private SecurableItem GetSecurableItemById(SecurableItem parentSecurableItem, Guid itemId)
{
if (parentSecurableItem.Id == itemId)
{
return(parentSecurableItem);
}
var childSecurableItems = parentSecurableItem.SecurableItems;
if (childSecurableItems == null || childSecurableItems.Count == 0)
{
throw new NotFoundException <SecurableItem>(itemId.ToString());
}
var securableItem = childSecurableItems.FirstOrDefault(item => item.Id == itemId);
if (securableItem != null)
{
return(securableItem);
}
foreach (var childSecurableItem in childSecurableItems)
{
if (TryGetSecurableItemById(childSecurableItem, itemId, out SecurableItem item))
{
return(item);
}
}
throw new NotFoundException <SecurableItem>(itemId.ToString());
}
private void CheckUniqueness(SecurableItem parentSecurableItem, SecurableItem item)
{
if (parentSecurableItem.Name == item.Name || parentSecurableItem.SecurableItems.Any(s => s.Name == item.Name))
{
throw new AlreadyExistsException <SecurableItem>(
$"The SecurableItem {item.Name} already exists within or has the same name as the parent item: {parentSecurableItem.Name}");
}
}
private void InitializeSecurableItems(SecurableItem topLevelSecurableItem)
{
foreach (var securableItem in topLevelSecurableItem.SecurableItems)
{
_securableItems.Add(securableItem);
InitializeSecurableItems(securableItem);
}
}
public Task <SecurableItem> Get(string name)
{
var item = new SecurableItem
{
Name = name,
ClientOwner = string.Empty
};
return(Task.FromResult(item));
}
public async Task <SecurableItem> AddSecurableItem(string clientId, SecurableItem item)
{
item.CreatedDateTimeUtc = DateTime.UtcNow;
item.Id = Guid.NewGuid();
var client = await _clientStore.Get(clientId);
CheckUniqueness(client.TopLevelSecurableItem, item);
client.TopLevelSecurableItem.SecurableItems.Add(item);
await _clientStore.Update(client);
return(item);
}
private bool TryGetSecurableItemById(SecurableItem parentSecurableItem, Guid itemId, out SecurableItem item)
{
try
{
item = GetSecurableItemById(parentSecurableItem, itemId);
return(true);
}
catch (AggregateException)
{
item = null;
return(false);
}
}
public bool DoesClientOwnItem(SecurableItem topLevelSecurableItem, string grain, string securableItem)
{
if (topLevelSecurableItem == null)
{
return(false);
}
if (TopLevelGrains.Contains(grain) && topLevelSecurableItem.Name == securableItem)
{
return(true);
}
return(HasRequestedSecurableItem(topLevelSecurableItem, grain, securableItem));
}
public static SecurableItem ToSecurableItemDomainModel(this SecurableItemApiModel securableItem)
{
var securableItemApiModel = new SecurableItem
{
Id = securableItem.Id ?? Guid.Empty,
Name = securableItem.Name,
SecurableItems = securableItem.SecurableItems?.Select(s => s.ToSecurableItemDomainModel()).ToList(),
CreatedDateTimeUtc = securableItem.CreatedDateTimeUtc,
CreatedBy = securableItem.CreatedBy,
ModifiedDateTimeUtc = securableItem.ModifiedDateTimeUtc,
ModifiedBy = securableItem.ModifiedBy
};
return(securableItemApiModel);
}
/// <summary>
/// Lists role permissions
/// </summary>
/// <param name="roleName"></param>
/// <returns></returns>
public async Task <RServiceResult <SecurableItem[]> > GetRoleSecurableItemsStatus(string roleName)
{
try
{
RAppRole roleByName = await _roleManager.FindByNameAsync(roleName);
if (roleByName == null)
{
return(new RServiceResult <SecurableItem[]>(null, "role not found"));
}
RAppRole role = await _roleManager.Roles.Include(g => g.Permissions).Where(g => g.Id == roleByName.Id).SingleOrDefaultAsync();
List <SecurableItem> securableItems = new List <SecurableItem>();
foreach (SecurableItem templateItem in GetSecurableItems())
{
SecurableItem item = new SecurableItem()
{
ShortName = templateItem.ShortName,
Description = templateItem.Description
};
List <SecurableItemOperation> operations = new List <SecurableItemOperation>();
foreach (SecurableItemOperation operation in templateItem.Operations)
{
operations.Add(
new SecurableItemOperation()
{
ShortName = operation.ShortName,
Description = operation.Description,
Prerequisites = operation.Prerequisites,
Status = role.Permissions.Where(p => p.SecurableItemShortName == templateItem.ShortName && p.OperationShortName == operation.ShortName).SingleOrDefault() != null
}
);
}
item.Operations = operations.ToArray();
securableItems.Add(item);
}
return(new RServiceResult <SecurableItem[]>(securableItems.ToArray()));
}
