tgstation-server/_instance_permission_set_controller_8cs_source.html

using System;

using System.Linq;

using System.Threading;

using System.Threading.Tasks;


using Microsoft.AspNetCore.Mvc;

using Microsoft.EntityFrameworkCore;

using Microsoft.Extensions.Logging;


using Tgstation.Server.Api;

using Tgstation.Server.Api.Models;

using Tgstation.Server.Api.Models.Request;

using Tgstation.Server.Api.Models.Response;

using Tgstation.Server.Api.Rights;

using Tgstation.Server.Host.Components;

using Tgstation.Server.Host.Controllers.Results;

using Tgstation.Server.Host.Database;

using Tgstation.Server.Host.Extensions;

using Tgstation.Server.Host.Models;

using Tgstation.Server.Host.Security;

using Tgstation.Server.Host.Utils;


namespace Tgstation.Server.Host.Controllers

{

    [Route(Routes.InstancePermissionSet)]


    public sealed class InstancePermissionSetController : InstanceRequiredController

    {

        readonly IPermissionsUpdateNotifyee permissionsUpdateNotifyee;


        public InstancePermissionSetController(

            IDatabaseContext databaseContext,

            IAuthenticationContext authenticationContext,

            ILogger<InstancePermissionSetController> logger,

            IInstanceManager instanceManager,

            IPermissionsUpdateNotifyee permissionsUpdateNotifyee,

            IApiHeadersProvider apiHeaders)

            : base(

                  databaseContext,

                  authenticationContext,

                  logger,

                  instanceManager,

                  apiHeaders)

        {

            this.permissionsUpdateNotifyee = permissionsUpdateNotifyee ?? throw new ArgumentNullException(nameof(permissionsUpdateNotifyee));

        }


        [HttpPut]

        [TgsAuthorize(InstancePermissionSetRights.Create)]

        [ProducesResponseType(typeof(InstancePermissionSetResponse), 201)]

        [ProducesResponseType(typeof(ErrorMessageResponse), 410)]

#pragma warning disable CA1506


        public async ValueTask<IActionResult> Create([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)

        {

            ArgumentNullException.ThrowIfNull(model);


            var existingPermissionSet = await DatabaseContext

                .PermissionSets

                .AsQueryable()

                .Where(x => x.Id == model.PermissionSetId)

                .Select(x => new Models.PermissionSet

                {

                    Id = x.Id,

                    UserId = x.UserId,

                })

                .FirstOrDefaultAsync(cancellationToken);


            if (existingPermissionSet == default)

                return this.Gone();


            if (existingPermissionSet.UserId.HasValue)

            {

                var userCanonicalName = await DatabaseContext

                    .Users

                    .AsQueryable()

                    .Where(x => x.Id == existingPermissionSet.UserId.Value)

                    .Select(x => x.CanonicalName)

                    .FirstAsync(cancellationToken);


                if (userCanonicalName == Models.User.CanonicalizeName(Models.User.TgsSystemUserName))

                    return Forbid();

            }


            var dbUser = new InstancePermissionSet

            {

                EngineRights = RightsHelper.Clamp(model.EngineRights ?? EngineRights.None),

                ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? ChatBotRights.None),

                ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? ConfigurationRights.None),

                DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? DreamDaemonRights.None),

                DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? DreamMakerRights.None),

                RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? RepositoryRights.None),

                InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? InstancePermissionSetRights.None),

                PermissionSetId = model.PermissionSetId,

                InstanceId = Instance.Require(x => x.Id),

            };


            DatabaseContext.InstancePermissionSets.Add(dbUser);


            await DatabaseContext.Save(cancellationToken);


            // needs to be set for next call

            dbUser.PermissionSet = existingPermissionSet;

            await permissionsUpdateNotifyee.InstancePermissionSetCreated(dbUser, cancellationToken);

            return this.Created(dbUser.ToApi());

        }


#pragma warning restore CA1506


        [HttpPost]

        [TgsAuthorize(InstancePermissionSetRights.Write)]

        [ProducesResponseType(typeof(InstancePermissionSetResponse), 200)]

        [ProducesResponseType(typeof(ErrorMessageResponse), 410)]

#pragma warning disable CA1506 // TODO: Decomplexify


        public async ValueTask<IActionResult> Update([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)

        {

            ArgumentNullException.ThrowIfNull(model);


            var originalPermissionSet = await DatabaseContext

                .Instances

                .AsQueryable()

                .Where(x => x.Id == Instance.Id)

                .SelectMany(x => x.InstancePermissionSets)

                .Where(x => x.PermissionSetId == model.PermissionSetId)

