jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: flag permissions

Browse Source 
feature: flag permissions
This commit is contained in:
Gary Sharp
2025-07-20 10:45:55 +10:00
parent 7deead494b
commit be7ee4cae8
72 changed files with 5590 additions and 2109 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Services/Authorization/Claims.cs
+24 -16
View File
@@ -18,7 +18,7 @@ namespace Disco.Services.Authorization
static Claims()
{
#region Role Claim Dictionary
#region Role Claim Dictionary
_roleClaims = new Dictionary<string, Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>>()
{
{ "Config.DeviceCertificate.DownloadCertificates", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.Config.DeviceCertificate.DownloadCertificates, (c, v) => c.Config.DeviceCertificate.DownloadCertificates = v, "Download Certificates", "Can download certificates", false) },
@@ -242,9 +242,9 @@ namespace Disco.Services.Authorization
{ "ComputerAccount", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.ComputerAccount, (c, v) => c.ComputerAccount = v, "Computer Account", "Represents a computer account", true) },
{ "DiscoAdminAccount", new Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>(c => c.DiscoAdminAccount, (c, v) => c.DiscoAdminAccount = v, "Disco Administrator Account", "Represents a Disco ICT Administrator account", true) }
};
#endregion
#endregion
#region Role Claim Navigator
#region Role Claim Navigator
_claimNavigator =
new ClaimNavigatorItem("Claims", "Permissions", "Top-level node for all permissions", false, new List<IClaimNavigatorItem>() {
new ClaimNavigatorItem("Config", "Configuration", "Permissions related to Disco ICT Configuration", false, new List<IClaimNavigatorItem>() {
@@ -524,7 +524,7 @@ namespace Disco.Services.Authorization
new ClaimNavigatorItem("ComputerAccount", true),
new ClaimNavigatorItem("DiscoAdminAccount", true)
});
#endregion
#endregion
}
public static ClaimNavigatorItem RoleClaimNavigator
@@ -532,31 +532,36 @@ namespace Disco.Services.Authorization
get { return _claimNavigator; }
}
internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey) {
internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey) {
public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef.Item1;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey) {
public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef.Item2;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey) {
public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return Tuple.Create(claimDef.Item3, claimDef.Item4, claimDef.Item5);
throw new ArgumentException("Unknown Claim Key", "ClaimKey");
}
public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys){
public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys)
{
var c = new RoleClaims();
foreach (var claimKey in ClaimKeys)
c.Set(claimKey, true);
@@ -570,9 +575,10 @@ namespace Disco.Services.Authorization
return _roleClaims.Where(rc => rc.Value.Item1(claims)).Select(rc => rc.Key).ToList();
}
public static RoleClaims AdministratorClaims() {
public static RoleClaims AdministratorClaims()
{
var c = new RoleClaims();
#region Set All Administrator Claims
#region Set All Administrator Claims
c.Config.DeviceCertificate.DownloadCertificates = true;
c.Config.Enrolment.Configure = true;
c.Config.Enrolment.DownloadBootstrapper = true;
@@ -792,17 +798,19 @@ namespace Disco.Services.Authorization
c.User.ShowFlagAssignments = true;
c.User.ShowJobs = true;
c.DiscoAdminAccount = true;
#endregion
#endregion
return c;
}
public static RoleClaims ComputerAccountClaims() {
return new RoleClaims() {
public static RoleClaims ComputerAccountClaims()
{
return new RoleClaims()
{
ComputerAccount = true
};
}
#region Role Claim Constants
#region Role Claim Constants
/// <summary>Configuration
/// <para>Permissions related to Disco ICT Configuration</para>
@@ -2099,7 +2107,7 @@ namespace Disco.Services.Authorization
/// <para>Represents a Disco ICT Administrator account</para>
/// </summary>
public const string DiscoAdminAccount = "DiscoAdminAccount";
#endregion
#endregion
}
public static class ClaimExtensions
{
Disco.Services/Authorization/Claims.tt
+24 -16
View File
@@ -66,17 +66,17 @@ namespace Disco.Services.Authorization
static Claims()
{
#region Role Claim Dictionary
#region Role Claim Dictionary
_roleClaims = new Dictionary<string, Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool>>()
{
<#WriteAccessHashes(permissionRoot);#>
};
#endregion
#endregion
#region Role Claim Navigator
#region Role Claim Navigator
_claimNavigator =
<#WriteNavigator(permissionRoot);#>;
#endregion
#endregion
}
public static ClaimNavigatorItem RoleClaimNavigator
@@ -84,31 +84,36 @@ namespace Disco.Services.Authorization
get { return _claimNavigator; }
}
internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey) {
internal static Tuple<Func<RoleClaims, bool>, Action<RoleClaims, bool>, string, string, bool> GetClaimDefinition(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey) {
public static Func<RoleClaims, bool> GetClaimAccessor(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef.Item1;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey) {
public static Action<RoleClaims, bool> GetClaimSetter(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return claimDef.Item2;
throw new ArgumentException("Unknown Claim Key", nameof(ClaimKey));
}
public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey) {
public static Tuple<string, string, bool> GetClaimDetails(string ClaimKey)
{
if (_roleClaims.TryGetValue(ClaimKey, out var claimDef))
return Tuple.Create(claimDef.Item3, claimDef.Item4, claimDef.Item5);
throw new ArgumentException("Unknown Claim Key", "ClaimKey");
}
public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys){
public static RoleClaims BuildClaims(IEnumerable<string> ClaimKeys)
{
var c = new RoleClaims();
foreach (var claimKey in ClaimKeys)
c.Set(claimKey, true);
@@ -122,23 +127,26 @@ namespace Disco.Services.Authorization
return _roleClaims.Where(rc => rc.Value.Item1(claims)).Select(rc => rc.Key).ToList();
}
public static RoleClaims AdministratorClaims() {