catch (Exception exp)
{
return(new RServiceResult <SecurableItem[]>(null, exp.ToString()));
}
}
public static SecurableItemApiModel ToSecurableItemApiModel(this SecurableItem securableItem)
{
var securableItemApiModel = new SecurableItemApiModel
{
Id = securableItem.Id,
Name = securableItem.Name,
Grain = securableItem.Grain,
SecurableItems = securableItem.SecurableItems?.Select(s => s.ToSecurableItemApiModel()).ToList(),
CreatedDateTimeUtc = securableItem.CreatedDateTimeUtc,
CreatedBy = securableItem.CreatedBy,
ModifiedDateTimeUtc = securableItem.ModifiedDateTimeUtc,
ModifiedBy = securableItem.ModifiedBy,
ClientOwner = securableItem.ClientOwner
};
return(securableItemApiModel);
}
private static bool HasRequestedSecurableItem(SecurableItem parentSecurableItem, string grain, string securableItem)
{
var childSecurableItems = parentSecurableItem.SecurableItems;
if (childSecurableItems == null || childSecurableItems.Count == 0)
{
return(false);
}
if (parentSecurableItem.Name == grain && childSecurableItems.Any(r => r.Name == securableItem))
{
return(true);
}
return(childSecurableItems.Any(
childSecurableItem => HasRequestedSecurableItem(childSecurableItem, grain, securableItem)));
}
private void SetupPermissions(Domain.Models.Role defaultRole, SecurableItem securableItem, Role incomingRole)
{
foreach (var permission in defaultRole.Permissions)
{
var existingPermission =
_authorizationDbContext.Permissions.FirstOrDefault(
p => p.Name == permission.Name && p.Grain == permission.Grain &&
p.SecurableItem.Name == securableItem.Name);
if (existingPermission == null)
{
var incomingPermission = permission.ToEntity();
incomingPermission.PermissionId = Guid.NewGuid();
incomingPermission.SecurableItemId = securableItem.SecurableItemId;
incomingPermission.RolePermissions.Add(new RolePermission {
RoleId = incomingRole.RoleId, PermissionId = incomingPermission.PermissionId, PermissionAction = PermissionAction.Allow
});
_authorizationDbContext.Permissions.Add(incomingPermission);
}
}
}
public static bool HasRequestedSecurableItem(this SecurableItem parentSecurableItem, string securableItem)
{
if (parentSecurableItem.Name == securableItem)
{
return(true);
}
var childSecurableItems = parentSecurableItem.SecurableItems;
if (childSecurableItems == null || childSecurableItems.Count == 0)
{
return(false);
}
if (childSecurableItems.Any(si => si.Name == securableItem))
{
return(true);
}
return(childSecurableItems.Any(
childSecurableItem => HasRequestedSecurableItem(childSecurableItem, securableItem)));
}
public async Task MigrateDuplicateGroups_HasDuplicateIdentifiers_SuccessAsync()
{
var container = _fixture.Bootstrapper.TinyIoCContainer;
var dbContext = container.Resolve <IAuthorizationDbContext>();
var groupMigratorService = container.Resolve <GroupMigratorService>();
#region Data Setup
var client = new Client
{
ClientId = $"client1-{Guid.NewGuid()}",
Name = $"Client 1-{Guid.NewGuid()}"
};
var grain = new Grain
{
Name = $"dos-{Guid.NewGuid()}"
};
var securableItem = new SecurableItem
{
Name = $"datamarts-{Guid.NewGuid()}",
Grain = grain,
ClientOwner = client.ClientId
};
client.TopLevelSecurableItem = securableItem;
var customGroup1 = new Group
{
GroupId = Guid.NewGuid(),
Name = $"Custom Group 1-{Guid.NewGuid()}",
Source = GroupConstants.CustomSource,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var customGroup2 = new Group
{
GroupId = Guid.NewGuid(),
Name = $"Custom Group 2-{Guid.NewGuid()}",
Source = GroupConstants.CustomSource,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var groupGuid = Guid.NewGuid();
var group1 = new Group
{
GroupId = Guid.NewGuid(),
Name = $"Group 1-{groupGuid}",
IdentityProvider = IdentityConstants.ActiveDirectory,
TenantId = "12345",
Source = GroupConstants.DirectorySource,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var group2 = new Group
{
GroupId = Guid.NewGuid(),
Name = $"groUP 1-{groupGuid}",
IdentityProvider = IdentityConstants.ActiveDirectory,
TenantId = "12345",
Source = GroupConstants.DirectorySource,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var group3 = new Group
{
GroupId = Guid.NewGuid(),
Name = $"groUP 1-{groupGuid}",
IdentityProvider = IdentityConstants.AzureActiveDirectory,
TenantId = "12345",
Source = GroupConstants.DirectorySource,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var role1 = new Role
{
RoleId = Guid.NewGuid(),
Name = "Role 1",
