private IEnumerable <ResponseMessage> HandleListPermissionsByUser(IncomingMessage incomingMessage, IValidHandle validHandle)
{
if (!HasAccessToAuthorizationModule(incomingMessage))
{
yield return(DeniedMessage(incomingMessage)); yield break;
}
var permissionName = PermissionCommandParser.ParsePermissionsByUserExpression(incomingMessage.TargetedText);
var permissions = _authorizationPlugin.ListPermissionsByUserEmail(permissionName);
yield return(UploadToUser(incomingMessage, permissions));
}
public AuthorizationMiddleware(AuthorizationPlugin authorizationPlugin, IMiddleware next) : base(next)
{
_authorizationPlugin = authorizationPlugin;
HandlerMappings = new[]
{
new HandlerMapping
{
ValidHandles = ValidHandle.For(
"auth (grant|deny) [permissionName] [userEmail]",
x => PermissionCommandParser.TryParsePermissionCommandExpression(x).WasSuccessful),
Description = "Grants or denies access to a command. Usage: auth grant tflights [email protected], [email protected]",
EvaluatorFunc = HandleGrantOrDenyPermission,
},
new HandlerMapping
{
ValidHandles = ExactMatchHandle.For("auth ls"),
Description = "Will provide the full list of permissions",
EvaluatorFunc = HandleListAllPermissions
},
new HandlerMapping
{
ValidHandles = ValidHandle.For(
"auth ls -u [userEmail]",
x => PermissionCommandParser.TryParsePermissionsByUserExpression(x).WasSuccessful),
Description = "Will provide the full list of permissions for a user",
EvaluatorFunc = HandleListPermissionsByUser
},
new HandlerMapping
{
ValidHandles = ValidHandle.For(
"auth ls -p [permissionName]",
x => PermissionCommandParser.TryParseUsersByPermissionExpression(x).WasSuccessful),
Description = "Will provide the full list of users who have the specified permission",
EvaluatorFunc = HandleListUsersByPermissions
}
};
}
private IEnumerable <ResponseMessage> HandleGrantOrDenyPermission(IncomingMessage incomingMessage, IValidHandle validHandle)
{
var command = PermissionCommandParser.ParsePermissionCommandExpression(incomingMessage.TargetedText);
if (!HasAccessToAuthorizationModule(incomingMessage))
{
yield return(DeniedMessage(incomingMessage)); yield break;
}
_authorizationPlugin.Execute(command);
switch (command.OperationType)
{
case OperationType.Grant:
yield return(incomingMessage.ReplyToChannel("Permission(s) granted."));
break;
case OperationType.Deny:
yield return(incomingMessage.ReplyToChannel("Permission(s) revoked."));
break;
}
}