public static RoleClaims AdministratorClaims()
{
var c = new RoleClaims();
#region Set All Administrator Claims
#region Set All Administrator Claims
<#WriteAdministratorClaims(permissionRoot);#>
#endregion
#endregion
return c;
}
public static RoleClaims ComputerAccountClaims() {
return new RoleClaims() {
public static RoleClaims ComputerAccountClaims()
{
return new RoleClaims()
{
ComputerAccount = true
};
}
#region Role Claim Constants
#region Role Claim Constants
<#WritePermissionConsts(permissionRoot);#>
#endregion
#endregion
}
public static class ClaimExtensions
{
Disco.Services/Authorization/Roles/RoleCache.cs
+44 -58
View File
@@ -4,6 +4,7 @@ using Disco.Models.Services.Authorization;
using Disco.Services.Interop.ActiveDirectory;
using Newtonsoft.Json;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
@@ -16,41 +17,41 @@ namespace Disco.Services.Authorization.Roles
internal const string ClaimsJsonEmpty = "null";
internal static readonly string[] _RequiredAdministratorSubjectIds = new string[] { "Domain Admins" };
private static List<RoleToken> _Cache;
private static ConcurrentDictionary<int, RoleToken> cache;
private static RoleToken _AdministratorToken;
internal static void Initialize(DiscoDataContext Database)
internal static void Initialize(DiscoDataContext database)
{
MigrateAuthorizationRoles(Database);
MigrateAuthorizationRoles(database);
_Cache = Database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToList();
cache = new ConcurrentDictionary<int, RoleToken>(database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToDictionary(r => r.Role.Id));
// Add System Roles
AddSystemRoles(Database);
AddSystemRoles(database);
}
private static void AddSystemRoles(DiscoDataContext Database)
private static void AddSystemRoles(DiscoDataContext database)
{
// Disco Administrators
_AdministratorToken = RoleToken.FromAuthorizationRole(new AuthorizationRole()
{
Id = AdministratorsTokenId,
Name = "Disco Administrators",
SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(Database))
SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(database))
}, Claims.AdministratorClaims());
_Cache.Add(_AdministratorToken);
cache.TryAdd(AdministratorsTokenId, _AdministratorToken);
// Computer Accounts
_Cache.Add(RoleToken.FromAuthorizationRole(new AuthorizationRole()
cache.TryAdd(ComputerAccountTokenId, RoleToken.FromAuthorizationRole(new AuthorizationRole()
{
Id = ComputerAccountTokenId,
Name = "Domain Computer Account"
}, Claims.ComputerAccountClaims()));
}
private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext Database)
private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext database)
{
var configuredSubjectIds = Database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => ActiveDirectory.ParseDomainAccountId(s));
var configuredSubjectIds = database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => ActiveDirectory.ParseDomainAccountId(s));
return RequiredAdministratorSubjectIds
.Concat(configuredSubjectIds)
@@ -58,94 +59,79 @@ namespace Disco.Services.Authorization.Roles
.OrderBy(s => s);
}
public static IEnumerable<string> RequiredAdministratorSubjectIds
{
get
{
return _RequiredAdministratorSubjectIds.Select(s => ActiveDirectory.ParseDomainAccountId(s));
}
}
=> _RequiredAdministratorSubjectIds.Select(s => ActiveDirectory.ParseDomainAccountId(s));
public static IEnumerable<string> AdministratorSubjectIds
{
get
{
return _AdministratorToken.SubjectIds.ToList();
}
}
=> _AdministratorToken.SubjectIds.ToList();
public static void UpdateAdministratorSubjectIds(DiscoDataContext Database, IEnumerable<string> SubjectIds)
public static void UpdateAdministratorSubjectIds(DiscoDataContext database, IEnumerable<string> subjectIds)
{
// Clean
SubjectIds = SubjectIds
subjectIds = subjectIds
.Where(s => !string.IsNullOrWhiteSpace(s))
.Concat(RequiredAdministratorSubjectIds)
.Distinct(StringComparer.OrdinalIgnoreCase)
.OrderBy(s => s);
var subjectIdsString = string.Join(",", SubjectIds);
var subjectIdsString = string.Join(",", subjectIds);
// Update Database
Database.DiscoConfiguration.Administrators = subjectIdsString;
Database.SaveChanges();
database.DiscoConfiguration.Administrators = subjectIdsString;
database.SaveChanges();
// Update State
_AdministratorToken.SubjectIds = SubjectIds.ToList();
_AdministratorToken.SubjectIdHashes = new HashSet<string>(SubjectIds, StringComparer.OrdinalIgnoreCase);
_AdministratorToken.SubjectIds = subjectIds.ToList();
_AdministratorToken.SubjectIdHashes = new HashSet<string>(subjectIds, StringComparer.OrdinalIgnoreCase);
}
/// <summary>
/// Create a clone of an Authorization Role
/// <para>Creates immutable clones to avoid side-effects</para>
/// </summary>
/// <param name="TemplateRole">Authorization Role to Clone</param>
/// <param name="templateRole">Authorization Role to Clone</param>
/// <returns>A copy of the Authorization Role</returns>
private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole)
private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole templateRole)
{
return new AuthorizationRole()
{
Id = TemplateRole.Id,
Name = TemplateRole.Name,
ClaimsJson = TemplateRole.ClaimsJson,
SubjectIds = TemplateRole.SubjectIds
Id = templateRole.Id,
Name = templateRole.Name,
ClaimsJson = templateRole.ClaimsJson,
SubjectIds = templateRole.SubjectIds
};
}
internal static RoleToken AddRole(AuthorizationRole Role)
{
var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role));
_Cache.Add(token);
return token;
}
internal static void RemoveRole(AuthorizationRole Role)
{
var token = GetRoleToken(Role.Id);
if (token != null)
_Cache.Remove(token);
cache.TryRemove(Role.Id, out _);
}
internal static RoleToken UpdateRole(AuthorizationRole Role)
internal static RoleToken AddOrUpdateRole(AuthorizationRole role)
{
RemoveRole(Role);
return AddRole(Role);
var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(role));
cache.AddOrUpdate(token.Role.Id, token, (i, e) => token);
return token;
}
internal static RoleToken GetRoleToken(int Id)
internal static RoleToken GetRoleToken(int id)
{
return _Cache.FirstOrDefault(t => t.Role.Id == Id);
