tgstation-server 6.19.0
The /tg/station 13 server suite
Loading...
Searching...
No Matches
UserGroupAuthority.cs
Go to the documentation of this file.
1using System;
2using System.Collections.Generic;
3using System.Linq;
4using System.Threading;
5using System.Threading.Tasks;
6
7using GreenDonut;
8
9using Microsoft.AspNetCore.Authorization;
10using Microsoft.EntityFrameworkCore;
11using Microsoft.Extensions.Logging;
12using Microsoft.Extensions.Options;
13
14using Tgstation.Server.Api.Models;
15using Tgstation.Server.Api.Models.Response;
16using Tgstation.Server.Api.Rights;
17using Tgstation.Server.Host.Authority.Core;
18using Tgstation.Server.Host.Configuration;
19using Tgstation.Server.Host.Database;
20using Tgstation.Server.Host.Extensions;
21using Tgstation.Server.Host.Models;
22using Tgstation.Server.Host.Security;
23
24namespace Tgstation.Server.Host.Authority
25{
27 sealed class UserGroupAuthority : AuthorityBase, IUserGroupAuthority
28 {
32 readonly IUserGroupsDataLoader userGroupsDataLoader;
33
37 readonly IClaimsPrincipalAccessor claimsPrincipalAccessor;
38
42 readonly IOptionsSnapshot<GeneralConfiguration> generalConfigurationOptions;
43
51 [DataLoader]
52 public static Task<Dictionary<long, UserGroup>> GetUserGroups(
53 IReadOnlyList<long> ids,
54 IDatabaseContext databaseContext,
55 CancellationToken cancellationToken)
56 {
57 ArgumentNullException.ThrowIfNull(ids);
58 ArgumentNullException.ThrowIfNull(databaseContext);
59
60 return databaseContext
61 .Groups
62 .Where(group => ids.Contains(group.Id!.Value))
63 .ToDictionaryAsync(userGroup => userGroup.Id!.Value, cancellationToken);
64 }
65
88
90 public RequirementsGated<AuthorityResponse<UserGroup>> GetId(long id, bool includeJoins, CancellationToken cancellationToken)
91 => new(
92 () =>
93 {
94 if (id != claimsPrincipalAccessor.User.GetTgsUserId())
95 return Flag(AdministrationRights.ReadUsers);
96
97 return null;
98 },
99 async () =>
100 {
101 UserGroup? userGroup;
102 if (includeJoins)
103 userGroup = await QueryableImpl(true)
104 .Where(x => x.Id == id)
105 .FirstOrDefaultAsync(cancellationToken);
106 else
107 userGroup = await userGroupsDataLoader.LoadAsync(id, cancellationToken);
108
109 if (userGroup == null)
110 return Gone<UserGroup>();
111
112 return new AuthorityResponse<UserGroup>(userGroup);
113 });
114
116 public RequirementsGated<AuthorityResponse<UserGroup>> Read(CancellationToken cancellationToken)
117 => new(
118 () => (IAuthorizationRequirement?)null,
119 async () =>
120 {
121 var userId = claimsPrincipalAccessor.User.GetTgsUserId();
122 var group = await DatabaseContext
123 .Users
124 .Where(user => user.Id == userId)
125 .Select(user => user.Group)
126 .FirstOrDefaultAsync(cancellationToken);
127
128 if (group == null)
129 return Gone<UserGroup>();
130
131 return new AuthorityResponse<UserGroup>(group);
132 });
133
135 public RequirementsGated<IQueryable<UserGroup>> Queryable(bool includeJoins)
136 => new(
137 () => Flag(AdministrationRights.ReadUsers),
138 () => ValueTask.FromResult(QueryableImpl(includeJoins)));
139
141 public RequirementsGated<AuthorityResponse<UserGroup>> Create(string name, Models.PermissionSet? permissionSet, CancellationToken cancellationToken)
142 {
143 ArgumentNullException.ThrowIfNull(name);
144 return new(
145 () => Flag(AdministrationRights.WriteUsers),
146 async () =>
147 {
148 var totalGroups = await DatabaseContext
149 .Groups
150 .CountAsync(cancellationToken);
151 if (totalGroups >= generalConfigurationOptions.Value.UserGroupLimit)
152 return Conflict<UserGroup>(ErrorCode.UserGroupLimitReached);
153
154 var modelPermissionSet = new Models.PermissionSet
155 {
156 AdministrationRights = permissionSet?.AdministrationRights ?? AdministrationRights.None,
157 InstanceManagerRights = permissionSet?.InstanceManagerRights ?? InstanceManagerRights.None,
158 };
159
160 var dbGroup = new UserGroup
161 {
162 Name = name,
163 PermissionSet = modelPermissionSet,
164 };
165
166 DatabaseContext.Groups.Add(dbGroup);
167 await DatabaseContext.Save(cancellationToken);
