public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access)
{
try
{
Bucket bucket = await _client.GetBucketAsync(key);
PredefinedBucketAcl bacl = access == ReadAccess.Public
? PredefinedBucketAcl.PublicRead
: PredefinedBucketAcl.Private;
PredefinedObjectAcl oacl = access == ReadAccess.Public
? PredefinedObjectAcl.PublicRead
: PredefinedObjectAcl.Private;
_client.UpdateBucket(bucket, new UpdateBucketOptions()
{
PredefinedAcl = bacl,
PredefinedDefaultObjectAcl = oacl
});
var buckets = _client.ListObjects(key).ReadPage(Int32.MaxValue / 2);
IEnumerable <Task> tasks = buckets.Select(s =>
_client.UpdateObjectAsync(s, new UpdateObjectOptions()
{
PredefinedAcl = oacl
}));
await Task.WhenAll(tasks);
return(new OperationResult(true, "", HttpStatusCode.OK));
}
catch (GoogleApiException e)
{
return(new OperationResult(false, e.Message, (HttpStatusCode)e.Error.Code));
}
}
public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access)
{
try
{
bool exist = await ExistBucket(key);
if (!exist)
{
return(new OperationResult(false, "Bucket does not exist", HttpStatusCode.NotFound));
}
CloudBlobContainer bucket = _client.GetContainerReference(key);
BlobContainerPermissions perm = await bucket.GetPermissionsAsync();
perm.PublicAccess = access == ReadAccess.Public
? BlobContainerPublicAccessType.Blob
: BlobContainerPublicAccessType.Off;
await bucket.SetPermissionsAsync(perm);
return(new OperationResult(true, "Permission is now " + access.ToString(), HttpStatusCode.OK));
}
catch (Exception e)
{
return(new OperationResult(false, e.Message, HttpStatusCode.BadRequest));
}
}
public async Task <OperationResult> SetReadPolicy(string key, ReadAccess access)
{
OperationResult aclResult = await SetACL(key, access, 10);
OperationResult resp = await GetAllObjectURI(key);
if (!resp.Success)
{
return(resp);
}
IEnumerable <Uri> uris = resp.Message.Split('\n').Where(s => s.Trim() != "").Select(s => new Uri(s));
foreach (Uri uri in uris)
{
OperationResult acl = await SetBlobACL(uri, access, 10);
if (!acl.Success)
{
return(acl.AppendUri(uri));
}
}
return(aclResult);
}
private async Task <OperationResult> SetPolicy(string key, ReadAccess access, int max, int count = 0)
{
if (++count == max)
{
return(new OperationResult(false, "Failed too many times due to conflict", HttpStatusCode.BadRequest));
}
OperationResult resp;
string endpoint = $"https://s3-{_region}.amazonaws.com/{key}/?policy=";
if (access == ReadAccess.Public)
{
var policy = AWSPolicyFactory.GeneratePolicy(access, key);
var content = JsonConvert.SerializeObject(policy);
resp = await _client.SendRequest(HttpMethod.Put, endpoint, content, "application/json",
HttpStatusCode.NoContent);
}
else
{
resp = await _client.SendRequest(HttpMethod.Delete, endpoint, null, "text/plain",
HttpStatusCode.NoContent);
}
if (resp.StatusCode == HttpStatusCode.Conflict)
{
return(await SetPolicy(key, access, max, count));
}
return(resp);
}
public async Task <OperationResult> PutBlob(byte[] payload, Uri key)
{
var resp = await _client.SendRequest(HttpMethod.Put, key, payload);
string bucket = key.AbsolutePath.Split('/').Where(s => s.Trim() != "").First();
var highestLevelDomain = key.Host.Split('.').First();
if (highestLevelDomain != _region)
{
bucket = highestLevelDomain;
}
bool isPub = await IsBucketPublic(bucket);
ReadAccess access = isPub ? ReadAccess.Public : ReadAccess.Private;
var acl = await SetBlobACL(key, access, 10);
if (!acl.Success)
{
return(acl);
}
return(resp.AppendUri(key));
}