if (cache.TryGetValue(id, out var result))
return result;
else
return null;
}
internal static RoleToken GetRoleToken(string SecurityGroup)
internal static RoleToken GetRoleToken(string securityGroup)
{
return _Cache.FirstOrDefault(t => t.SubjectIdHashes.Contains(SecurityGroup));
return cache.Values.FirstOrDefault(t => t.SubjectIdHashes.Contains(securityGroup));
}
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup)
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> securityGroups)
{
return _Cache.Where(t => SecurityGroup.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
return cache.Values.Where(t => securityGroups.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
}
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup, User User)
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> securityGroups, User user)
{
var subjectIds = SecurityGroup.Concat(new string[] { User.UserId });
var subjectIds = securityGroups.Concat(new string[] { user.UserId });
return _Cache.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
return cache.Values.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
}
/// <summary>
Disco.Services/Devices/DeviceFlags/Cache.cs
+11 -17
View File
@@ -8,7 +8,7 @@ namespace Disco.Services.Devices.DeviceFlags
{
internal class Cache
{
private ConcurrentDictionary<int, DeviceFlag> _Cache;
private ConcurrentDictionary<int, (DeviceFlag, FlagPermission permission)> cache;
public Cache(DiscoDataContext Database)
{
@@ -26,36 +26,30 @@ namespace Disco.Services.Devices.DeviceFlags
var flags = Database.DeviceFlags.ToList();
// Add Queues to In-Memory Cache
_Cache = new ConcurrentDictionary<int, DeviceFlag>(flags.Select(f => new KeyValuePair<int, DeviceFlag>(f.Id, f)));
cache = new ConcurrentDictionary<int, (DeviceFlag, FlagPermission permission)>(flags.Select(f => new KeyValuePair<int, (DeviceFlag, FlagPermission permission)>(f.Id, (f, f.Permissions))));
}
public DeviceFlag GetDeviceFlag(int deviceFlagId)
public (DeviceFlag flag, FlagPermission permission) GetDeviceFlag(int deviceFlagId)
{
if (_Cache.TryGetValue(deviceFlagId, out var item))
if (cache.TryGetValue(deviceFlagId, out var item))
return item;
else
return null;
return (null, null);
}
public List<DeviceFlag> GetDeviceFlags()
public List<(DeviceFlag flag, FlagPermission permission)> GetDeviceFlags()
{
return _Cache.Values.ToList();
return cache.Values.ToList();
}
public void AddOrUpdate(DeviceFlag flag)
{
_Cache.AddOrUpdate(flag.Id, flag, (key, existingItem) => flag);
var value = (flag, flag.Permissions);
cache.AddOrUpdate(flag.Id, value, (key, existingItem) => value);
}
public DeviceFlag Remove(int deviceFlagId)
public void Remove(int deviceFlagId)
{
if (_Cache.TryRemove(deviceFlagId, out var item))
return item;
else
return null;
}
public DeviceFlag Remove(DeviceFlag deviceFlag)
{
return Remove(deviceFlag.Id);
cache.TryRemove(deviceFlagId, out _);
}
}
}
Disco.Services/Devices/DeviceFlags/DeviceFlagExtensions.cs
+36 -37
View File
@@ -1,6 +1,7 @@
using Disco.Data.Repository;
using Disco.Models.Repository;
using Disco.Services.Authorization;
using Disco.Services.Devices.DeviceFlags;
using Disco.Services.Expressions;
using Disco.Services.Logging;
using Disco.Services.Users;
@@ -15,16 +16,18 @@ namespace Disco.Services
{
#region Edit Comments
public static bool CanEditComments(this DeviceFlagAssignment fa)
public static bool CanEdit(this DeviceFlagAssignment fa)
{
return UserService.CurrentAuthorization.Has(Claims.Device.Actions.EditFlags);
var (_, permission) = DeviceFlagService.GetDeviceFlag(fa.DeviceFlagId);
return permission.CanEdit();
}
public static void OnEditComments(this DeviceFlagAssignment fa, string Comments)
public static void OnEdit(this DeviceFlagAssignment fa, string comments)
{
if (!fa.CanEditComments())
if (!fa.CanEdit())
throw new InvalidOperationException("Editing comments for device flags is denied");
fa.Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
fa.Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
}
#endregion
@@ -34,36 +37,38 @@ namespace Disco.Services
if (fa.RemovedDate.HasValue)
return false;
return UserService.CurrentAuthorization.Has(Claims.Device.Actions.RemoveFlags);
var (_, permission) = DeviceFlagService.GetDeviceFlag(fa.DeviceFlagId);
return permission.CanRemove();
}
public static void OnRemove(this DeviceFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
public static void OnRemove(this DeviceFlagAssignment fa, DiscoDataContext database)
{
if (!fa.CanRemove())
throw new InvalidOperationException("Removing device flags is denied");
fa.OnRemoveUnsafe(Database, RemovingUser);
fa.OnRemoveUnsafe(database, UserService.CurrentUser);
}
public static void OnRemoveUnsafe(this DeviceFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
public static void OnRemoveUnsafe(this DeviceFlagAssignment fa, DiscoDataContext database, User removingUser)
{
fa = Database.DeviceFlagAssignments
fa = database.DeviceFlagAssignments
.Include(a => a.DeviceFlag)
.First(a => a.Id == fa.Id);
RemovingUser = Database.Users.First(u => u.UserId == RemovingUser.UserId);
removingUser = database.Users.First(u => u.UserId == removingUser.UserId);
fa.RemovedDate = DateTime.Now;
fa.RemovedUserId = RemovingUser.UserId;
fa.RemovedUserId = removingUser.UserId;
if (!string.IsNullOrWhiteSpace(fa.DeviceFlag.OnUnassignmentExpression))
{
try
{
Database.SaveChanges();
var expressionResult = fa.EvaluateOnUnassignmentExpression(Database, RemovingUser, fa.AddedDate);
database.SaveChanges();
var expressionResult = fa.EvaluateOnUnassignmentExpression(database, removingUser, fa.AddedDate);
if (!string.IsNullOrWhiteSpace(expressionResult))
{
fa.OnUnassignmentExpressionResult = expressionResult;
Database.SaveChanges();
database.SaveChanges();
}
}
catch (Exception ex)
@@ -75,58 +80,52 @@ namespace Disco.Services
#endregion
#region Add
public static bool CanAddDeviceFlags(this Device d)
{
return UserService.CurrentAuthorization.Has(Claims.Device.Actions.AddFlags);
}
public static bool CanAddDeviceFlag(this Device d, DeviceFlag flag)
{
// Shortcut
if (!d.CanAddDeviceFlags())
return false;
// Already has Device Flag?
