Skip to content

Commit 27af86b

Browse files
webprofusion-chriscwebprofusion-chrisc
committed
WIP
1 parent 9712ed9 commit 27af86b

File tree

2 files changed

+32
-29
lines changed

2 files changed

+32
-29
lines changed

src/Certify.Models/Hub/AccessControlConfig.cs

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -116,6 +116,7 @@ public static class StandardResourceActions
116116
public const string SecurityPrincipleDelete = "securityprinciple_delete_action";
117117
public const string SecurityPrinciplePasswordUpdate = "securityprinciple_password_update_action";
118118
public const string SecurityPrinciplePasswordValidate = "securityprinciple_password_validate_action";
119+
public const string SecurityPrincipleCheckAccess = "securityprinciple_access_check_action";
119120

120121
public const string ManagedChallengeList = "managedchallenge_list_action";
121122
public const string ManagedChallengeUpdate = "managedchallenge_update_action";
@@ -131,6 +132,8 @@ public static class StandardResourceActions
131132
public const string AccessTokenUpdate = "accesstoken_update_action";
132133
public const string AccessTokenDelete = "accesstoken_delete_action";
133134

135+
public const string SystemGeneralAction = "system_general_action";
136+
134137
}
135138

136139
public class StandardPolicies

src/Certify.SourceGenerators/ApiMethods.cs

Lines changed: 29 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
3434
// - map the call from the public API to the background service API in the service API Client (interface and implementation)
3535
// - to then generate the public API clients, run nswag when the public API is running.
3636

37-
var actionResultName = "Certify.Models.Config.ActionResult";
37+
var actionResultTypeName = "Certify.Models.Config.ActionResult";
3838

