admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-09-04 19:07:42 +00:00
parent 21eb952e5a
commit a5f9759a7c
15 changed files with 43 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/AyaNova/ControllerHelpers/Authorized.cs
View File

@@ -27,12 +27,12 @@ namespace AyaNova.Api.ControllerHelpers
/// <summary>
/// READ / GENERAL ACCESS
/// READ FULL RECORD (not just name and id)
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToRead(IDictionary<object, object> HttpContextItems, AyaType objectType)
internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
@@ -40,7 +40,7 @@ namespace AyaNova.Api.ControllerHelpers
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Read))
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).ReadFullRecord))
return true;
return false;

2
server/AyaNova/Controllers/AttachmentController.cs
View File

@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
}
//is this allowed?
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, dbObj.AttachToObjectType))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/EventLogController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, opt.AyType))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -97,7 +97,7 @@ namespace AyaNova.Api.Controllers
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

2
server/AyaNova/Controllers/ImportAyaNova7Controller.cs
View File

@@ -197,7 +197,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/JobOperationsController.cs
View File

@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -102,7 +102,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

2
server/AyaNova/Controllers/LicenseController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.License))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/LogFilesController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.LogFile))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.LogFile))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/MetricsController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -91,7 +91,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/TagController.cs
View File

@@ -59,7 +59,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

8
server/AyaNova/Controllers/TagMapController.cs
View File

@@ -57,7 +57,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.TagMap))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.TagMap))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -78,7 +78,7 @@ namespace AyaNova.Api.Controllers
}
//Check rights to parent tagged object
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, o.TagToObjectType))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, o.TagToObjectType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -216,7 +216,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Tag))//Note: anyone can read a tag, but that might change in future so keeping this code in
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -228,7 +228,7 @@ namespace AyaNova.Api.Controllers
//Check rights to parent tagged object
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, inObj.ObjectType))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, inObj.ObjectType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/UserController.cs
View File

@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

8
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -108,7 +108,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -437,7 +437,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
@@ -457,7 +457,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}

2
server/AyaNova/biz/BizRoleSet.cs
View File

@@ -8,7 +8,7 @@ namespace AyaNova.Biz
{
public AuthorizationRoles Change { get; set; }
public AuthorizationRoles EditOwn { get; set; }
public AuthorizationRoles Read { get; set; }
public AuthorizationRoles ReadFullRecord { get; set; }
}//eoc

31
server/AyaNova/biz/BizRoles.cs
View File

@@ -22,8 +22,8 @@ namespace AyaNova.Biz
//HOW THIS WORKS / WHATS EXPECTED
//CHANGE = CREATE, RETRIEVE, UPDATE, DELETE - Full rights
//EDITOWN = special subset of CHANGE: You can create and if it's one you created then you have rights to edit it or delete, but you can't edit ones others have created
//READ = You can read *all* the fields of the record, but can't modify it.
//PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
//READ = You can read *all* the fields of the record, but can't modify it. Change is automatically checked for so only add different roles from change
//PICKLIST NOTE: this does not control getting a list of names for selection which is role independent because it's required for so much indirectly
//DELETE = There is no specific delete right for now though it's checked for by routes in Authorized.cs in case we want to add it in future as a separate right from create.
#region All roles initialization
@@ -35,7 +35,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
Read = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
@@ -45,7 +45,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
EditOwn = AuthorizationRoles.TechFull,
Read = AuthorizationRoles.AnyRole
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
});
////////////////////////////////////////////////////////////
@@ -55,7 +55,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.AnyRole
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -66,7 +66,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
@@ -76,7 +76,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
////////////////////////////////////////////////////////////
@@ -86,7 +86,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.DispatchFull | AuthorizationRoles.InventoryFull | AuthorizationRoles.TechFull | AuthorizationRoles.AccountingFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.AnyRole
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
@@ -96,30 +96,29 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.AnyRole,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.AnyRole
ReadFullRecord = AuthorizationRoles.AnyRole
});
////////////////////////////////////////////////////////////
//OPERATIONS
//OPERATIONS / JOBS
//Only opsfull can change operations
//ops and biz admin can view operations
roles.Add(AyaType.JobOperations, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//AyaNova7Import
//Only opsfull can change operations
//opsfull can view operations
//Only opsfull can change operations and view
roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.OpsAdminFull
ReadFullRecord = AuthorizationRoles.NoRole
});
@@ -130,7 +129,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
@@ -141,7 +140,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
Read = AuthorizationRoles.AnyRole
ReadFullRecord = AuthorizationRoles.AnyRole
});

2
test/raven-integration/Widget/WidgetRights.cs
View File

@@ -28,7 +28,7 @@ namespace raven_integration
[Fact]
public async void ServerShouldNotAllowReadUnauthorizedAccess()
{
ApiResponse a = await Util.GetAsync("Widget/list", await Util.GetTokenAsync( "OpsAdminFull"));
ApiResponse a = await Util.GetAsync("Widget/listwidgets", await Util.GetTokenAsync( "OpsAdminFull"));
//2004 unauthorized
Util.ValidateErrorCodeResponse(a, 2004, 401);
}