if (d.DeviceFlagAssignments.Any(fa => !fa.RemovedDate.HasValue && fa.DeviceFlagId == flag.Id))
return false;
return true;
var (_, permission) = DeviceFlagService.GetDeviceFlag(flag.Id);
return permission.CanAssign();
}
public static DeviceFlagAssignment OnAddDeviceFlag(this Device d, DiscoDataContext Database, DeviceFlag flag, User AddingUser, string Comments)
public static DeviceFlagAssignment OnAddDeviceFlag(this Device d, DiscoDataContext database, DeviceFlag flag, string comments)
{
if (!d.CanAddDeviceFlag(flag))
throw new InvalidOperationException("Adding device flag is denied");
return d.OnAddDeviceFlagUnsafe(Database, flag, AddingUser, Comments);
return d.OnAddDeviceFlagUnsafe(database, flag, UserService.CurrentUser, comments);
}
public static DeviceFlagAssignment OnAddDeviceFlagUnsafe(this Device d, DiscoDataContext Database, DeviceFlag flag, User AddingUser, string Comments)
public static DeviceFlagAssignment OnAddDeviceFlagUnsafe(this Device d, DiscoDataContext database, DeviceFlag flag, User addingUser, string comments)
{
flag = Database.DeviceFlags.First(f => f.Id == flag.Id);
d = Database.Devices.First(de => de.SerialNumber == d.SerialNumber);
AddingUser = Database.Users.First(user => user.UserId == AddingUser.UserId);
flag = database.DeviceFlags.First(f => f.Id == flag.Id);
d = database.Devices.First(de => de.SerialNumber == d.SerialNumber);
addingUser = database.Users.First(user => user.UserId == addingUser.UserId);
var fa = new DeviceFlagAssignment()
{
DeviceFlag = flag,
Device = d,
AddedDate = DateTime.Now,
AddedUser = AddingUser,
AddedUserId = AddingUser.UserId,
Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim()
AddedUser = addingUser,
AddedUserId = addingUser.UserId,
Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim()
};
Database.DeviceFlagAssignments.Add(fa);
database.DeviceFlagAssignments.Add(fa);
if (!string.IsNullOrWhiteSpace(flag.OnAssignmentExpression))
{
try
{
Database.SaveChanges();
var expressionResult = fa.EvaluateOnAssignmentExpression(Database, AddingUser, fa.AddedDate);
database.SaveChanges();
var expressionResult = fa.EvaluateOnAssignmentExpression(database, addingUser, fa.AddedDate);
if (!string.IsNullOrWhiteSpace(expressionResult))
{
fa.OnAssignmentExpressionResult = expressionResult;
Database.SaveChanges();
database.SaveChanges();
}
}
catch (Exception ex)
Disco.Services/Devices/DeviceFlags/DeviceFlagService.cs
+49 -16
View File
@@ -13,7 +13,7 @@ namespace Disco.Services.Devices.DeviceFlags
{
public static class DeviceFlagService
{
private static Cache _cache;
private static Cache cache;
internal static Lazy<IObservable<RepositoryMonitorEvent>> DeviceFlagAssignmentRepositoryEvents;
static DeviceFlagService()
@@ -31,18 +31,51 @@ namespace Disco.Services.Devices.DeviceFlags
public static void Initialize(DiscoDataContext database)
{
_cache = new Cache(database);
cache = new Cache(database);
// Initialize Managed Groups (if configured)
_cache.GetDeviceFlags().ForEach(uf =>
cache.GetDeviceFlags().ForEach(uf =>
{
DeviceFlagDevicesManagedGroup.Initialize(uf);
DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(uf);
DeviceFlagDevicesManagedGroup.Initialize(uf.flag);
DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(uf.flag);
});
}
public static List<DeviceFlag> GetDeviceFlags() { return _cache.GetDeviceFlags(); }
public static DeviceFlag GetDeviceFlag(int deviceFlagId) { return _cache.GetDeviceFlag(deviceFlagId); }
public static IEnumerable<(DeviceFlag flag, FlagPermission permission)> GetDeviceFlags() { return cache.GetDeviceFlags(); }
public static (DeviceFlag flag, FlagPermission permission) GetDeviceFlag(int deviceFlagId) { return cache.GetDeviceFlag(deviceFlagId); }
public static DeviceFlag GetAvailableUserFlag(int deviceFlagId, Device targetDevice)
{
var (deviceFlag, permission) = cache.GetDeviceFlag(deviceFlagId);
if (targetDevice.DeviceFlagAssignments
.Where(a => a.DeviceFlagId == deviceFlagId && !a.RemovedDate.HasValue).Any())
return null;
if (permission.CanAssign())
return deviceFlag;
return null;
}
public static IEnumerable<DeviceFlag> GetAvailableDeviceFlags(Device targetDevice)
{
var records = cache.GetDeviceFlags();
var usedFlags = targetDevice.DeviceFlagAssignments
.Where(a => !a.RemovedDate.HasValue)
.Select(a => a.DeviceFlagId)
.ToList();
foreach (var (flag, permission) in records)
{
if (usedFlags.Contains(flag.Id))
continue;
if (permission.CanAssign())
yield return flag;
}
}
#region Device Flag Maintenance
public static DeviceFlag CreateDeviceFlag(DiscoDataContext database, string name, string description)
@@ -52,7 +85,7 @@ namespace Disco.Services.Devices.DeviceFlags
throw new ArgumentException("The Device Flag Name is required", nameof(name));
// Name Unique
if (_cache.GetDeviceFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
if (cache.GetDeviceFlags().Any(f => f.flag.Name.Equals(name, StringComparison.Ordinal)))
throw new ArgumentException("Another Device Flag already exists with that name", nameof(name));
// Clone to break reference
@@ -67,7 +100,7 @@ namespace Disco.Services.Devices.DeviceFlags
database.DeviceFlags.Add(flag);
database.SaveChanges();
_cache.AddOrUpdate(flag);
cache.AddOrUpdate(flag);
return flag;
}
@@ -78,12 +111,12 @@ namespace Disco.Services.Devices.DeviceFlags
throw new ArgumentException("The Device Flag Name is required", nameof(deviceFlag));
// Name Unique
if (_cache.GetDeviceFlags().Any(f => f.Id != deviceFlag.Id && f.Name == deviceFlag.Name))
if (cache.GetDeviceFlags().Any(f => f.flag.Id != deviceFlag.Id && f.flag.Name == deviceFlag.Name))
throw new ArgumentException("Another Device Flag already exists with that name", nameof(deviceFlag));
database.SaveChanges();
_cache.AddOrUpdate(deviceFlag);
cache.AddOrUpdate(deviceFlag);
DeviceFlagDevicesManagedGroup.Initialize(deviceFlag);
DeviceFlagDeviceAssignedUsersManagedGroup.Initialize(deviceFlag);
@@ -113,7 +146,7 @@ namespace Disco.Services.Devices.DeviceFlags
database.SaveChanges();
// Remove from Cache
_cache.Remove(deviceFlagId);
cache.Remove(deviceFlagId);
