remove leftover legacy permissions (#57)

cmu-sei · Jan 10, 2025 · 78e36f0 · 78e36f0
1 parent 9de353e
commit 78e36f0
Show file tree

Hide file tree

Showing 9 changed files with 33 additions and 176 deletions.
diff --git a/src/Caster.Api/Domain/Services/ImportService.cs b/src/Caster.Api/Domain/Services/ImportService.cs
@@ -4,9 +4,11 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading;
 using System.Threading.Tasks;
 using Caster.Api.Data;
 using Caster.Api.Domain.Models;
+using Caster.Api.Infrastructure.Authorization;
 using Caster.Api.Infrastructure.Extensions;
 using Caster.Api.Infrastructure.Identity;
 using Microsoft.EntityFrameworkCore;
@@ -16,29 +18,30 @@ namespace Caster.Api.Domain.Services
 {
     public interface IImportService
     {
-        Task<ImportResult> ImportProject(Project existingProject, Project importedProject, bool preserveIds);
-        Task<ImportResult> ImportDirectory(Directory existingDirectory, Directory importedDirectory, bool preserveIds);
+        Task<ImportResult> ImportProject(Project existingProject, Project importedProject, bool preserveIds, CancellationToken cancellationToken);
+        Task<ImportResult> ImportDirectory(Directory existingDirectory, Directory importedDirectory, bool preserveIds, CancellationToken cancellationToken);
     }
 
     public class ImportService : IImportService
     {
         private readonly ILockService _lockService;
         private readonly CasterContext _db;
-        private readonly bool _isAdmin;
+        private readonly ICasterAuthorizationService _authorizationService;
         private readonly Guid _userId;
 
         public ImportService(
             ILockService lockService,
             CasterContext db,
-            IIdentityResolver identityResolver)
+            IIdentityResolver identityResolver,
+            ICasterAuthorizationService authorizationService)
         {
             _lockService = lockService;
             _db = db;
-            _isAdmin = identityResolver.IsAdminAsync().Result;
+            _authorizationService = authorizationService;
             _userId = identityResolver.GetClaimsPrincipal().GetId();
         }
 
-        public async Task<ImportResult> ImportProject(Project existingProject, Project importedProject, bool preserveIds)
+        public async Task<ImportResult> ImportProject(Project existingProject, Project importedProject, bool preserveIds, CancellationToken cancellationToken)
         {
             List<File> lockedFiles = new List<File>();
             List<AsyncLockResult> fileLocks = new List<AsyncLockResult>();
@@ -65,7 +68,7 @@ public async Task<ImportResult> ImportProject(Project existingProject, Project i
                         existingProject.Directories.Add(existingDir);
                     }
 
-                    lockedFiles.AddRange((await this.ImportDirectoryInternal(existingDir, directory, preserveIds, fileLocks)).LockedFiles);
+                    lockedFiles.AddRange((await this.ImportDirectoryInternal(existingDir, directory, preserveIds, fileLocks, cancellationToken)).LockedFiles);
                 }
             }
             finally
@@ -82,14 +85,14 @@ public async Task<ImportResult> ImportProject(Project existingProject, Project i
             };
         }
 
-        public async Task<ImportResult> ImportDirectory(Directory existingDir, Domain.Models.Directory dirToImport, bool preserveIds)
+        public async Task<ImportResult> ImportDirectory(Directory existingDir, Domain.Models.Directory dirToImport, bool preserveIds, CancellationToken cancellationToken)
         {
             ImportResult result = new ImportResult();
             List<AsyncLockResult> fileLocks = new List<AsyncLockResult>();
 
             try
             {
-                result = await this.ImportDirectoryInternal(existingDir, dirToImport, preserveIds, fileLocks);
+                result = await this.ImportDirectoryInternal(existingDir, dirToImport, preserveIds, fileLocks, cancellationToken);
             }
             finally
             {
@@ -106,7 +109,8 @@ private async Task<ImportResult> ImportDirectoryInternal(
             Directory existingDir,
             Directory dirToImport,
             bool preserveIds,
-            List<AsyncLockResult> fileLocks)
+            List<AsyncLockResult> fileLocks,
+            CancellationToken cancellationToken)
         {
             var lockedFiles = new List<File>();
 