                .FirstOrDefaultAsync(cancellationToken);

            if (originalPermissionSet == null)

                return this.Gone();


            originalPermissionSet.EngineRights = RightsHelper.Clamp(model.EngineRights ?? originalPermissionSet.EngineRights!.Value);

            originalPermissionSet.RepositoryRights = RightsHelper.Clamp(model.RepositoryRights ?? originalPermissionSet.RepositoryRights!.Value);

            originalPermissionSet.InstancePermissionSetRights = RightsHelper.Clamp(model.InstancePermissionSetRights ?? originalPermissionSet.InstancePermissionSetRights!.Value);

            originalPermissionSet.ChatBotRights = RightsHelper.Clamp(model.ChatBotRights ?? originalPermissionSet.ChatBotRights!.Value);

            originalPermissionSet.ConfigurationRights = RightsHelper.Clamp(model.ConfigurationRights ?? originalPermissionSet.ConfigurationRights!.Value);

            originalPermissionSet.DreamDaemonRights = RightsHelper.Clamp(model.DreamDaemonRights ?? originalPermissionSet.DreamDaemonRights!.Value);

            originalPermissionSet.DreamMakerRights = RightsHelper.Clamp(model.DreamMakerRights ?? originalPermissionSet.DreamMakerRights!.Value);


            await DatabaseContext.Save(cancellationToken);

            var showFullPermissionSet = originalPermissionSet.PermissionSetId == AuthenticationContext.PermissionSet.Require(x => x.Id)

                || (AuthenticationContext.GetRight(RightsType.InstancePermissionSet) & (ulong)InstancePermissionSetRights.Read) != 0;

            return Json(

                showFullPermissionSet

                    ? originalPermissionSet.ToApi()

                    : new InstancePermissionSetResponse

                    {

                        PermissionSetId = originalPermissionSet.PermissionSetId,

                    });

        }


#pragma warning restore CA1506

        [HttpGet]

        [TgsAuthorize]

        [ProducesResponseType(typeof(InstancePermissionSetResponse), 200)]

        public IActionResult Read() => Json(InstancePermissionSet.ToApi());


        [HttpGet(Routes.List)]

        [TgsAuthorize(InstancePermissionSetRights.Read)]

        [ProducesResponseType(typeof(PaginatedResponse<InstancePermissionSetResponse>), 200)]

        public ValueTask<IActionResult> List([FromQuery] int? page, [FromQuery] int? pageSize, CancellationToken cancellationToken)

            => Paginated<InstancePermissionSet, InstancePermissionSetResponse>(

                () => ValueTask.FromResult(

                    new PaginatableResult<InstancePermissionSet>(

                        DatabaseContext

                            .Instances

                            .AsQueryable()

                            .Where(x => x.Id == Instance.Id)

                            .SelectMany(x => x.InstancePermissionSets)

                            .OrderBy(x => x.PermissionSetId))),

                null,

                page,

                pageSize,

                cancellationToken);


        [HttpGet("{id}")]

        [TgsAuthorize(InstancePermissionSetRights.Read)]

        [ProducesResponseType(typeof(InstancePermissionSetResponse), 200)]

        [ProducesResponseType(typeof(ErrorMessageResponse), 410)]


        public async ValueTask<IActionResult> GetId(long id, CancellationToken cancellationToken)

        {

            // this functions as userId

            var permissionSet = await DatabaseContext

                .Instances

                .AsQueryable()

                .Where(x => x.Id == Instance.Id)

                .SelectMany(x => x.InstancePermissionSets)

                .Where(x => x.PermissionSetId == id)

                .FirstOrDefaultAsync(cancellationToken);

            if (permissionSet == default)

                return this.Gone();

            return Json(permissionSet.ToApi());

        }


        [HttpDelete("{id}")]

        [TgsAuthorize(InstancePermissionSetRights.Write)]

        [ProducesResponseType(204)]

        [ProducesResponseType(typeof(ErrorMessageResponse), 410)]


        public async ValueTask<IActionResult> Delete(long id, CancellationToken cancellationToken)

        {

            var numDeleted = await DatabaseContext

                .Instances

                .AsQueryable()

                .Where(x => x.Id == Instance.Id)

                .SelectMany(x => x.InstancePermissionSets)

                .Where(x => x.PermissionSetId == id)

                .ExecuteDeleteAsync(cancellationToken);


            return numDeleted > 0 ? NoContent() : this.Gone();

        }


    }


}

Tgstation.Server.Api.Models.EntityId.Id
virtual ? long Id
The ID of the entity.
Definition EntityId.cs:13

Tgstation.Server.Api.Models.Instance
Metadata about a server instance.
Definition Instance.cs:9

Tgstation.Server.Api.Models.Internal.InstancePermissionSet.PermissionSetId
long PermissionSetId
The EntityId.Id of the PermissionSet the InstancePermissionSet belongs to.
Definition InstancePermissionSet.cs:18