status.Finished($"Successfully Deleted Device Flag: '{flag.Name}' [{flag.Id}]");
}
@@ -140,7 +173,7 @@ namespace Disco.Services.Devices.DeviceFlags
{
status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {device}");
return device.OnAddDeviceFlag(database, deviceFlag, technician, comments);
return device.OnAddDeviceFlagUnsafe(database, deviceFlag, technician, comments);
}).ToList();
// Save Chunk Items to Database
@@ -206,7 +239,7 @@ namespace Disco.Services.Devices.DeviceFlags
{
status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {device}");
return device.OnAddDeviceFlag(database, deviceFlag, technician, comments);
return device.OnAddDeviceFlagUnsafe(database, deviceFlag, technician, comments);
}).ToList();
// Save Chunk Items to Database
@@ -229,11 +262,11 @@ namespace Disco.Services.Devices.DeviceFlags
public static string RandomUnusedIcon()
{
return UIHelpers.RandomIcon(_cache.GetDeviceFlags().Select(f => f.Icon));
return UIHelpers.RandomIcon(cache.GetDeviceFlags().Select(f => f.flag.Icon));
}
public static string RandomUnusedThemeColour()
{
return UIHelpers.RandomThemeColour(_cache.GetDeviceFlags().Select(f => f.IconColour));
return UIHelpers.RandomThemeColour(cache.GetDeviceFlags().Select(f => f.flag.IconColour));
}
}
}
Disco.Services/Disco.Services.csproj
+1
View File
@@ -609,6 +609,7 @@
<Compile Include="Users\Contact\UserContactService.cs" />
<Compile Include="Users\UserExtensions.cs" />
<Compile Include="Users\UserFlags\Cache.cs" />
<Compile Include="Users\UserFlags\FlagPermissionExtensions.cs" />
<Compile Include="Users\UserFlags\UserFlagExport.cs" />
<Compile Include="Users\UserFlags\UserFlagExtensions.cs" />
<Compile Include="Users\UserFlags\UserFlagUserDevicesManagedGroup.cs" />
Disco.Services/Users/UserFlags/Cache.cs
+11 -17
View File
@@ -8,7 +8,7 @@ namespace Disco.Services.Users.UserFlags
{
internal class Cache
{
private ConcurrentDictionary<int, UserFlag> _Cache;
private ConcurrentDictionary<int, (UserFlag flag, FlagPermission permission)> cache;
public Cache(DiscoDataContext Database)
{
@@ -26,36 +26,30 @@ namespace Disco.Services.Users.UserFlags
var flags = Database.UserFlags.ToList();
// Add Queues to In-Memory Cache
_Cache = new ConcurrentDictionary<int, UserFlag>(flags.Select(f => new KeyValuePair<int, UserFlag>(f.Id, f)));
cache = new ConcurrentDictionary<int, (UserFlag, FlagPermission)>(flags.Select(f => new KeyValuePair<int, (UserFlag, FlagPermission)>(f.Id, (f, f.Permissions))));
}
public UserFlag GetUserFlag(int UserFlagId)
public (UserFlag flag, FlagPermission permission) GetUserFlag(int UserFlagId)
{
if (_Cache.TryGetValue(UserFlagId, out var item))
if (cache.TryGetValue(UserFlagId, out var item))
return item;
else
return null;
return (null, null);
}
public List<UserFlag> GetUserFlags()
public List<(UserFlag flag, FlagPermission permission)> GetUserFlags()
{
return _Cache.Values.ToList();
return cache.Values.ToList();
}
public void AddOrUpdate(UserFlag UserFlag)
{
_Cache.AddOrUpdate(UserFlag.Id, UserFlag, (key, existingItem) => UserFlag);
var value = (UserFlag, UserFlag.Permissions);
cache.AddOrUpdate(UserFlag.Id, value, (key, existingItem) => value);
}
public UserFlag Remove(int UserFlagId)
public void Remove(int UserFlagId)
{
if (_Cache.TryRemove(UserFlagId, out var item))
return item;
else
return null;
}
public UserFlag Remove(UserFlag UserFlag)
{
return Remove(UserFlag.Id);
cache.TryRemove(UserFlagId, out _);
}
}
}
Disco.Services/Users/UserFlags/FlagPermissionExtensions.cs
+144
View File
@@ -0,0 +1,144 @@
using Disco.Models.Repository;
using Disco.Services.Authorization;
using Disco.Services.Devices.DeviceFlags;
using Disco.Services.Users;
using Disco.Services.Users.UserFlags;
using System.Collections.Generic;
using System.Linq;
namespace Disco
{
public static class FlagPermissionExtensions
{
public static bool CanShow(this FlagPermission permission)
{
var authorization = UserService.CurrentAuthorization;
// inherited permission
if (permission.Inherit &&
authorization.Has(permission.FlagType == FlagType.User ? Claims.User.ShowFlagAssignments : Claims.Device.ShowFlagAssignments))
{
return true;
}
// permission override
if (permission != null && (
permission.CanShowSubjectIds.Contains(authorization.User.UserId) ||
permission.CanShowSubjectIds.Overlaps(authorization.GroupMembership) ||
permission.CanShowSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
))
{
return true;
}
return false;
}
public static bool CanAssign(this FlagPermission permission)
{
var authorization = UserService.CurrentAuthorization;
// inherited permission
if (permission.Inherit &&
authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.AddFlags : Claims.Device.Actions.AddFlags))
{
return true;
}
// permission override
if (permission != null && (
permission.CanAssignSubjectIds.Contains(authorization.User.UserId) ||
permission.CanAssignSubjectIds.Overlaps(authorization.GroupMembership) ||
permission.CanAssignSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
))
{
return true;
}
return false;
}
public static bool CanEdit(this FlagPermission permission)
{
var authorization = UserService.CurrentAuthorization;
// inherited permission
if (permission.Inherit &&
authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.EditFlags : Claims.Device.Actions.EditFlags))
{
return true;
}
// permission override
if (permission != null && (
permission.CanEditSubjectIds.Contains(authorization.User.UserId) ||
permission.CanEditSubjectIds.Overlaps(authorization.GroupMembership) ||
permission.CanEditSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
))
{
return true;
}
return false;
}
public static bool CanRemove(this FlagPermission permission)
{
var authorization = UserService.CurrentAuthorization;
// inherited permission
if (permission.Inherit &&
authorization.Has(permission.FlagType == FlagType.User ? Claims.User.Actions.RemoveFlags : Claims.Device.Actions.RemoveFlags))
{
return true;
}
// permission override
if (permission != null && (
permission.CanRemoveSubjectIds.Contains(authorization.User.UserId) ||
permission.CanRemoveSubjectIds.Overlaps(authorization.GroupMembership) ||