public async Task <OperationResult> CreateBlob(byte[] payload, string key)
{
bool exist = await ExistBlob(key);
if (exist)
{
return(new OperationResult(false, "Object already exist", HttpStatusCode.BadRequest));
}
string endpoint = $"https://{_region}.digitaloceanspaces.com/{_key}/{key}";
var resp = await _client.SendRequest(HttpMethod.Put, endpoint, payload);
bool isPub = await _bucketClient.IsBucketPublic(_key);
ReadAccess access = isPub ? ReadAccess.Public : ReadAccess.Private;
var acl = await _bucketClient.SetBlobACL(new Uri(endpoint), access, 10);
if (!acl.Success)
{
return(acl);
}
return(resp.Success ? resp.AppendUri(endpoint) : resp);
}
public override string ToString()
{
StringBuilder sb = new StringBuilder("{");
sb.Append(ZoneId.ToString() + ",");
sb.Append(UserRoleId.ToString() + ",");
sb.Append(ReadAccess.ToString() + ",");
sb.Append(WriteAccess.ToString() + "}");
return(sb.ToString());
}
protected override void ExecuteWorkflowLogic()
{
var target = ConvertToEntityReference(Record.Get(Context.ExecutionContext));
#region Build Sharing Mask
var rights = AccessRights.None;
if (ReadAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.ReadAccess;
}
if (WriteAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.WriteAccess;
}
if (DeleteAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.DeleteAccess;
}
if (AppendAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.AppendAccess;
}
if (AppendToAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.AppendToAccess;
}
if (AssignAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.AssignAccess;
}
if (ShareAccess.Get(Context.ExecutionContext))
{
rights |= AccessRights.ShareAccess;
}
#endregion Build Sharing Mask
Context.SystemService.Execute(new ModifyAccessRequest()
{
PrincipalAccess = new PrincipalAccess()
{
AccessMask = rights,
Principal = User.Get(Context.ExecutionContext)
},
Target = target
});
}
private void SetReadAccess(Database[] dbs, ReadAccess access)
{
for (int i = 1; i <= dbs.Length; i++)
{
Database db = dbs[i - 1];
base.UpdateProgressAndDeclare(0, i, db.Name);
if (Force || ShouldProcess(db.Name, string.Format("Make {0}", access.ToString())))
{
db.ReadOnly = Convert.ToBoolean(access);
db.Alter();
}
}
base.UpdateProgress(0);
}
internal static Policy GeneratePolicy(ReadAccess access, string bucket)
{
List <PolicyStatement> statements = new List <PolicyStatement>();
if (access == ReadAccess.Public)
{
statements.Add(new PolicyStatement(
"AllowPublicRead" + Guid.NewGuid().ToString(),
new string[] { "s3:GetObject" },
"Allow",
$"arn:aws:s3:::{bucket}/*",
"*"
));
}
return(new Policy("ReadPolicy" + Guid.NewGuid().ToString(), "2012-10-17", statements.ToArray()));
}
internal static string GenerateACL(ReadAccess access, string ownerId)
{
if (access == ReadAccess.Public)
{
return($@"<AccessControlPolicy xmlns=""http://s3.amazonaws.com/doc/2006-03-01/"">
<Owner>
<ID>{ownerId}</ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""CanonicalUser"">
<ID>{ownerId}</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
<Grant>
<Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""Group"">
<URI>http://acs.amazonaws.com/groups/global/AllUsers</URI>
</Grantee>
<Permission>READ</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>");
}
else
{
return($@"<AccessControlPolicy xmlns=""http://s3.amazonaws.com/doc/2006-03-01/"">
<Owner>
<ID>{ownerId}</ID>
</Owner>
<AccessControlList>
<Grant>
<Grantee xmlns:xsi=""http://www.w3.org/2001/XMLSchema-instance"" xsi:type=""CanonicalUser"">
<ID>{ownerId}</ID>
</Grantee>
