tgstation-server/_permission_set_authority_8cs_source.html

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading;

using System.Threading.Tasks;


using GreenDonut;


using Microsoft.EntityFrameworkCore;

using Microsoft.Extensions.Logging;


using Tgstation.Server.Api.Rights;

using Tgstation.Server.Host.Authority.Core;

using Tgstation.Server.Host.Database;

using Tgstation.Server.Host.Extensions;

using Tgstation.Server.Host.Models;

using Tgstation.Server.Host.Security;


namespace Tgstation.Server.Host.Authority

{


    sealed class PermissionSetAuthority : AuthorityBase, IPermissionSetAuthority

    {

        readonly IPermissionSetsDataLoader permissionSetsDataLoader;


        readonly IClaimsPrincipalAccessor claimsPrincipalAccessor;


        [DataLoader]


        public static async ValueTask<Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet>> GetPermissionSets(

            IReadOnlyList<(long Id, PermissionSetLookupType LookupType)> ids,

            IDatabaseContext databaseContext,

            CancellationToken cancellationToken)

        {

            ArgumentNullException.ThrowIfNull(ids);

            ArgumentNullException.ThrowIfNull(databaseContext);


            var idLookups = new List<long>(ids.Count);

            var userIdLookups = new List<long>(ids.Count);

            var groupIdLookups = new List<long>(ids.Count);


            foreach (var (id, lookupType) in ids)

                switch (lookupType)

                {

                    case PermissionSetLookupType.Id:

                        idLookups.Add(id);

                        break;

                    case PermissionSetLookupType.UserId:

                        userIdLookups.Add(id);

                        break;

                    case PermissionSetLookupType.GroupId:

                        groupIdLookups.Add(id);

                        break;

                    default:

                        throw new InvalidOperationException($"Invalid {nameof(PermissionSetLookupType)}: {lookupType}");

                }


            var selectedPermissionSets = await databaseContext

                .PermissionSets

                .Where(dbModel => idLookups.Contains(dbModel.Id!.Value)

                    || (dbModel.UserId.HasValue && userIdLookups.Contains(dbModel.UserId.Value))

                    || (dbModel.GroupId.HasValue && groupIdLookups.Contains(dbModel.GroupId.Value)))

                .ToListAsync(cancellationToken);


            var results = new Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet>(selectedPermissionSets.Count * 2);

            foreach (var permissionSet in selectedPermissionSets)

            {

                results.Add((permissionSet.Id!.Value, PermissionSetLookupType.Id), permissionSet);

                if (permissionSet.GroupId.HasValue)

                    results.Add((permissionSet.GroupId.Value, PermissionSetLookupType.GroupId), permissionSet);

                if (permissionSet.UserId.HasValue)

                    results.Add((permissionSet.UserId.Value, PermissionSetLookupType.UserId), permissionSet);

            }


            return results;

        }


        public PermissionSetAuthority(

            IDatabaseContext databaseContext,

            ILogger<AuthorityBase> logger,

            IPermissionSetsDataLoader permissionSetsDataLoader,

            IClaimsPrincipalAccessor claimsPrincipalAccessor)

            : base(

                  databaseContext,

                  logger)

        {

            this.permissionSetsDataLoader = permissionSetsDataLoader ?? throw new ArgumentNullException(nameof(permissionSetsDataLoader));

            this.claimsPrincipalAccessor = claimsPrincipalAccessor ?? throw new ArgumentNullException(nameof(claimsPrincipalAccessor));

        }


        public RequirementsGated<AuthorityResponse<PermissionSet>> GetId(long id, PermissionSetLookupType lookupType, CancellationToken cancellationToken)

        {

            var permissionSetTask = permissionSetsDataLoader.LoadAsync((Id: id, LookupType: lookupType), cancellationToken);

            return new(

                async () =>

                {

                    var userId = claimsPrincipalAccessor.User.GetTgsUserId();


                    var groupIdQuery = DatabaseContext

                        .Users

                        .Where(user => user.Id == userId)

                        .Select(user => user.GroupId);


                    var permissionSetId = await DatabaseContext

                        .PermissionSets

                        .Where(permissionSet => permissionSet.UserId == userId

                            || groupIdQuery.Contains(permissionSet.GroupId))

                        .Select(permissionSet => permissionSet.Id!.Value)

                        .FirstAsync(cancellationToken);


                    if (permissionSetId == id)

                        return null;


                    return Flag(AdministrationRights.ReadUsers);

                },

                async () =>

                {

                    var permissionSet = await permissionSetTask;


                    if (permissionSet == null)

                        return NotFound<PermissionSet>();


                    return new AuthorityResponse<PermissionSet>(permissionSet);

                });

