicy);
// Delete the original category policy pushed to the next index
policies.CategoryPolicies.RemoveAt(++tempCategoryPolicyIndex);
return(policies);
}