Tgstation.Server.Api.Models.Request.InstancePermissionSetRequest
A request to update an instance permission set.
Definition InstancePermissionSetRequest.cs:9

Tgstation.Server.Api.Models.Response.ErrorMessageResponse
Represents an error message returned by the server.
Definition ErrorMessageResponse.cs:12

Tgstation.Server.Api.Models.Response.InstancePermissionSetResponse
A response containing an instance permission set.
Definition InstancePermissionSetResponse.cs:9

Tgstation.Server.Api.Models.Response.PaginatedResponse
Represents a paginated set of models.
Definition PaginatedResponse.cs:11

Tgstation.Server.Api.Rights.RightsHelper
Helper for RightsTypes.
Definition RightsHelper.cs:12

Tgstation.Server.Api.Routes
Routes to a server actions.
Definition Routes.cs:9

Tgstation.Server.Api.Routes.List
const string List
The postfix for list operations.
Definition Routes.cs:113

Tgstation.Server.Api.Routes.InstancePermissionSet
const string InstancePermissionSet
The instance permission set controller.
Definition Routes.cs:88

Tgstation.Server.Host.Controllers.ComponentInterfacingController.instanceManager
readonly IInstanceManager instanceManager
The IInstanceManager for the ComponentInterfacingController.
Definition ComponentInterfacingController.cs:32

Tgstation.Server.Host.Controllers.InstancePermissionSetController
ApiController for managing InstancePermissionSets.
Definition InstancePermissionSetController.cs:30

Tgstation.Server.Host.Controllers.InstancePermissionSetController.GetId
async ValueTask< IActionResult > GetId(long id, CancellationToken cancellationToken)
Gets a specific Api.Models.Internal.InstancePermissionSet.
Definition InstancePermissionSetController.cs:225

Tgstation.Server.Host.Controllers.InstancePermissionSetController.List
ValueTask< IActionResult > List([FromQuery] int? page, [FromQuery] int? pageSize, CancellationToken cancellationToken)
Lists InstancePermissionSets for the instance.

Tgstation.Server.Host.Controllers.InstancePermissionSetController.Read
IActionResult Read()
Read the active InstancePermissionSet.

Tgstation.Server.Host.Controllers.InstancePermissionSetController.permissionsUpdateNotifyee
readonly IPermissionsUpdateNotifyee permissionsUpdateNotifyee
The IPermissionsUpdateNotifyee for the InstancePermissionSetController.
Definition InstancePermissionSetController.cs:34

Tgstation.Server.Host.Controllers.InstancePermissionSetController.Update
async ValueTask< IActionResult > Update([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)
Update the permissions for an InstancePermissionSet.
Definition InstancePermissionSetController.cs:143

Tgstation.Server.Host.Controllers.InstancePermissionSetController.InstancePermissionSetController
InstancePermissionSetController(IDatabaseContext databaseContext, IAuthenticationContext authenticationContext, ILogger< InstancePermissionSetController > logger, IInstanceManager instanceManager, IPermissionsUpdateNotifyee permissionsUpdateNotifyee, IApiHeadersProvider apiHeaders)
Initializes a new instance of the InstancePermissionSetController class.
Definition InstancePermissionSetController.cs:45

Tgstation.Server.Host.Controllers.InstancePermissionSetController.Create
async ValueTask< IActionResult > Create([FromBody] InstancePermissionSetRequest model, CancellationToken cancellationToken)
Create an InstancePermissionSet.
Definition InstancePermissionSetController.cs:75

Tgstation.Server.Host.Controllers.InstancePermissionSetController.Delete
async ValueTask< IActionResult > Delete(long id, CancellationToken cancellationToken)
Delete an InstancePermissionSet.
Definition InstancePermissionSetController.cs:252

Tgstation.Server.Host.Controllers.InstanceRequiredController
ComponentInterfacingController for operations that require an instance.
Definition InstanceRequiredController.cs:14

Tgstation.Server.Host.Controllers.Results.PaginatableResult
Helper for returning paginated models.
Definition PaginatableResult.cs:14

Tgstation.Server.Host.Database.DatabaseContext
Backend abstract implementation of IDatabaseContext.
Definition DatabaseContext.cs:25

Tgstation.Server.Host.Database.DatabaseContext.Instances
DbSet< Instance > Instances
The Instances in the DatabaseContext.
Definition DatabaseContext.cs:34

Tgstation.Server.Host.Database.DatabaseContext.InstancePermissionSets
DbSet< InstancePermissionSet > InstancePermissionSets
The InstancePermissionSets in the DatabaseContext.
Definition DatabaseContext.cs:69

Tgstation.Server.Host.Database.DatabaseContext.PermissionSets
DbSet< PermissionSet > PermissionSets
The PermissionSets in the DatabaseContext.
Definition DatabaseContext.cs:104

Tgstation.Server.Host.Database.DatabaseContext.Save
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.A Task representing the running operation.