168 Logger.LogInformation("Created new user group {groupName} ({groupId})", dbGroup.Name, dbGroup.Id);
169
170 return new AuthorityResponse<UserGroup>(
171 dbGroup,
172 HttpSuccessResponse.Created);
173 });
174 }
175
177 public RequirementsGated<AuthorityResponse<UserGroup>> Update(long id, string? newName, Models.PermissionSet? newPermissionSet, CancellationToken cancellationToken)
178 => new(
179 () => Flag(AdministrationRights.WriteUsers),
180 async () =>
181 {
182 var currentGroup = await DatabaseContext
183 .Groups
184 .Where(x => x.Id == id)
185 .Include(x => x.PermissionSet)
186 .FirstOrDefaultAsync(cancellationToken);
187
188 if (currentGroup == default)
189 return Gone<UserGroup>();
190
191 if (newPermissionSet != null)
192 {
193 currentGroup.PermissionSet!.AdministrationRights = newPermissionSet.AdministrationRights ?? currentGroup.PermissionSet.AdministrationRights;
194 currentGroup.PermissionSet.InstanceManagerRights = newPermissionSet.InstanceManagerRights ?? currentGroup.PermissionSet.InstanceManagerRights;
195 }
196
197 currentGroup.Name = newName ?? currentGroup.Name;
198
199 await DatabaseContext.Save(cancellationToken);
200
201 return new AuthorityResponse<UserGroup>(currentGroup);
202 });
203
205 public RequirementsGated<AuthorityResponse> DeleteEmpty(long id, CancellationToken cancellationToken)
206 => new(
207 () => Flag(AdministrationRights.WriteUsers),
208 async () =>
209 {
210 var numDeleted = await DatabaseContext
211 .Groups
212 .Where(x => x.Id == id && x.Users!.Count == 0)
213 .ExecuteDeleteAsync(cancellationToken);
214
215 if (numDeleted > 0)
216 return new();
217
218 // find out how we failed
219 var groupExists = await DatabaseContext
220 .Groups
221 .Where(x => x.Id == id)
222 .AnyAsync(cancellationToken);
223
224 return new(
225 groupExists
226 ? new ErrorMessageResponse(ErrorCode.UserGroupNotEmpty)
227 : new ErrorMessageResponse(),
228 groupExists
229 ? HttpFailureResponse.Conflict
230 : HttpFailureResponse.Gone);
231 });
232
238 IQueryable<UserGroup> QueryableImpl(bool includeJoins)
239 {
240 IQueryable<UserGroup> queryable = DatabaseContext
241 .Groups;
242
243 if (includeJoins)
244 queryable = queryable
245 .Include(x => x.Users)
246 .Include(x => x.PermissionSet);
247
248 return queryable;
249 }
250 }
251}
Tgstation.Server.Api.Models.PermissionSet
Represents a set of server permissions.
Definition PermissionSet.cs:11
Tgstation.Server.Api.Models.PermissionSet.AdministrationRights
AdministrationRights? AdministrationRights
The Rights.AdministrationRights for the user.
Definition PermissionSet.cs:24
Tgstation.Server.Api.Models.Response.ErrorMessageResponse
Represents an error message returned by the server.
Definition ErrorMessageResponse.cs:12
Tgstation.Server.Host.Authority.Core.AuthorityBase.Logger
ILogger< AuthorityBase > Logger
Gets the ILogger for the AuthorityBase.
Definition AuthorityBase.cs:28
Tgstation.Server.Host.Authority.Core.RequirementsGated
Evaluates a set of IAuthorizationRequirements to be checked before executing a response.
Definition RequirementsGated{TResult}.cs:17
Tgstation.Server.Host.Authority.UserGroupAuthority.claimsPrincipalAccessor
readonly IClaimsPrincipalAccessor claimsPrincipalAccessor
The IClaimsPrincipalAccessor for the UserGroupAuthority.
Definition UserGroupAuthority.cs:37
Tgstation.Server.Host.Authority.UserGroupAuthority.QueryableImpl
IQueryable< UserGroup > QueryableImpl(bool includeJoins)
Get the IQueryable<T> UserGroups.
Definition UserGroupAuthority.cs:238
Tgstation.Server.Host.Authority.UserGroupAuthority.Update
RequirementsGated< AuthorityResponse< UserGroup > > Update(long id, string? newName, Models.PermissionSet? newPermissionSet, CancellationToken cancellationToken)
Updates a UserGroup.A ValueTask<TResult> resulting in a RequirementsGated<TResult> UserGroup Authorit...
Tgstation.Server.Host.Authority.UserGroupAuthority.Create
RequirementsGated< AuthorityResponse< UserGroup > > Create(string name, Models.PermissionSet? permissionSet, CancellationToken cancellationToken)
Create a UserGroup.A RequirementsGated<TResult> UserGroup AuthorityResponse<TResult>.