permission.CanRemoveSubjectIds.Overlaps(authorization.RoleTokens.Select(r => $"[{r.Role.Id}]"))
))
{
return true;
}
return false;
}
public static bool CanShowAny(this IEnumerable<UserFlagAssignment> assignments)
{
if (assignments == null)
return false;
foreach (var assignment in assignments)
{
if (assignment.RemovedDate.HasValue)
continue;
var (_, permission) = UserFlagService.GetUserFlag(assignment.UserFlagId);
if (permission.CanShow())
return true;
}
return false;
}
public static bool CanShowAny(this IEnumerable<DeviceFlagAssignment> assignments)
{
if (assignments == null)
return false;
foreach (var assignment in assignments)
{
if (assignment.RemovedDate.HasValue)
continue;
var (_, permission) = DeviceFlagService.GetDeviceFlag(assignment.DeviceFlagId);
if (permission.CanShow())
return true;
}
return false;
}
}
}
Disco.Services/Users/UserFlags/UserFlagExtensions.cs
+36 -37
View File
@@ -4,6 +4,7 @@ using Disco.Services.Authorization;
using Disco.Services.Expressions;
using Disco.Services.Logging;
using Disco.Services.Users;
using Disco.Services.Users.UserFlags;
using System;
using System.Collections;
using System.Linq;
@@ -14,16 +15,18 @@ namespace Disco.Services
{
#region Edit Comments
public static bool CanEditComments(this UserFlagAssignment fa)
public static bool CanEdit(this UserFlagAssignment fa)
{
return UserService.CurrentAuthorization.Has(Claims.User.Actions.EditFlags);
var (_, permission) = UserFlagService.GetUserFlag(fa.UserFlagId);
return permission.CanEdit();
}
public static void OnEditComments(this UserFlagAssignment fa, string Comments)
public static void OnEdit(this UserFlagAssignment fa, string comments)
{
if (!fa.CanEditComments())
if (!fa.CanEdit())
throw new InvalidOperationException("Editing comments for user flags is denied");
fa.Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
fa.Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
}
#endregion
@@ -33,34 +36,36 @@ namespace Disco.Services
if (fa.RemovedDate.HasValue)
return false;
return UserService.CurrentAuthorization.Has(Claims.User.Actions.RemoveFlags);
var (_, permission) = UserFlagService.GetUserFlag(fa.UserFlagId);
return permission.CanRemove();
}
public static void OnRemove(this UserFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
public static void OnRemove(this UserFlagAssignment fa, DiscoDataContext database)
{
if (!fa.CanRemove())
throw new InvalidOperationException("Removing user flags is denied");
fa.OnRemoveUnsafe(Database, RemovingUser);
fa.OnRemoveUnsafe(database, UserService.CurrentUser);
}
public static void OnRemoveUnsafe(this UserFlagAssignment fa, DiscoDataContext Database, User RemovingUser)
public static void OnRemoveUnsafe(this UserFlagAssignment fa, DiscoDataContext database, User removingUser)
{
fa = Database.UserFlagAssignments.First(a => a.Id == fa.Id);
RemovingUser = Database.Users.First(u => u.UserId == RemovingUser.UserId);
fa = database.UserFlagAssignments.First(a => a.Id == fa.Id);
removingUser = database.Users.First(u => u.UserId == removingUser.UserId);
fa.RemovedDate = DateTime.Now;
fa.RemovedUserId = RemovingUser.UserId;
fa.RemovedUserId = removingUser.UserId;
if (!string.IsNullOrWhiteSpace(fa.UserFlag.OnUnassignmentExpression))
{
try
{
Database.SaveChanges();
var expressionResult = fa.EvaluateOnUnassignmentExpression(Database, RemovingUser, fa.AddedDate);
database.SaveChanges();
var expressionResult = fa.EvaluateOnUnassignmentExpression(database, removingUser, fa.AddedDate);
if (!string.IsNullOrWhiteSpace(expressionResult))
{
fa.OnUnassignmentExpressionResult = expressionResult;
Database.SaveChanges();
database.SaveChanges();
}
}
catch (Exception ex)
@@ -72,58 +77,52 @@ namespace Disco.Services
#endregion
#region Add
public static bool CanAddUserFlags(this User u)
{
return UserService.CurrentAuthorization.Has(Claims.User.Actions.AddFlags);
}
public static bool CanAddUserFlag(this User u, UserFlag flag)
{
// Shortcut
if (!u.CanAddUserFlags())
return false;
// Already has User Flag?
if (u.UserFlagAssignments.Any(fa => !fa.RemovedDate.HasValue && fa.UserFlagId == flag.Id))
return false;
return true;
var (_, permission) = UserFlagService.GetUserFlag(flag.Id);
return permission.CanAssign();
}
public static UserFlagAssignment OnAddUserFlag(this User u, DiscoDataContext Database, UserFlag flag, User AddingUser, string Comments)
public static UserFlagAssignment OnAddUserFlag(this User u, DiscoDataContext database, UserFlag flag, string comments)
{
if (!u.CanAddUserFlag(flag))
throw new InvalidOperationException("Adding user flag is denied");
return u.OnAddUserFlagUnsafe(Database, flag, AddingUser, Comments);
return u.OnAddUserFlagUnsafe(database, flag, UserService.CurrentUser, comments);
}
public static UserFlagAssignment OnAddUserFlagUnsafe(this User u, DiscoDataContext Database, UserFlag flag, User AddingUser, string Comments)
public static UserFlagAssignment OnAddUserFlagUnsafe(this User u, DiscoDataContext database, UserFlag flag, User addingUser, string comments)
{
flag = Database.UserFlags.First(f => f.Id == flag.Id);
u = Database.Users.First(user => user.UserId == u.UserId);
AddingUser = Database.Users.First(user => user.UserId == AddingUser.UserId);
flag = database.UserFlags.First(f => f.Id == flag.Id);
u = database.Users.First(user => user.UserId == u.UserId);
addingUser = database.Users.First(user => user.UserId == addingUser.UserId);
var fa = new UserFlagAssignment()
{
UserFlag = flag,
User = u,
AddedDate = DateTime.Now,
AddedUser = AddingUser,
AddedUserId = AddingUser.UserId,
Comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim()
AddedUser = addingUser,
AddedUserId = addingUser.UserId,
Comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim()
};
Database.UserFlagAssignments.Add(fa);
database.UserFlagAssignments.Add(fa);
if (!string.IsNullOrWhiteSpace(flag.OnAssignmentExpression))
{
try
{
Database.SaveChanges();
var expressionResult = fa.EvaluateOnAssignmentExpression(Database, AddingUser, fa.AddedDate);
database.SaveChanges();
var expressionResult = fa.EvaluateOnAssignmentExpression(database, addingUser, fa.AddedDate);
