//TODO: maybe instead of for accepting a collection here, just take in one by one private async Task <List <Permission> > GetReadOnlyCollectionPermissions(string userId, List <string> collectionNames) { List <Permission> collectionPermissions = new List <Permission>(); foreach (var collName in collectionNames) { Permission collPermission = new Permission(); try { // permission names are unique to the user var collPermissionId = $"{userId}-{collName}"; // Read the permission from Cosmos (will throw a 404 if it doesn't exist) collPermission = await Client.ReadPermissionAsync(UriFactory.CreatePermissionUri(databaseId, userId, collPermissionId)); } catch (DocumentClientException dcx) { if (dcx.StatusCode == HttpStatusCode.NotFound) { // Permission doesn't exist. First make sure the user exists await CreateUserIfNotExistAsync(userId); // New up a permissions for that user var newPermission = new Permission { PermissionMode = PermissionMode.Read, Id = $"{userId}-{collName}", ResourceLink = UriFactory.CreateDocumentCollectionUri(databaseId, collName).ToString() }; collPermission = await Client.CreatePermissionAsync(UriFactory.CreateUserUri(databaseId, userId), newPermission); } else { throw dcx; } } // Add a document of this permission to Cosmos for caching reasons (so we don't have to grab it if it hasn't expired) var expires = Convert.ToInt32(DateTime.UtcNow.Subtract(BeginningOfTime).TotalSeconds) + 3600; var permissionToken = new CollectionPermissionToken { Expires = expires, UserId = userId, ResourceId = collName, SerializedPermission = SerializePermission(collPermission) }; await CacheUserCollectionToken(permissionToken); collectionPermissions.Add(collPermission); } return(collectionPermissions); }
private async Task <Permission> RetrieveCachedPermission(string userId, string objectToGet) { CollectionPermissionToken permissionDocument = await Client.ReadDocumentAsync <CollectionPermissionToken>( UriFactory.CreateDocumentUri(databaseId, collectionId, $"{userId}-{objectToGet}-permission") ); if (permissionDocument == null) { return(null); } int expires = permissionDocument.Expires; int fiveMinAgo = Convert.ToInt32(DateTime.UtcNow.AddMinutes(-5).Subtract(BeginningOfTime).TotalSeconds); if (expires > fiveMinAgo) { // deserialize the permission string serializedPermission = permissionDocument.SerializedPermission; using (var memStream = new MemoryStream()) { using (var streamWriter = new StreamWriter(memStream)) { streamWriter.Write(serializedPermission.ToString()); streamWriter.Flush(); memStream.Position = 0; var permission = Permission.LoadFrom <Permission>(memStream); streamWriter.Close(); return(permission); } } } return(null); }
private async Task CacheUserCollectionToken(CollectionPermissionToken token) { token.Id = $"{token.UserId}-{token.ResourceId}-permission"; await Client.UpsertDocumentAsync(UriFactory.CreateDocumentCollectionUri(databaseId, collectionId), token); }