        }


    }


}

Tgstation.Server.Host.Authority.Core.AuthorityBase
Base implementation of IAuthority.
Definition AuthorityBase.cs:19

Tgstation.Server.Host.Authority.Core.RequirementsGated
Evaluates a set of IAuthorizationRequirements to be checked before executing a response.
Definition RequirementsGated{TResult}.cs:17

Tgstation.Server.Host.Authority.PermissionSetAuthority
Definition PermissionSetAuthority.cs:23

Tgstation.Server.Host.Authority.PermissionSetAuthority.PermissionSetAuthority
PermissionSetAuthority(IDatabaseContext databaseContext, ILogger< AuthorityBase > logger, IPermissionSetsDataLoader permissionSetsDataLoader, IClaimsPrincipalAccessor claimsPrincipalAccessor)
Initializes a new instance of the PermissionSetAuthority class.
Definition PermissionSetAuthority.cs:97

Tgstation.Server.Host.Authority.PermissionSetAuthority.GetPermissionSets
static async ValueTask< Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet > > GetPermissionSets(IReadOnlyList<(long Id, PermissionSetLookupType LookupType)> ids, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements permissionSetsDataLoader.
Definition PermissionSetAuthority.cs:42

Tgstation.Server.Host.Authority.PermissionSetAuthority.GetId
RequirementsGated< AuthorityResponse< PermissionSet > > GetId(long id, PermissionSetLookupType lookupType, CancellationToken cancellationToken)
Gets the User with a given id .A ValueTask<TResult> resulting in a PermissionSet AuthorityResponse<TR...
Definition PermissionSetAuthority.cs:111

Tgstation.Server.Host.Authority.PermissionSetAuthority.claimsPrincipalAccessor
readonly IClaimsPrincipalAccessor claimsPrincipalAccessor
The IClaimsPrincipalAccessor for the PermissionSetAuthority.
Definition PermissionSetAuthority.cs:32

Tgstation.Server.Host.Authority.PermissionSetAuthority.permissionSetsDataLoader
readonly IPermissionSetsDataLoader permissionSetsDataLoader
The IPermissionSetsDataLoader for the PermissionSetAuthority.
Definition PermissionSetAuthority.cs:27

Tgstation.Server.Host.Database.DatabaseContext
Backend abstract implementation of IDatabaseContext.
Definition DatabaseContext.cs:25

Tgstation.Server.Host.Database.DatabaseContext.PermissionSets
DbSet< PermissionSet > PermissionSets
The PermissionSets in the DatabaseContext.
Definition DatabaseContext.cs:109

Tgstation.Server.Host.Database.DatabaseContext.Users
DbSet< User > Users
The Users in the DatabaseContext.
Definition DatabaseContext.cs:29

Tgstation.Server.Host.Models.PermissionSet
Definition PermissionSet.cs:9

Tgstation.Server.Host.Authority.IPermissionSetAuthority
IAuthority for managing PermissionSets.
Definition IPermissionSetAuthority.cs:13

Tgstation.Server.Host.Database.IDatabaseContext
Represents the database.
Definition IDatabaseContext.cs:17

Tgstation.Server.Host.Security.IClaimsPrincipalAccessor
Interface for accessing the current request's ClaimsPrincipal.
Definition IClaimsPrincipalAccessor.cs:9

Tgstation.Server.Host.Security.IClaimsPrincipalAccessor.User
ClaimsPrincipal User
Get the current ClaimsPrincipal.
Definition IClaimsPrincipalAccessor.cs:13

Tgstation.Server.Api.Rights
Definition AdministrationRights.cs:4

Tgstation.Server.Api.Rights.ConfigurationRights.List
@ List
User may list files if the Models.Instance allows it.

Tgstation.Server.Api.Rights.AdministrationRights
AdministrationRights
Administration rights for the server.
Definition AdministrationRights.cs:10

Tgstation.Server.Host.Authority.Core
Definition AuthorityBase.cs:14

Tgstation.Server.Host.Authority
Definition AdministrationAuthority.cs:26

Tgstation.Server.Host.Authority.PermissionSetLookupType
PermissionSetLookupType
Indicates the type of Api.Models.EntityId.Id to lookup on a Models.PermissionSet.
Definition PermissionSetLookupType.cs:7

Tgstation.Server.Host.Authority.PermissionSetLookupType.Id
@ Id
Lookup the Api.Models.EntityId.Id of the Models.PermissionSet.

Tgstation.Server.Host.Database
Definition DatabaseCollection.cs:10

Tgstation.Server.Host.Extensions
Definition ApplicationBuilderExtensions.cs:22

Tgstation.Server.Host.Models
Definition ChatBot.cs:9

Tgstation.Server.Host.Security
Definition AuthenticationContext.cs:8