@@ -122,7 +126,7 @@ private async Task<ImportResult> ImportDirectoryInternal(
                     workspaceToUse = newWorkspace;
                 }
 
-                foreach(var file in workspace.Files)
+                foreach (var file in workspace.Files)
                 {
                     var dbFile = workspaceToUse.Files.FirstOrDefault(x => x.Name.Equals(file.Name));
 
@@ -132,12 +136,12 @@ private async Task<ImportResult> ImportDirectoryInternal(
                         existingDir.Files.Add(file);
                         file.Save(
                             _userId,
-                            _isAdmin,
+                            await CanLock(file.Id, cancellationToken),
                             bypassLock: true);
                     }
                     else
                     {
-                        var fileUpdateResult = await this.UpdateFile(dbFile, file);
+                        var fileUpdateResult = await this.UpdateFile(dbFile, file, cancellationToken);
                         fileLocks.Add(fileUpdateResult.LockResult);
 
                         if (fileUpdateResult.UnableToLock)
@@ -157,12 +161,12 @@ private async Task<ImportResult> ImportDirectoryInternal(
                     existingDir.Files.Add(file);
                     file.Save(
                         _userId,
-                        _isAdmin,
+                        await CanLock(file.Id, cancellationToken),
                         bypassLock: true);
                 }
                 else
                 {
-                    var fileUpdateResult = await this.UpdateFile(dbFile, file);
+                    var fileUpdateResult = await this.UpdateFile(dbFile, file, cancellationToken);
                     fileLocks.Add(fileUpdateResult.LockResult);
 
                     if (fileUpdateResult.UnableToLock)
@@ -172,7 +176,7 @@ private async Task<ImportResult> ImportDirectoryInternal(
                 }
             }
 
-            foreach(var directory in dirToImport.Children)
+            foreach (var directory in dirToImport.Children)
             {
                 var dbChildDir = existingDir.Children.FirstOrDefault(x => x.Name.Equals(directory.Name));
                 var childDirToUse = dbChildDir;
@@ -192,7 +196,7 @@ private async Task<ImportResult> ImportDirectoryInternal(
                     _db.Entry(newDir).State = EntityState.Added;
                 }
 
-                var l = (await this.ImportDirectoryInternal(childDirToUse, directory, preserveIds, fileLocks)).LockedFiles;
+                var l = (await this.ImportDirectoryInternal(childDirToUse, directory, preserveIds, fileLocks, cancellationToken)).LockedFiles;
 
                 lockedFiles.AddRange(l);
             }
@@ -207,10 +211,10 @@ private class FileUpdateResult
         {
             public bool FileUpdated { get; set; }
             public bool UnableToLock { get; set; }
-            public AsyncLockResult LockResult { get; set;}
+            public AsyncLockResult LockResult { get; set; }
         }
 
-        private async Task<FileUpdateResult> UpdateFile(Domain.Models.File dbFile, Domain.Models.File file)
+        private async Task<FileUpdateResult> UpdateFile(Domain.Models.File dbFile, Domain.Models.File file, CancellationToken cancellationToken)
         {
             var result = new FileUpdateResult();
 