Definition UserGroupAuthority.cs:141
Tgstation.Server.Host.Authority.UserGroupAuthority.Queryable
RequirementsGated< IQueryable< UserGroup > > Queryable(bool includeJoins)
Gets all registered UserGroups.A RequirementsGated<TResult> IQueryable<T> of UserGroups.
Tgstation.Server.Host.Authority.UserGroupAuthority.userGroupsDataLoader
readonly IUserGroupsDataLoader userGroupsDataLoader
The IUserGroupsDataLoader for the UserGroupAuthority.
Definition UserGroupAuthority.cs:32
Tgstation.Server.Host.Authority.UserGroupAuthority.GetUserGroups
static Task< Dictionary< long, UserGroup > > GetUserGroups(IReadOnlyList< long > ids, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the userGroupsDataLoader.
Definition UserGroupAuthority.cs:52
Tgstation.Server.Host.Authority.UserGroupAuthority.generalConfigurationOptions
readonly IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions
The IOptionsSnapshot<TOptions> of the GeneralConfiguration.
Definition UserGroupAuthority.cs:42
Tgstation.Server.Host.Authority.UserGroupAuthority.GetId
RequirementsGated< AuthorityResponse< UserGroup > > GetId(long id, bool includeJoins, CancellationToken cancellationToken)
Gets the UserGroup with a given id .A RequirementsGated<TResult> User AuthorityResponse<TResult>.
Tgstation.Server.Host.Authority.UserGroupAuthority.Read
RequirementsGated< AuthorityResponse< UserGroup > > Read(CancellationToken cancellationToken)
Gets the current UserGroup.A ValueTask<TResult> resulting in a UserGroup AuthorityResponse<TResult>.
Tgstation.Server.Host.Authority.UserGroupAuthority.DeleteEmpty
RequirementsGated< AuthorityResponse > DeleteEmpty(long id, CancellationToken cancellationToken)
Deletes an empty UserGroup.A RequirementsGated<TResult> AuthorityResponse representing the running op...
Tgstation.Server.Host.Authority.UserGroupAuthority.UserGroupAuthority
UserGroupAuthority(IDatabaseContext databaseContext, ILogger< UserGroupAuthority > logger, IUserGroupsDataLoader userGroupsDataLoader, IClaimsPrincipalAccessor claimsPrincipalAccessor, IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions)
Initializes a new instance of the UserGroupAuthority class.
Definition UserGroupAuthority.cs:74
Tgstation.Server.Host.Database.DatabaseContext
Backend abstract implementation of IDatabaseContext.
Definition DatabaseContext.cs:25
Tgstation.Server.Host.Database.DatabaseContext.Save
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.A Task representing the running operation.
Tgstation.Server.Host.Database.DatabaseContext.Users
DbSet< User > Users
The Users in the DatabaseContext.
Definition DatabaseContext.cs:29
Tgstation.Server.Host.Database.DatabaseContext.Groups
DbSet< UserGroup > Groups
The UserGroups in the DatabaseContext.
Definition DatabaseContext.cs:114
Tgstation.Server.Host.Models.UserGroup
Represents a group of Users.
Definition UserGroup.cs:16
Tgstation.Server.Host.Database.IDatabaseContext.Groups
IDatabaseCollection< UserGroup > Groups
The DbSet<TEntity> for UserGroups.
Definition IDatabaseContext.cs:101
Tgstation.Server.Host.Security.IClaimsPrincipalAccessor
Interface for accessing the current request's ClaimsPrincipal.
Definition IClaimsPrincipalAccessor.cs:9
Tgstation.Server.Host.Security.IClaimsPrincipalAccessor.User
ClaimsPrincipal User
Get the current ClaimsPrincipal.
Definition IClaimsPrincipalAccessor.cs:13
Tgstation.Server.Api.Models.ErrorCode
ErrorCode
Types of Response.ErrorMessageResponses that the API may return.
Definition ErrorCode.cs:12
Tgstation.Server.Api.Rights.ConfigurationRights.List
@ List
User may list files if the Models.Instance allows it.
Tgstation.Server.Api.Rights.InstanceManagerRights
InstanceManagerRights
Rights for managing Models.Instances.
Definition InstanceManagerRights.cs:10
Tgstation.Server.Api.Rights.AdministrationRights
AdministrationRights
Administration rights for the server.
Definition AdministrationRights.cs:10
Tgstation.Server.Host.Authority.Core.HttpFailureResponse
HttpFailureResponse
Indicates the type of HTTP status code an failing AuthorityResponse should generate.
Definition HttpFailureResponse.cs:7
Tgstation.Server.Host.Authority.Core.HttpSuccessResponse
HttpSuccessResponse
Indicates the type of HTTP status code a successful AuthorityResponse<TResult> should generate.
Definition HttpSuccessResponse.cs:7
Generated by doxygen 1.9.8