if (!string.IsNullOrWhiteSpace(expressionResult))
{
fa.OnAssignmentExpressionResult = expressionResult;
Database.SaveChanges();
database.SaveChanges();
}
}
catch (Exception ex)
Disco.Services/Users/UserFlags/UserFlagService.cs
+73 -39
View File
@@ -5,6 +5,7 @@ using Disco.Services.Extensions;
using Disco.Services.Tasks;
using System;
using System.Collections.Generic;
using System.Data.Entity;
using System.Linq;
using System.Reactive.Linq;
@@ -12,7 +13,7 @@ namespace Disco.Services.Users.UserFlags
{
public static class UserFlagService
{
private static Cache _cache;
private static Cache cache;
internal static Lazy<IObservable<RepositoryMonitorEvent>> UserFlagAssignmentRepositoryEvents;
static UserFlagService()
@@ -24,25 +25,58 @@ namespace Disco.Services.Users.UserFlags
RepositoryMonitor.StreamAfterCommit.Where(e =>
e.EntityType == typeof(UserFlagAssignment) &&
(e.EventType != RepositoryMonitorEventType.Modified ||
e.ModifiedProperties.Contains("RemovedDate"))
e.ModifiedProperties.Contains(nameof(UserFlagAssignment.RemovedDate)))
)
);
}
public static void Initialize(DiscoDataContext Database)
{
_cache = new Cache(Database);
cache = new Cache(Database);
// Initialize Managed Groups (if configured)
_cache.GetUserFlags().ForEach(uf =>
cache.GetUserFlags().ForEach(uf =>
{
UserFlagUsersManagedGroup.Initialize(uf);
UserFlagUserDevicesManagedGroup.Initialize(uf);
UserFlagUsersManagedGroup.Initialize(uf.flag);
UserFlagUserDevicesManagedGroup.Initialize(uf.flag);
});
}
public static List<UserFlag> GetUserFlags() { return _cache.GetUserFlags(); }
public static UserFlag GetUserFlag(int UserFlagId) { return _cache.GetUserFlag(UserFlagId); }
public static IEnumerable<(UserFlag flag, FlagPermission permission)> GetUserFlags() { return cache.GetUserFlags(); }
public static (UserFlag flag, FlagPermission permission) GetUserFlag(int UserFlagId) { return cache.GetUserFlag(UserFlagId); }
public static UserFlag GetAvailableUserFlag(int userFlagId, User targetUser)
{
var (userFlag, permission) = cache.GetUserFlag(userFlagId);
if (targetUser.UserFlagAssignments
.Where(a => a.UserFlagId == userFlagId && !a.RemovedDate.HasValue).Any())
return null;
if (permission.CanAssign())
return userFlag;
return null;
}
public static IEnumerable<UserFlag> GetAvailableUserFlags(User targetUser)
{
var records = cache.GetUserFlags();
var usedFlags = targetUser.UserFlagAssignments
.Where(a => !a.RemovedDate.HasValue)
.Select(a => a.UserFlagId)
.ToList();
foreach (var (flag, permission) in records)
{
if (usedFlags.Contains(flag.Id))
continue;
if (permission.CanAssign())
yield return flag;
}
}
#region User Flag Maintenance
public static UserFlag CreateUserFlag(DiscoDataContext Database, string name, string description)
@@ -52,7 +86,7 @@ namespace Disco.Services.Users.UserFlags
throw new ArgumentException("The User Flag Name is required", nameof(name));
// Name Unique
if (_cache.GetUserFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
if (cache.GetUserFlags().Any(f => f.flag.Name.Equals(name, StringComparison.Ordinal)))
throw new ArgumentException("Another User Flag already exists with that name", nameof(name));
// Clone to break reference
@@ -67,7 +101,7 @@ namespace Disco.Services.Users.UserFlags
Database.UserFlags.Add(flag);
Database.SaveChanges();
_cache.AddOrUpdate(flag);
cache.AddOrUpdate(flag);
return flag;
}
@@ -78,12 +112,12 @@ namespace Disco.Services.Users.UserFlags
throw new ArgumentException("The User Flag Name is required");
// Name Unique
if (_cache.GetUserFlags().Any(f => f.Id != UserFlag.Id && f.Name == UserFlag.Name))
throw new ArgumentException("Another User Flag already exists with that name", "UserFlag");
if (cache.GetUserFlags().Any(f => f.flag.Id != UserFlag.Id && f.flag.Name == UserFlag.Name))
throw new ArgumentException("Another User Flag already exists with that name", nameof(UserFlag));
Database.SaveChanges();
_cache.AddOrUpdate(UserFlag);
cache.AddOrUpdate(UserFlag);
UserFlagUsersManagedGroup.Initialize(UserFlag);
UserFlagUserDevicesManagedGroup.Initialize(UserFlag);
@@ -113,22 +147,22 @@ namespace Disco.Services.Users.UserFlags
Database.SaveChanges();
// Remove from Cache
_cache.Remove(UserFlagId);
cache.Remove(UserFlagId);
Status.Finished($"Successfully Deleted User Flag: '{flag.Name}' [{flag.Id}]");
}
#endregion
#region Bulk Assignment
public static IEnumerable<UserFlagAssignment> BulkAssignAddUsers(DiscoDataContext Database, UserFlag UserFlag, User Technician, string Comments, List<User> Users, IScheduledTaskStatus Status)
public static IEnumerable<UserFlagAssignment> BulkAssignAddUsers(DiscoDataContext database, UserFlag userFlag, User techUser, string comments, List<User> users, IScheduledTaskStatus status)
{
if (Users.Count > 0)
if (users.Count > 0)
{
double progressInterval;
const int databaseChunkSize = 100;
string comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
var addUsers = Users.Where(u => !u.UserFlagAssignments.Any(a => a.UserFlagId == UserFlag.Id && !a.RemovedDate.HasValue)).ToList();
var addUsers = users.Where(u => !u.UserFlagAssignments.Any(a => a.UserFlagId == userFlag.Id && !a.RemovedDate.HasValue)).ToList();
progressInterval = (double)100 / addUsers.Count;
@@ -138,39 +172,39 @@ namespace Disco.Services.Users.UserFlags
var chunkResults = chunk.Select((user, index) =>
{
Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user.ToString()}");
status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user}");
return user.OnAddUserFlag(Database, UserFlag, Technician, comments);
return user.OnAddUserFlagUnsafe(database, userFlag, techUser, comments);
}).ToList();
// Save Chunk Items to Database
Database.SaveChanges();
database.SaveChanges();
return chunkResults;
}).Where(fa => fa != null).ToList();
Status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {(Users.Count - addUsers.Count)} User/s Skipped");
status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {users.Count - addUsers.Count} User/s Skipped");
return addedUserAssignments;
}
else
{
Status.SetFinishedMessage("No changes found");