@@ -219,17 +223,18 @@ private async Task<FileUpdateResult> UpdateFile(Domain.Models.File dbFile, Domai
             // Don't need to update or throw error if contents haven't changed
             if (!dbFile.Content.Equals(file.Content))
             {
+                var canLock = await CanLock(file.Id, cancellationToken);
                 if (!result.LockResult.AcquiredLock)
                 {
                     result.UnableToLock = true;
                     result.FileUpdated = false;
                 }
-                else if (dbFile.CanLock(_userId, _isAdmin))
+                else if (dbFile.CanLock(_userId, canLock))
                 {
                     dbFile.Content = file.Content;
                     dbFile.Save(
                         _userId,
-                        _isAdmin,
+                        canLock,
                         bypassLock: true);
 
                     result.FileUpdated = true;
@@ -244,5 +249,10 @@ private async Task<FileUpdateResult> UpdateFile(Domain.Models.File dbFile, Domai
 
             return result;
         }
+
+        private async Task<bool> CanLock(Guid fileId, CancellationToken cancellationToken)
+        {
+            return await _authorizationService.Authorize<Domain.Models.File>(fileId, [SystemPermission.LockFiles], [ProjectPermission.LockFiles], cancellationToken);
+        }
     }
 }
diff --git a/src/Caster.Api/Features/Directories/Requests/Import.cs b/src/Caster.Api/Features/Directories/Requests/Import.cs
@@ -100,7 +100,7 @@ public override async Task<ImportDirectoryResult> HandleRequest(Command request,
                 }
 
                 var directories = await dbContext.GetDirectoryWithChildren(directory.Id, cancellationToken);
-                var importResult = await importService.ImportDirectory(directory, extractedDirectory, request.PreserveIds);
+                var importResult = await importService.ImportDirectory(directory, extractedDirectory, request.PreserveIds, cancellationToken);
 
                 var entries = dbContext.GetUpdatedEntries();
                 await dbContext.SaveChangesAsync(cancellationToken);

diff --git a/src/Caster.Api/Features/Projects/Requests/Import.cs b/src/Caster.Api/Features/Projects/Requests/Import.cs
@@ -103,7 +103,7 @@ public override async Task<ImportProjectResult> HandleRequest(Command request, C
                     extractedProject = archiveService.ExtractProject(memStream, request.Archive.FileName);
                 }
 
-                var importResult = await importService.ImportProject(project, extractedProject, request.PreserveIds);
+                var importResult = await importService.ImportProject(project, extractedProject, request.PreserveIds, cancellationToken);
 
                 var entries = dbContext.GetUpdatedEntries();
                 await dbContext.SaveChangesAsync(cancellationToken);

diff --git a/src/Caster.Api/Infrastructure/Authorization/BaseUserRequirement.cs b/src/Caster.Api/Infrastructure/Authorization/BaseUserRequirement.cs
diff --git a/src/Caster.Api/Infrastructure/Authorization/ClaimNames.cs b/src/Caster.Api/Infrastructure/Authorization/ClaimNames.cs
diff --git a/src/Caster.Api/Infrastructure/Authorization/ContentDeveloperRequirement.cs b/src/Caster.Api/Infrastructure/Authorization/ContentDeveloperRequirement.cs
diff --git a/src/Caster.Api/Infrastructure/Authorization/FullRightsRequirement.cs b/src/Caster.Api/Infrastructure/Authorization/FullRightsRequirement.cs
diff --git a/src/Caster.Api/Infrastructure/Authorization/OperatorRequirement.cs b/src/Caster.Api/Infrastructure/Authorization/OperatorRequirement.cs
diff --git a/src/Caster.Api/Infrastructure/Identity/IdentityResolver.cs b/src/Caster.Api/Infrastructure/Identity/IdentityResolver.cs
@@ -15,7 +15,6 @@ public interface IIdentityResolver
     {
         ClaimsPrincipal GetClaimsPrincipal();
         Guid GetId();
-        Task<bool> IsAdminAsync();
     }
 
     public class IdentityResolver : IIdentityResolver
@@ -40,20 +39,5 @@ public Guid GetId()
         {
             return this.GetClaimsPrincipal().GetId();
         }
-
-        public async Task<bool> IsAdminAsync()
-        {
-            if ((await _authorizationService.AuthorizeAsync(
-                this.GetClaimsPrincipal(),
-                null,
-                new FullRightsRequirement())).Succeeded)
-            {
-                return true;
-            }
-            else
-            {
-                return false;
-            }
-        }
     }
 }