public IHttpActionResult PutResourcePermission(int id, ResourcePermission resourcePermission)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
if (id != resourcePermission.ResoucePermisCode)
{
return(BadRequest());
}
db.Entry(resourcePermission).State = EntityState.Modified;
try
{
db.SaveChanges();
}
catch (DbUpdateConcurrencyException)
{
if (!ResourcePermissionExists(id))
{
return(NotFound());
}
else
{
throw;
}
}
return(StatusCode(HttpStatusCode.NoContent));
}
public IHttpActionResult PostResourcePermission(ResourcePermission resourcePermission)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
db.ResourcePermissions.Add(resourcePermission);
try
{
db.SaveChanges();
}
catch (DbUpdateException)
{
if (ResourcePermissionExists(resourcePermission.ResoucePermisCode))
{
return(Conflict());
}
else
{
throw;
}
}
return(CreatedAtRoute("DefaultApi", new { id = resourcePermission.ResoucePermisCode }, resourcePermission));
}
public void AssignRoleToAccount(string currentUser, string resourceType, Guid resourceId, string accName, string roleName)
{
using (var context = new EntityContext())
{
var currentAcc = UserManager.Instance.GetAccountInner(context, currentUser);
var account = UserManager.Instance.GetUserInner(context, accName);
var role = context.Roles.FirstOrDefault(p => p.Name == roleName);
if (role == null)
{
throw new DataAccessException($"{role} is not defined");
}
// check if there is already a permission
var rps = (from item in context.ResourcePermissions
where item.ResourceType == resourceType &&
item.ResourceId == resourceId &&
item.AccountId == account.Id &&
item.RoleId == role.Id
select item).ToList();
if (rps != null && rps.Count != 0)
{
return;
}
var resourcePermission = new ResourcePermission()
{
ResourceType = resourceType,
ResourceId = resourceId,
Account = account,
Role = role
};
context.ResourcePermissions.Add(resourcePermission);
context.SaveChanges();
}
}
public IHttpActionResult GetResourcePermission(int id)
{
ResourcePermission resourcePermission = db.ResourcePermissions.Find(id);
if (resourcePermission == null)
{
return(NotFound());
}
return(Ok(resourcePermission));
}
public IHttpActionResult DeleteResourcePermission(int id)
{
ResourcePermission resourcePermission = db.ResourcePermissions.Find(id);
if (resourcePermission == null)
{
return(NotFound());
}
db.ResourcePermissions.Remove(resourcePermission);
db.SaveChanges();
return(Ok(resourcePermission));
}
/// <summary>
/// 授予读取,更改,删除权限
/// </summary>
/// <param name="accid"></param>
/// <param name="data"></param>
/// <returns></returns>
protected async virtual Task GrantFullPermission(string accid, T data)
{
var currentAcc = await _DbContext.Accounts.Select(x => new Account()
{
Id = x.Id, OrganizationId = x.OrganizationId
}).FirstOrDefaultAsync(x => x.Id == accid);
var permission = new ResourcePermission();
permission.Id = GuidGen.NewGUID();
permission.OpRetrieve = 1;
permission.OpUpdate = 1;
permission.OpDelete = 1;
permission.ResId = data.Id;
permission.OrganizationId = currentAcc.OrganizationId;
permission.ResType = ResType;
_DbContext.ResourcePermissions.Add(permission);
await _DbContext.SaveChangesAsync();
}
public async Task <IActionResult> EditPermission([FromBody] ResPermissionEditModel model)
{
var details = JsonConvert.DeserializeObject <List <ResPermissionDetailModel> >(model.OrgansPermission);
var resIdArr = model.ResIds.Split(",", StringSplitOptions.RemoveEmptyEntries).ToList();
if (details.Count > 0 && resIdArr.Count > 0)
{
foreach (var organ in details)
{
var opIdArr = organ.OperateIds.Split(",", StringSplitOptions.RemoveEmptyEntries).Select(x => Convert.ToInt16(x)).ToList();
var bUpdateOp = opIdArr.Any(x => x == (int)DataOperateEnum.Update);
var bDeleteOp = opIdArr.Any(x => x == (int)DataOperateEnum.Delete);
var bRetrieveOp = bUpdateOp || bDeleteOp || opIdArr.Any(x => x == (int)DataOperateEnum.Retrieve);
foreach (var resId in resIdArr)
{
var referPermission = await _Repository._DbContext.ResourcePermissions.FirstOrDefaultAsync(x => x.OrganizationId == organ.OrganId && x.ResId == resId && x.ResType == ResType);
if (referPermission == null)
{
referPermission = new ResourcePermission();
}
referPermission.OpRetrieve = bRetrieveOp ? 1 : 0;
referPermission.OpUpdate = bUpdateOp ? 1 : 0;
referPermission.OpDelete = bDeleteOp ? 1 : 0;
referPermission.ResId = resId;
referPermission.OrganizationId = organ.OrganId;
referPermission.ResType = ResType;
if (referPermission.Id == null)
{
referPermission.Id = GuidGen.NewGUID();
_Repository._DbContext.ResourcePermissions.Add(referPermission);
}
else
{
_Repository._DbContext.ResourcePermissions.Update(referPermission);
}
}
}
await _Repository._DbContext.SaveChangesAsync();
}
return(Ok());
}
/// <summary>
/// Update a resource permissions object. Updates the global permissions on a resource. This applies to all users in an account.