status.SetFinishedMessage("No changes found");
return Enumerable.Empty<UserFlagAssignment>();
}
}
public static IEnumerable<UserFlagAssignment> BulkAssignOverrideUsers(DiscoDataContext Database, UserFlag UserFlag, User Technician, string Comments, List<User> Users, IScheduledTaskStatus Status)
public static IEnumerable<UserFlagAssignment> BulkAssignOverrideUsers(DiscoDataContext database, UserFlag userFlag, User techUser, string comments, List<User> users, IScheduledTaskStatus status)
{
double progressInterval;
const int databaseChunkSize = 100;
string comments = string.IsNullOrWhiteSpace(Comments) ? null : Comments.Trim();
comments = string.IsNullOrWhiteSpace(comments) ? null : comments.Trim();
Status.UpdateStatus(0, "Calculating assignment changes");
status.UpdateStatus(0, "Calculating assignment changes");
var currentAssignments = Database.UserFlagAssignments.Include("User").Where(a => a.UserFlagId == UserFlag.Id && !a.RemovedDate.HasValue).ToList();
var removeAssignments = currentAssignments.Where(ca => !Users.Any(u => u.UserId.Equals(ca.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
var addUsers = Users.Where(u => !currentAssignments.Any(ca => ca.UserId.Equals(u.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
var currentAssignments = database.UserFlagAssignments.Include(a => a.User).Where(a => a.UserFlagId == userFlag.Id && !a.RemovedDate.HasValue).ToList();
var removeAssignments = currentAssignments.Where(ca => !users.Any(u => u.UserId.Equals(ca.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
var addUsers = users.Where(u => !currentAssignments.Any(ca => ca.UserId.Equals(u.UserId, StringComparison.OrdinalIgnoreCase))).ToList();
if (removeAssignments.Count > 0 || addUsers.Count > 0)
{
@@ -184,15 +218,15 @@ namespace Disco.Services.Users.UserFlags
var chunkResults = chunk.Select((flagAssignment, index) =>
{
Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Removing Flag: {flagAssignment.User.ToString()}");
status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Removing Flag: {flagAssignment.User}");
flagAssignment.OnRemoveUnsafe(Database, Technician);
flagAssignment.OnRemoveUnsafe(database, techUser);
return flagAssignment;
}).ToList();
// Save Chunk Items to Database
Database.SaveChanges();
database.SaveChanges();
return chunkResults;
}).ToList();
@@ -204,24 +238,24 @@ namespace Disco.Services.Users.UserFlags
var chunkResults = chunk.Select((user, index) =>
{
Status.UpdateStatus((chunkIndexOffset + index) * progressInterval, $"Assigning Flag: {user.ToString()}");
status.UpdateStatus((chunkIndexOffset + index) * progressInterval, string.Format("Assigning Flag: {0}", user.ToString()));
return user.OnAddUserFlag(Database, UserFlag, Technician, comments);
return user.OnAddUserFlagUnsafe(database, userFlag, techUser, comments);
}).ToList();
// Save Chunk Items to Database
Database.SaveChanges();
database.SaveChanges();
return chunkResults;
}).ToList();
Status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {removeAssignments.Count} User/s Removed; {(Users.Count - addUsers.Count)} User/s Skipped");
status.SetFinishedMessage($"{addUsers.Count} Users/s Added; {removeAssignments.Count} User/s Removed; {users.Count - addUsers.Count} User/s Skipped");
return addedUserAssignments;
}
else
{
Status.SetFinishedMessage("No changes found");
status.SetFinishedMessage("No changes found");
return Enumerable.Empty<UserFlagAssignment>();
}
}
@@ -229,11 +263,11 @@ namespace Disco.Services.Users.UserFlags
public static string RandomUnusedIcon()
{
return UIHelpers.RandomIcon(_cache.GetUserFlags().Select(f => f.Icon));
return UIHelpers.RandomIcon(cache.GetUserFlags().Select(f => f.flag.Icon));
}
public static string RandomUnusedThemeColour()
{
return UIHelpers.RandomThemeColour(_cache.GetUserFlags().Select(f => f.IconColour));
return UIHelpers.RandomThemeColour(cache.GetUserFlags().Select(f => f.flag.IconColour));
}
}
}
Disco.Services/Users/UserService.cs
+13 -5
View File
@@ -154,7 +154,7 @@ namespace Disco.Services.Users
AuthorizationLog.LogRoleCreated(role, CurrentUserId);
// Add to Cache
RoleCache.AddRole(role);
RoleCache.AddOrUpdateRole(role);
// Flush User Cache
Cache.FlushCache();
@@ -164,7 +164,7 @@ namespace Disco.Services.Users
public static void DeleteAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
{
if (Role == null)
throw new ArgumentNullException("Role");
throw new ArgumentNullException(nameof(Role));
Database.AuthorizationRoles.Remove(Role);
Database.SaveChanges();
@@ -180,19 +180,27 @@ namespace Disco.Services.Users
public static void UpdateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
{
if (Role == null)
throw new ArgumentNullException("Role");
throw new ArgumentNullException(nameof(Role));
if (Database == null)
throw new ArgumentNullException("Database");
throw new ArgumentNullException(nameof(Database));
Database.SaveChanges();
// Update Role Cache
RoleCache.UpdateRole(Role);
RoleCache.AddOrUpdateRole(Role);
// Flush User Cache
Cache.FlushCache();
}
public static string GetAuthorizationRoleName(int roleId)
{
var role = RoleCache.GetRoleToken(roleId);
if (role == null)
return "Unknown authorization role";
return role.Role.Name;
}
public static IEnumerable<string> AdministratorSubjectIds
{
get
Disco.Services/Web/BaseController.cs
+8 -2
View File
@@ -12,7 +12,13 @@ namespace Disco.Services.Web
protected static HttpStatusCodeResult BadRequest(string message = null)
=> StatusCode(HttpStatusCode.BadRequest, message);
protected static HttpStatusCodeResult StatusCode(HttpStatusCode statusCode, string message = null)
=> new HttpStatusCodeResult(statusCode, message);
protected static HttpStatusCodeResult StatusCode(HttpStatusCode statusCode, string statusDescription = null)
=> new HttpStatusCodeResult(statusCode, statusDescription);
protected static HttpNotFoundResult NotFound(string statusDescription = null)
=> new HttpNotFoundResult(statusDescription);
protected static HttpUnauthorizedResult Unauthorized(string statusDescription = null)
=> new HttpUnauthorizedResult(statusDescription);
}
}