tgstation-server/_permission_set_authority_8cs_source.html

using System;

using System.Collections.Generic;

using System.Linq;

using System.Threading;

using System.Threading.Tasks;


using GreenDonut;


using Microsoft.EntityFrameworkCore;

using Microsoft.Extensions.Logging;


using Tgstation.Server.Api.Rights;

using Tgstation.Server.Host.Authority.Core;

using Tgstation.Server.Host.Database;

using Tgstation.Server.Host.Models;

using Tgstation.Server.Host.Security;


namespace Tgstation.Server.Host.Authority

{


    sealed class PermissionSetAuthority : AuthorityBase, IPermissionSetAuthority

    {

        readonly IPermissionSetsDataLoader permissionSetsDataLoader;


        [DataLoader]


        public static async ValueTask<Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet>> GetPermissionSets(

            IReadOnlyList<(long Id, PermissionSetLookupType LookupType)> ids,

            IDatabaseContext databaseContext,

            CancellationToken cancellationToken)

        {

            ArgumentNullException.ThrowIfNull(ids);

            ArgumentNullException.ThrowIfNull(databaseContext);


            var idLookups = new List<long>(ids.Count);

            var userIdLookups = new List<long>(ids.Count);

            var groupIdLookups = new List<long>(ids.Count);


            foreach (var (id, lookupType) in ids)

                switch (lookupType)

                {

                    case PermissionSetLookupType.Id:

                        idLookups.Add(id);

                        break;

                    case PermissionSetLookupType.UserId:

                        userIdLookups.Add(id);

                        break;

                    case PermissionSetLookupType.GroupId:

                        groupIdLookups.Add(id);

                        break;

                    default:

                        throw new InvalidOperationException($"Invalid {nameof(PermissionSetLookupType)}: {lookupType}");

                }


            var selectedPermissionSets = await databaseContext

                .PermissionSets

                .Where(dbModel => idLookups.Contains(dbModel.Id!.Value)

                    || (dbModel.UserId.HasValue && userIdLookups.Contains(dbModel.UserId.Value))

                    || (dbModel.GroupId.HasValue && groupIdLookups.Contains(dbModel.GroupId.Value)))

                .ToListAsync(cancellationToken);


            var results = new Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet>(selectedPermissionSets.Count * 2);

            foreach (var permissionSet in selectedPermissionSets)

            {

                results.Add((permissionSet.Id!.Value, PermissionSetLookupType.Id), permissionSet);

                if (permissionSet.GroupId.HasValue)

                    results.Add((permissionSet.GroupId.Value, PermissionSetLookupType.GroupId), permissionSet);

                if (permissionSet.UserId.HasValue)

                    results.Add((permissionSet.UserId.Value, PermissionSetLookupType.UserId), permissionSet);

            }


            return results;

        }


        public PermissionSetAuthority(

            IAuthenticationContext authenticationContext,

            IDatabaseContext databaseContext,

            ILogger<AuthorityBase> logger,

            IPermissionSetsDataLoader permissionSetsDataLoader)

            : base(

                  authenticationContext,

                  databaseContext,

                  logger)

        {

            this.permissionSetsDataLoader = permissionSetsDataLoader ?? throw new ArgumentNullException(nameof(permissionSetsDataLoader));

        }


        public async ValueTask<AuthorityResponse<PermissionSet>> GetId(long id, PermissionSetLookupType lookupType, CancellationToken cancellationToken)

        {

            if (id != AuthenticationContext.PermissionSet.Id && !((AdministrationRights)AuthenticationContext.GetRight(RightsType.Administration)).HasFlag(AdministrationRights.ReadUsers))

                return Forbid<PermissionSet>();


            var permissionSet = await permissionSetsDataLoader.LoadAsync((Id: id, LookupType: lookupType), cancellationToken);

            if (permissionSet == null)

                return NotFound<PermissionSet>();


            return new AuthorityResponse<PermissionSet>(permissionSet);

        }


    }


}

Tgstation.Server.Api.Models.PermissionSet.Id
override? long Id
Definition PermissionSet.cs:15

