jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
84a4ba281ff111c5d7e2d0e6af180bcc235c4ee8
Disco/Disco.Services/Authorization/Roles/RoleCache.cs
T
Gary Sharp a819d2722a Feature #49: Active Directory Managed Groups 
Document Template Attachments, Device Batches, Device Profiles and User
Flags can be associated with an Active Directory group. This AD group is
then automatically synchronized with relevant User/Machine accounts.
Contains various other UI tweaks and configuration enhancements.
2014-06-16 22:21:31 +10:00

152 lines
5.6 KiB
C#
Raw Blame History

using Disco.Data.Repository;
using Disco.Models.Services.Authorization;
using Disco.Models.Repository;
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Disco.Services.Interop.ActiveDirectory;
namespace Disco.Services.Authorization.Roles
{
internal static class RoleCache
{
internal const int AdministratorsTokenId = -1;
internal const int ComputerAccountTokenId = -200;
internal const string ClaimsJsonEmpty = "null";
internal static readonly string[] _RequiredAdministratorSubjectIds = new string[] { "Domain Admins" };
private static List<RoleToken> _Cache;
private static RoleToken _AdministratorToken;
internal static void Initialize(DiscoDataContext Database)
{
_Cache = Database.AuthorizationRoles.ToList().Select(ar => RoleToken.FromAuthorizationRole(ar)).ToList();
// Add System Roles
AddSystemRoles(Database);
}
private static void AddSystemRoles(DiscoDataContext Database)
{
// Disco Administrators
_AdministratorToken = RoleToken.FromAuthorizationRole(new AuthorizationRole()
{
Id = AdministratorsTokenId,
Name = "Disco Administrators",
SubjectIds = string.Join(",", GenerateAdministratorSubjectIds(Database))
}, Claims.AdministratorClaims());
_Cache.Add(_AdministratorToken);
// Computer Accounts
_Cache.Add(RoleToken.FromAuthorizationRole(new AuthorizationRole()
{
Id = ComputerAccountTokenId,
Name = "Domain Computer Account"
}, Claims.ComputerAccountClaims()));
}
private static IEnumerable<string> GenerateAdministratorSubjectIds(DiscoDataContext Database)
{
var configuredSubjectIds = Database.DiscoConfiguration.Administrators.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries).Select(s => ActiveDirectory.ParseDomainAccountId(s));
return RequiredAdministratorSubjectIds
.Concat(configuredSubjectIds)
.Distinct(StringComparer.OrdinalIgnoreCase)
.OrderBy(s => s);
}
public static IEnumerable<string> RequiredAdministratorSubjectIds
{
get
{
return _RequiredAdministratorSubjectIds.Select(s => ActiveDirectory.ParseDomainAccountId(s));
}
}
public static IEnumerable<string> AdministratorSubjectIds
{
get
{
return _AdministratorToken.SubjectIds.ToList();
}
}
public static void UpdateAdministratorSubjectIds(DiscoDataContext Database, IEnumerable<string> SubjectIds)
{
// Clean
SubjectIds = SubjectIds
.Where(s => !string.IsNullOrWhiteSpace(s))
.Concat(RequiredAdministratorSubjectIds)
.Distinct(StringComparer.OrdinalIgnoreCase)
.OrderBy(s => s);
var subjectIdsString = string.Join(",", SubjectIds);
// Update Database
Database.DiscoConfiguration.Administrators = subjectIdsString;
Database.SaveChanges();
// Update State
_AdministratorToken.SubjectIds = SubjectIds.ToList();
_AdministratorToken.SubjectIdHashes = new HashSet<string>(SubjectIds, StringComparer.OrdinalIgnoreCase);
}
/// <summary>
/// Create a clone of an Authorization Role
/// <para>Creates immutable clones to avoid side-effects</para>
/// </summary>
/// <param name="TemplateRole">Authorization Role to Clone</param>
/// <returns>A copy of the Authorization Role</returns>
private static AuthorizationRole CloneAuthoriationRole(AuthorizationRole TemplateRole)
{
return new AuthorizationRole()
{
Id = TemplateRole.Id,
Name = TemplateRole.Name,
ClaimsJson = TemplateRole.ClaimsJson,
SubjectIds = TemplateRole.SubjectIds
};
}
internal static RoleToken AddRole(AuthorizationRole Role)
{
var token = RoleToken.FromAuthorizationRole(CloneAuthoriationRole(Role));
_Cache.Add(token);
return token;
}
internal static void RemoveRole(AuthorizationRole Role)
{
var token = GetRoleToken(Role.Id);
if (token != null)
_Cache.Remove(token);
}
internal static RoleToken UpdateRole(AuthorizationRole Role)
{
RemoveRole(Role);
return AddRole(Role);
}
internal static RoleToken GetRoleToken(int Id)
{
return _Cache.FirstOrDefault(t => t.Role.Id == Id);
}
internal static RoleToken GetRoleToken(string SecurityGroup)
{
return _Cache.FirstOrDefault(t => t.SubjectIdHashes.Contains(SecurityGroup));
}
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup)
{
return _Cache.Where(t => SecurityGroup.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
}
internal static List<IRoleToken> GetRoleTokens(IEnumerable<string> SecurityGroup, User User)
{
var subjectIds = SecurityGroup.Concat(new string[] { User.UserId });
return _Cache.Where(t => subjectIds.Any(sg => t.SubjectIdHashes.Contains(sg))).Cast<IRoleToken>().ToList();
}
}
}
Reference in New Issue View Git Blame Copy Permalink