internal static RoleToken FromAuthorizationRole(AuthorizationRole Role, RoleClaims Claims) { string[] sg = (Role.SubjectIds == null ? new string[0] : Role.SubjectIds.Split(',').ToArray()); return new RoleToken() { Role = Role, SubjectIdHashes = new HashSet<string>(sg, StringComparer.OrdinalIgnoreCase), SubjectIds = sg.ToList(), Claims = Claims }; }
private void UpdateClaims(AuthorizationRole AuthorizationRole, string[] ClaimKeys) { var proposedClaims = Claims.BuildClaims(ClaimKeys); var currentToken = RoleToken.FromAuthorizationRole(AuthorizationRole); var currentClaimKeys = Claims.GetClaimKeys(currentToken.Claims); var removedClaims = currentClaimKeys.Except(ClaimKeys).ToArray(); var addedClaims = ClaimKeys.Except(currentClaimKeys).ToArray(); AuthorizationRole.SetClaims(proposedClaims); UserService.UpdateAuthorizationRole(Database, AuthorizationRole); if (removedClaims.Length > 0) AuthorizationLog.LogRoleConfiguredClaimsRemoved(AuthorizationRole, CurrentUser.UserId, removedClaims); if (addedClaims.Length > 0) AuthorizationLog.LogRoleConfiguredClaimsAdded(AuthorizationRole, CurrentUser.UserId, addedClaims); }
private void UpdateName(AuthorizationRole AuthorizationRole, string Name) { if (string.IsNullOrWhiteSpace(Name)) throw new ArgumentNullException("Name", "Authorization Role Name is required"); else { if (AuthorizationRole.Name != Name) { // Check for Duplicates var d = Database.AuthorizationRoles.Where(db => db.Id != AuthorizationRole.Id && db.Name == Name).Count(); if (d > 0) { throw new Exception("An Authorization Role with that name already exists"); } var oldRoleName = AuthorizationRole.Name; AuthorizationRole.Name = Name; UserService.UpdateAuthorizationRole(Database, AuthorizationRole); AuthorizationLog.LogRoleConfiguredRenamed(AuthorizationRole, CurrentUser.UserId, oldRoleName); } } }
internal static RoleToken UpdateRole(AuthorizationRole Role) { RemoveRole(Role); return AddRole(Role); }
internal static void RemoveRole(AuthorizationRole Role) { var token = GetRoleToken(Role.Id); if (token != null) _Cache.Remove(token); }
internal static RoleToken AddRole(AuthorizationRole Role) { var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role)); _Cache.Add(token); return token; }
/// <summary> /// Create a clone of an Authorization Role /// <para>Creates immutable clones to avoid side-effects</para> /// </summary> /// <param name="TemplateRole">Authorization Role to Clone</param> /// <returns>A copy of the Authorization Role</returns> private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole) { return new AuthorizationRole() { Id = TemplateRole.Id, Name = TemplateRole.Name, ClaimsJson = TemplateRole.ClaimsJson, SubjectIds = TemplateRole.SubjectIds }; }
public static void LogRoleConfiguredClaimsRemoved(AuthorizationRole Role, string UserId, IEnumerable<string> ClaimsRemoved) { var claims = string.Join("; ", ClaimsRemoved); Log(EventTypeIds.RoleConfiguredClaimsRemoved, Role.Id, Role.Name, UserId, claims); }
public static void LogRoleConfiguredSubjectsRemoved(AuthorizationRole Role, string UserId, IEnumerable<string> SubjectsRemoved) { var subjects = string.Join("; ", SubjectsRemoved); Log(EventTypeIds.RoleConfiguredSubjectsRemoved, Role.Id, Role.Name, UserId, subjects); }
public static void LogRoleConfiguredRenamed(AuthorizationRole Role, string UserId, string OldRoleName) { Log(EventTypeIds.RoleConfiguredRenamed, Role.Id, Role.Name, UserId, OldRoleName); }
public static void LogRoleDeleted(AuthorizationRole Role, string UserId) { Log(EventTypeIds.RoleDeleted, Role.Id, Role.Name, UserId); }
private void UpdateSubjects(AuthorizationRole AuthorizationRole, string[] Subjects) { string subjectIds = null; string[] removedSubjects = null; string[] addedSubjects = null; // Validate Subjects if (Subjects != null && Subjects.Length > 0) { var subjects = Subjects .Where(s => !string.IsNullOrWhiteSpace(s)) .Select(s => s.Trim()) .Select(s => Tuple.Create(s, ActiveDirectory.RetrieveADObject(s, Quick: true))) .Where(s => s.Item2 is ADUserAccount || s.Item2 is ADGroup) .ToList(); var invalidSubjects = subjects.Where(s => s.Item2 == null).ToList(); if (invalidSubjects.Count > 0) throw new ArgumentException(string.Format("Subjects not found: {0}", string.Join(", ", invalidSubjects)), "Subjects"); var proposedSubjects = subjects.Select(s => s.Item2.Id).OrderBy(s => s).ToArray(); var currentSubjects = AuthorizationRole.SubjectIds == null ? new string[0] : AuthorizationRole.SubjectIds.Split(','); removedSubjects = currentSubjects.Except(proposedSubjects).ToArray(); addedSubjects = proposedSubjects.Except(currentSubjects).ToArray(); subjectIds = string.Join(",", proposedSubjects); if (string.IsNullOrEmpty(subjectIds)) subjectIds = null; } if (AuthorizationRole.SubjectIds != subjectIds) { AuthorizationRole.SubjectIds = subjectIds; UserService.UpdateAuthorizationRole(Database, AuthorizationRole); if (removedSubjects != null && removedSubjects.Length > 0) AuthorizationLog.LogRoleConfiguredSubjectsRemoved(AuthorizationRole, CurrentUser.UserId, removedSubjects); if (addedSubjects != null && addedSubjects.Length > 0) AuthorizationLog.LogRoleConfiguredSubjectsAdded(AuthorizationRole, CurrentUser.UserId, addedSubjects); } }
public static void UpdateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role) { if (Role == null) throw new ArgumentNullException("Role"); if (Database == null) throw new ArgumentNullException("Database"); Database.SaveChanges(); // Update Role Cache RoleCache.UpdateRole(Role); // Flush User Cache Cache.FlushCache(); }
public static void DeleteAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role) { if (Role == null) throw new ArgumentNullException("Role"); Database.AuthorizationRoles.Remove(Role); Database.SaveChanges(); AuthorizationLog.LogRoleDeleted(Role, CurrentUserId); // Remove from Role Cache RoleCache.RemoveRole(Role); // Flush User Cache Cache.FlushCache(); }
public static int CreateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role) { if (Role == null) throw new ArgumentNullException("Role"); if (string.IsNullOrWhiteSpace(Role.ClaimsJson)) Role.ClaimsJson = JsonConvert.SerializeObject(new RoleClaims()); Database.AuthorizationRoles.Add(Role); Database.SaveChanges(); AuthorizationLog.LogRoleCreated(Role, CurrentUserId); // Add to Cache RoleCache.AddRole(Role); // Flush User Cache Cache.FlushCache(); return Role.Id; }
public static RoleToken FromAuthorizationRole(AuthorizationRole Role) { var claims = JsonConvert.DeserializeObject<RoleClaims>(Role.ClaimsJson); return FromAuthorizationRole(Role, claims); }