/// </summary>
/// <param name="body">The contents of the permission to set on the resource. Overwrites existing data.</param>
/// <param name="resourceUri">The uri path of a resource to validate, uri segments are allowed.</param>
/// <returns>Object</returns>
public async Task SetResourcePermissions(string resourceUri, ResourcePermission body)
{
// verify the required parameter 'body' is set
if (body == null)
{
throw new ArgumentNullException("Missing required parameter 'body'.");
}
// verify the required parameter 'resourceUri' is set
if (resourceUri == null)
{
throw new ArgumentNullException("Missing required parameter 'resourceUri'.");
}
var path = $"/v1/resources/{System.Web.HttpUtility.UrlEncode(resourceUri)}";
var client = await authressHttpClientProvider.GetHttpClientAsync();
using (var response = await client.PutAsync(path, body.ToHttpContent()))
{
await response.ThrowIfNotSuccessStatusCode();
}
}
public async Task ValidCredentials_ResourceAccess_Returned()
{
// Arrange:
var allowedResourceAccess = new ResourcePermission[] {
new ResourcePermission(type: "ResourceType", name: "ResourceName", actions: new string[] { "action1", "action2" })
};
var mockMessaging = MockMessagingService.Setup(results => {
var expectedResult = AuthResult.Authenticated(allowedResourceAccess)
.SetSignedToken("MOCK_TOKEN");
results.RegisterResponse <AuthenticateCaller, AuthResult>(expectedResult);
});
var plugin = new MockAppHostPlugin();
var httpClient = TestHttpClient.Create(plugin, mockMessaging);
// Act:
var credentials = new AuthCredentialModel {
};
var result = await httpClient.AuthenticateAsync(credentials);
// Assert:
var responseValue = await result.Content.ReadAsStringAsync();
var resource = JsonConvert.DeserializeObject <AuthResultResource>(responseValue);
var resourcesGrantedAccess = resource.GetEmbeddedCollection <AuthAccessResource>("resource-access");
Assert.NotNull(resourcesGrantedAccess);
Assert.True(resourcesGrantedAccess.Count() == 1);
var access = resourcesGrantedAccess.First();
Assert.Equal("ResourceType", access.Type);
Assert.Equal("ResourceName", access.Name);
Assert.True(access.Actions.Length == 2);
Assert.Equal("action1", access.Actions[0]);
Assert.Equal("action2", access.Actions[1]);
}
public GlobalRequest(string user, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: base(user, GLOBAL_FILE_ID, globalPermissions, resourcePermissions)
{
}
public Permissions(GlobalPermission global, ResourcePermission resource)
{
Global = global;
Resource = resource;
}
public ResourceRequest(string user, Data.ResourceId id, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: base(user, id.ToString(), globalPermissions, resourcePermissions)
{
}
public Permissions(GlobalPermission global, ResourcePermission resource)
{
Global = global;
Resource = resource;
}
public GlobalRequest(string user, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: base(user, GLOBAL_FILE_ID, globalPermissions, resourcePermissions)
{
}
public Request(string user, string id, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: this(user, id, new Permissions(globalPermissions, resourcePermissions))
{
}
public ResourceRequest(string user, Data.ResourceId id, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: base(user, id.ToString(), globalPermissions, resourcePermissions)
{
}
public Request(string user, string id, GlobalPermission globalPermissions, ResourcePermission resourcePermissions)
: this(user, id, new Permissions(globalPermissions, resourcePermissions))
{
}