Tgstation.Server.Host.Database.DatabaseContext.Users
DbSet< User > Users
The Users in the DatabaseContext.
Definition DatabaseContext.cs:29

Tgstation.Server.Host.Models.InstancePermissionSet
Definition InstancePermissionSet.cs:9

Tgstation.Server.Host.Models.InstancePermissionSet.ToApi
InstancePermissionSetResponse ToApi()

Tgstation.Server.Host.Security.AuthenticationContext
Definition AuthenticationContext.cs:11

Tgstation.Server.Host.Security.AuthenticationContext.PermissionSet
PermissionSet PermissionSet
The User's effective PermissionSet.
Definition AuthenticationContext.cs:19

Tgstation.Server.Host.Security.AuthenticationContext.GetRight
ulong GetRight(RightsType rightsType)
Get the value of a given rightsType .The value of rightsType . Note that if InstancePermissionSet is ...
Definition AuthenticationContext.cs:103

Tgstation.Server.Host.Components.IInstanceManager
For managing IInstances.
Definition IInstanceManager.cs:11

Tgstation.Server.Host.Database.IDatabaseContext
Represents the database.
Definition IDatabaseContext.cs:17

Tgstation.Server.Host.Security.IAuthenticationContext
For creating and accessing authentication contexts.
Definition IAuthenticationContext.cs:12

Tgstation.Server.Host.Security.IPermissionsUpdateNotifyee
Receives notifications about permissions updates.
Definition IPermissionsUpdateNotifyee.cs:12

Tgstation.Server.Host.Security.IPermissionsUpdateNotifyee.InstancePermissionSetCreated
ValueTask InstancePermissionSetCreated(InstancePermissionSet instancePermissionSet, CancellationToken cancellationToken)
Called when a given instancePermissionSet  is successfully created.

Tgstation.Server.Host.Utils.IApiHeadersProvider
Provides ApiHeaders.
Definition IApiHeadersProvider.cs:9

Tgstation.Server.Api.Models.Request
Definition ChatBotCreateRequest.cs:4

Tgstation.Server.Api.Models.Response
Definition AdministrationResponse.cs:6

Tgstation.Server.Api.Models
Definition ChatChannel.cs:6

Tgstation.Server.Api.Rights
Definition AdministrationRights.cs:4

Tgstation.Server.Api.Rights.ChatBotRights
ChatBotRights
Rights for chat bots.
Definition ChatBotRights.cs:10

Tgstation.Server.Api.Rights.ConfigurationRights
ConfigurationRights
Rights for Models.IConfigurationFiles.
Definition ConfigurationRights.cs:10

Tgstation.Server.Api.Rights.ConfigurationRights.List
@ List
User may list files if the Models.Instance allows it.

Tgstation.Server.Api.Rights.DreamMakerRights
DreamMakerRights
Rights for deployment.
Definition DreamMakerRights.cs:10

Tgstation.Server.Api.Rights.RightsType
RightsType
The type of rights a model uses.
Definition RightsType.cs:7

Tgstation.Server.Api.Rights.EngineRights
EngineRights
Rights for engine version management.
Definition EngineRights.cs:10

Tgstation.Server.Api.Rights.RepositoryRights
RepositoryRights
Rights for the git repository.
Definition RepositoryRights.cs:10

Tgstation.Server.Api.Rights.InstancePermissionSetRights
InstancePermissionSetRights
Rights for an Models.Instance.
Definition InstancePermissionSetRights.cs:10

Tgstation.Server.Api.Rights.DreamDaemonRights
DreamDaemonRights
Rights for managing DreamDaemon.
Definition DreamDaemonRights.cs:10

Tgstation.Server.Api
Definition ApiHeaders.cs:20

Tgstation.Server.Host.Components
Definition ChannelMapping.cs:4

Tgstation.Server.Host.Controllers.Results
Definition LimitedStreamResult.cs:14

Tgstation.Server.Host.Controllers
Definition AdministrationController.cs:28

Tgstation.Server.Host.Database
Definition DatabaseCollection.cs:11

Tgstation.Server.Host.Extensions
Definition ApplicationBuilderExtensions.cs:22

Tgstation.Server.Host.Models
Definition ChatBot.cs:9

Tgstation.Server.Host.Security
Definition AuthenticationContext.cs:8

Tgstation.Server.Host.Utils
Definition AbstractHttpClientFactory.cs:10