Grain = grain.Name,
SecurableItem = securableItem
};
var role2 = new Role
{
RoleId = Guid.NewGuid(),
Name = "Role 2",
Grain = grain.Name,
SecurableItem = securableItem,
};
var role3 = new Role
{
RoleId = Guid.NewGuid(),
Name = "Role 3",
Grain = grain.Name,
SecurableItem = securableItem,
};
var role4 = new Role
{
RoleId = Guid.NewGuid(),
Name = "Role 4",
Grain = grain.Name,
SecurableItem = securableItem,
};
var group1Role1 = new GroupRole
{
Group = group1,
Role = role1
};
var group2Role1 = new GroupRole
{
Group = group2,
Role = role1
};
var group2Role2 = new GroupRole
{
Group = group2,
Role = role2
};
var group2Role3 = new GroupRole
{
Group = group2,
Role = role3,
IsDeleted = true
};
var group3Role4 = new GroupRole
{
Group = group3,
Role = role4
};
var user1 = new User
{
IdentityProvider = IdentityConstants.ActiveDirectory,
SubjectId = Guid.NewGuid().ToString()
};
var customGroup1User1 = new GroupUser
{
Group = customGroup1,
User = user1
};
var customGroup2User1 = new GroupUser
{
Group = customGroup2,
User = user1
};
var childGroup1 = new ChildGroup
{
ChildGroupId = group1.GroupId,
ParentGroupId = customGroup1.GroupId,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var childGroup2 = new ChildGroup
{
ChildGroupId = group2.GroupId,
ParentGroupId = customGroup1.GroupId,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
var childGroup3 = new ChildGroup
{
ChildGroupId = group2.GroupId,
ParentGroupId = customGroup2.GroupId,
CreatedBy = "test",
CreatedDateTimeUtc = DateTime.UtcNow
};
dbContext.Clients.Add(client);
dbContext.Grains.Add(grain);
dbContext.SecurableItems.Add(securableItem);
dbContext.Roles.AddRange(new List <Role>
{
role1,
role2,
role3,
role4
});
dbContext.Groups.AddRange(new List <Group>
{
customGroup1,
customGroup2,
group1,
group2,
group3
});
dbContext.GroupRoles.AddRange(new List <GroupRole>
{
group1Role1,
group2Role1,
group2Role2,
group2Role3,
group3Role4
});
dbContext.Users.Add(user1);
dbContext.GroupUsers.AddRange(new List <GroupUser>
{
customGroup1User1,
customGroup2User1
});
dbContext.ChildGroups.AddRange(new List <ChildGroup>
{
childGroup1,
childGroup2,
childGroup3
});
dbContext.SaveChanges();
#endregion
var results = await groupMigratorService.MigrateDuplicateGroups();
Assert.Equal(1, results.GroupMigrationRecords.Count);
Assert.Empty(results.GroupMigrationRecords.SelectMany(r => r.Errors));
var principal = new ClaimsPrincipal(new ClaimsIdentity(new List <Claim>
{
new Claim(Claims.Scope, Scopes.ManageClientsScope),
new Claim(Claims.Scope, Scopes.ReadScope),
new Claim(Claims.Scope, Scopes.WriteScope),
new Claim(Claims.ClientId, client.ClientId),
new Claim(Claims.IdentityProvider, "idP1")
}, "rolesprincipal"));
var browser = _fixture.GetBrowser(principal, _storageProvider);
var getResponse = await browser.Get(HttpUtility.UrlEncode($"/groups/Group 1-{groupGuid}"), with =>
{
with.HttpRequest();
with.Header("Accept", "application/json");
with.Query("identityProvider", IdentityConstants.ActiveDirectory);
with.Query("tenantId", "12345");
});
var groupRoleApiModel = getResponse.Body.DeserializeJson <GroupRoleApiModel>();
var roles = groupRoleApiModel.Roles.ToList();
Assert.Equal(2, roles.Count);
Assert.Contains(roles, r => r.Name == role1.Name);
Assert.Contains(roles, r => r.Name == role2.Name);
var parents = groupRoleApiModel.Parents.ToList();
Assert.Contains(parents, p => p.GroupName == customGroup1.Name);
Assert.Contains(parents, p => p.GroupName == customGroup2.Name);
var groupStore = container.Resolve <IGroupStore>();
await groupStore.Delete(customGroup1.ToModel());
await groupStore.Delete(customGroup2.ToModel());
await groupStore.Delete(group1.ToModel());
await groupStore.Delete(group2.ToModel());
await groupStore.Delete(group3.ToModel());
}
public async Task <SecurableItem> AddSecurableItem(string clientId, Guid itemId, SecurableItem item)
{
item.CreatedDateTimeUtc = DateTime.UtcNow;
item.Id = Guid.NewGuid();
item.ClientOwner = clientId;
var client = await _clientStore.Get(clientId);
var parentSecurableItem = await GetSecurableItem(client.Id, itemId);
CheckUniqueness(parentSecurableItem, item);
if (parentSecurableItem.Grain != item.Grain)
{
throw new BadRequestException <SecurableItem>("The SecurableItem child grain must match the parent SecurableItem's grain.");
}
parentSecurableItem.SecurableItems.Add(item);
await _clientStore.Update(client);
return(item);
}