<Permission>FULL_CONTROL</Permission>
</Grant>
</AccessControlList>
</AccessControlPolicy>");
}
}
private async Task <OperationResult> SetACL(string key, ReadAccess access, int max, int count = 0)
{
if (++count == max)
{
return(new OperationResult(false, "Failed too many times due to conflict", HttpStatusCode.BadRequest));
}
string endpoint = $"https://{_region}.digitaloceanspaces.com/{key}/?acl=";
OperationResult resp;
//GETACL
var ACL = await _client.SendRequest(HttpMethod.Get, endpoint);
ACL acl = ACL.Message.DeserializeXMLString <ACL>();
string ownerID = "";
if (acl.AccessControlPolicy != null && acl.AccessControlPolicy.Owner != null)
{
ownerID = acl.AccessControlPolicy.Owner.ID.ToString();
}
else
{
return(new OperationResult(false, "ACL XML Malformed?", HttpStatusCode.BadRequest));
}
string aclData = DigitalOceanACLFactory.GenerateACL(access, ownerID);
resp = await _client.SendRequest(HttpMethod.Put, endpoint, aclData);
if (resp.StatusCode == HttpStatusCode.Conflict)
{
return(await SetACL(key, access, max, count));
}
return(resp);
}
public NetworkModel UpdateReadAccess(AccessMode readAccess, IList <Guid> permittedUsers)
{
ReadAccess.UpdateMode(readAccess).UpdatePermittedUsers(permittedUsers);
return(this);
}
public bool IsReadableBy(User?user)
{
return(ReadAccess.IsAccessibleTo(user?.ComputeAccessLevel(), user?.Id, OwnerId));
}
public Task <OperationResult> SetReadPolicy(string key, ReadAccess access)
{
return(SetPolicy(key, access, 10));
}
protected override void ExecuteWorkflowLogic()
{
var target = ConvertToEntityReference(Record.Get(Context.ExecutionContext));
var principal = Principal;
var readAccess = ReadAccess.Get(Context.ExecutionContext);
var writeAccess = WriteAccess.Get(Context.ExecutionContext);
//Let's retrieve attributes first
var retrieveEntityRequest = new RetrieveEntityRequest()
{
LogicalName = target.LogicalName,
EntityFilters = EntityFilters.Attributes,
RetrieveAsIfPublished = true
};
var retrieveEntityResponse = (RetrieveEntityResponse)Context.SystemService.Execute(retrieveEntityRequest);
var fields = Fields.Get(Context.ExecutionContext).ToLowerInvariant().Split(',').ToArray();
foreach (var field in fields)
{
var crmAttribute =
retrieveEntityResponse.EntityMetadata.Attributes.FirstOrDefault(a => a.LogicalName == field);
if (crmAttribute?.IsSecured == null)
{
throw new InvalidPluginExecutionException($"{field} attribute is not available in {target.LogicalName} entity");
}
if (!crmAttribute.IsSecured.Value)
{
throw new InvalidPluginExecutionException($"{field} attribute is not secured");
}
var queryPOAA = new QueryByAttribute("principalobjectattributeaccess")
{
ColumnSet = new ColumnSet("readaccess", "updateaccess")
};
queryPOAA.AddAttributeValue("attributeid", crmAttribute.MetadataId.Value);
queryPOAA.AddAttributeValue("objectid", target.Id);
queryPOAA.AddAttributeValue("principalid", principal.Id);
var poaa = Context.SystemService.RetrieveMultiple(queryPOAA).Entities.FirstOrDefault();
if (poaa != null)
{
if (readAccess || writeAccess)
{
poaa["readaccess"] = readAccess;
poaa["updateaccess"] = writeAccess;
Context.SystemService.Update(poaa);
}
else
{
Context.SystemService.Delete("principalobjectattributeaccess", poaa.Id);
}
}
else if (readAccess || writeAccess)
{
poaa = new Entity("principalobjectattributeaccess")
{
["attributeid"] = crmAttribute.MetadataId.Value,
["objectid"] = target,
["readaccess"] = readAccess,
["updateaccess"] = writeAccess,
["principalid"] = principal
};
Context.SystemService.Create(poaa);
}
}
}