Tgstation.Server.Host.Authority.Core.AuthorityBase
Base implementation of IAuthority.
Definition AuthorityBase.cs:19

Tgstation.Server.Host.Authority.PermissionSetAuthority
Definition PermissionSetAuthority.cs:22

Tgstation.Server.Host.Authority.PermissionSetAuthority.PermissionSetAuthority
PermissionSetAuthority(IAuthenticationContext authenticationContext, IDatabaseContext databaseContext, ILogger< AuthorityBase > logger, IPermissionSetsDataLoader permissionSetsDataLoader)
Initializes a new instance of the PermissionSetAuthority class.
Definition PermissionSetAuthority.cs:91

Tgstation.Server.Host.Authority.PermissionSetAuthority.GetPermissionSets
static async ValueTask< Dictionary<(long Id, PermissionSetLookupType LookupType), PermissionSet > > GetPermissionSets(IReadOnlyList<(long Id, PermissionSetLookupType LookupType)> ids, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements permissionSetsDataLoader.
Definition PermissionSetAuthority.cs:36

Tgstation.Server.Host.Authority.PermissionSetAuthority.GetId
async ValueTask< AuthorityResponse< PermissionSet > > GetId(long id, PermissionSetLookupType lookupType, CancellationToken cancellationToken)
Gets the User with a given id .A ValueTask<TResult> resulting in a PermissionSet AuthorityResponse<TR...
Definition PermissionSetAuthority.cs:105

Tgstation.Server.Host.Authority.PermissionSetAuthority.permissionSetsDataLoader
readonly IPermissionSetsDataLoader permissionSetsDataLoader
The IPermissionSetsDataLoader for the PermissionSetAuthority.
Definition PermissionSetAuthority.cs:26

Tgstation.Server.Host.Models.PermissionSet
Definition PermissionSet.cs:9

Tgstation.Server.Host.Security.AuthenticationContext
Definition AuthenticationContext.cs:11

Tgstation.Server.Host.Security.AuthenticationContext.PermissionSet
PermissionSet PermissionSet
The User's effective PermissionSet.
Definition AuthenticationContext.cs:19

Tgstation.Server.Host.Security.AuthenticationContext.GetRight
ulong GetRight(RightsType rightsType)
Get the value of a given rightsType .The value of rightsType . Note that if InstancePermissionSet is ...
Definition AuthenticationContext.cs:103

Tgstation.Server.Host.Authority.IPermissionSetAuthority
IAuthority for managing PermissionSets.
Definition IPermissionSetAuthority.cs:15

Tgstation.Server.Host.Database.IDatabaseContext
Represents the database.
Definition IDatabaseContext.cs:17

Tgstation.Server.Host.Security.IAuthenticationContext
For creating and accessing authentication contexts.
Definition IAuthenticationContext.cs:12

Tgstation.Server.Api.Rights
Definition AdministrationRights.cs:4

Tgstation.Server.Api.Rights.ConfigurationRights.List
@ List
User may list files if the Models.Instance allows it.

Tgstation.Server.Api.Rights.RightsType
RightsType
The type of rights a model uses.
Definition RightsType.cs:7

Tgstation.Server.Api.Rights.AdministrationRights
AdministrationRights
Administration rights for the server.
Definition AdministrationRights.cs:10

Tgstation.Server.Host.Authority.Core
Definition AuthorityBase.cs:14

Tgstation.Server.Host.Authority
Definition AdministrationAuthority.cs:21

Tgstation.Server.Host.Authority.PermissionSetLookupType
PermissionSetLookupType
Indicates the type of Api.Models.EntityId.Id to lookup on a Models.PermissionSet.
Definition PermissionSetLookupType.cs:7

Tgstation.Server.Host.Authority.PermissionSetLookupType.Id
@ Id
Lookup the Api.Models.EntityId.Id of the Models.PermissionSet.

Tgstation.Server.Host.Database
Definition DatabaseCollection.cs:11

Tgstation.Server.Host.Models
Definition ChatBot.cs:9

Tgstation.Server.Host.Security
Definition AuthenticationContext.cs:8