3939
return new List<GeneratedAPI>
4040
{
@@ -49,7 +49,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
4949
ServiceAPIRoute = "access/securityprinciple/allowedaction",
5050
ReturnType = "bool",
5151
Params = new Dictionary<string, string> { { "check", nameof(Certify.Models.Hub.AccessCheck) } },
52-
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleList)]
52+
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleCheckAccess)]
5353
},
5454
new()
5555
{
@@ -61,7 +61,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
6161
ServiceAPIRoute = "access/securityprinciple/{id}/assignedroles",
6262
ReturnType = $"ICollection<{nameof(AssignedRole)}>",
6363
Params = new Dictionary<string, string> { { "id", "string" } },
64-
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleList)]
64+
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleCheckAccess)]
6565
},
6666
new()
6767
{
@@ -73,7 +73,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
7373
ServiceAPIRoute = "access/securityprinciple/{id}/rolestatus",
7474
ReturnType = nameof(RoleStatus),
7575
Params = new Dictionary<string, string> { { "id", "string" } },
76-
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleList)]
76+
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleCheckAccess)]
7777
},
7878
new()
7979
{
@@ -84,7 +84,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
8484
PublicAPIRoute = "roles",
8585
ServiceAPIRoute = "access/roles",
8686
ReturnType = $"ICollection<{nameof(Role)}>",
87-
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrincipleList)]
87+
RequiredPermissions = [new(ResourceTypes.System, StandardResourceActions.SystemGeneralAction)]
8888
},
8989
new()
9090
{
@@ -105,7 +105,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
105105
PublicAPIController = "Access",
106106
PublicAPIRoute = "assignedtoken",
107107
ServiceAPIRoute = "access/assignedtoken",
108-
ReturnType = actionResultName,
108+
ReturnType = actionResultTypeName,
109109
Params = new Dictionary<string, string> { { "token", "Certify.Models.Hub.AssignedAccessToken" } },
110110
RequiredPermissions = [new(ResourceTypes.AccessToken, StandardResourceActions.AccessTokenAdd)]
111111
},
@@ -117,7 +117,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
117117
PublicAPIController = "Access",
118118
PublicAPIRoute = "assignedtoken",
119119
ServiceAPIRoute = "access/assignedtoken/{id}",
120-
ReturnType = "Models.Config.ActionResult",
120+
ReturnType = actionResultTypeName,
121121
Params = new Dictionary<string, string> { { "id", "string" } },
122122
RequiredPermissions = [new(ResourceTypes.AccessToken, StandardResourceActions.AccessTokenDelete)]
123123
},
@@ -143,7 +143,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
143143
ServiceAPIRoute = "access/validate",
144144
ReturnType = "Certify.Models.Hub.SecurityPrincipleCheckResponse",
145145
Params = new Dictionary<string, string> { { "passwordCheck", GetFormattedTypeName(typeof(Certify.Models.Hub.SecurityPrinciplePasswordCheck)) } },
146-
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrinciplePasswordUpdate)]
146+
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrinciplePasswordValidate)]
147147
},
148148
new()
149149
{
@@ -154,9 +154,9 @@ public static List<GeneratedAPI> GetApiDefinitions()
154154
PublicAPIController = "Access",
155155
PublicAPIRoute = "updatepassword",
156156
ServiceAPIRoute = "access/updatepassword",
157-
ReturnType = "Models.Config.ActionResult",
157+
ReturnType = actionResultTypeName,
158158
Params = new Dictionary<string, string> { { "passwordUpdate", "Certify.Models.Hub.SecurityPrinciplePasswordUpdate" } },
159-
RequiredPermissions = [new("access", "access_updatepassword_action")]
159+
RequiredPermissions = [new(ResourceTypes.SecurityPrinciple, StandardResourceActions.SecurityPrinciplePasswordUpdate)]
160160
},
161161
new()
162162
{
@@ -167,7 +167,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
167167
PublicAPIController = "Access",
168168
PublicAPIRoute = "securityprinciple",
169169
ServiceAPIRoute = "access/securityprinciple",
170-
ReturnType = "Models.Config.ActionResult",
170+
ReturnType = actionResultTypeName,
171171
Params = new Dictionary<string, string> { { "principle", "Certify.Models.Hub.SecurityPrinciple" } },
172172
RequiredPermissions = [new("access", "access_add_action")]
173173
},
@@ -180,7 +180,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
180180
PublicAPIController = "Access",
181181
PublicAPIRoute = "securityprinciple/update",
182182
ServiceAPIRoute = "access/securityprinciple/update",
183-
ReturnType = "Models.Config.ActionResult",
183+
ReturnType = actionResultTypeName,
184184
Params = new Dictionary<string, string>
185185
{
186186
{ "principle", "Certify.Models.Hub.SecurityPrinciple" }
@@ -195,7 +195,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
195195
PublicAPIController = "Access",
196196
PublicAPIRoute = "securityprinciple/roles/update",
197197
ServiceAPIRoute = "access/securityprinciple/roles/update",
198-
ReturnType = "Models.Config.ActionResult",
198+
ReturnType = actionResultTypeName,
199199
Params = new Dictionary<string, string>
200200
{
201201
{ "update", "Certify.Models.Hub.SecurityPrincipleAssignedRoleUpdate" }
@@ -210,7 +210,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
210210
PublicAPIController = "Access",
211211
PublicAPIRoute = "securityprinciple",
212212
ServiceAPIRoute = "access/securityprinciple/{id}",
213-
ReturnType = actionResultName,
213+
ReturnType = actionResultTypeName,
214214
Params = new Dictionary<string, string> { { "id", "string" } },
215215
RequiredPermissions = [new("access", "access_delete_action")]
216216
},
@@ -230,7 +230,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
230230
OperationMethod = HttpPost,
231231
Comment = "Update existing managed instance in the hub",
232232
ServiceAPIRoute = "managedinstance/update",
233-
ReturnType = actionResultName,
233+
ReturnType = actionResultTypeName,
234234
Params = new Dictionary<string, string> { { "item", nameof(Models.Hub.ManagedInstanceInfo) } },
235235
RequiredPermissions = [new("managedinstance", "managementhub_instance_update_action")]
236236
},
@@ -242,7 +242,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
242242
PublicAPIController = "Hub",
243243
PublicAPIRoute = "instances/{id}",
244244
ServiceAPIRoute = "managedinstance/delete/{id}",
245-
ReturnType = actionResultName,
245+
ReturnType = actionResultTypeName,
246246
Params = new Dictionary<string, string> { { "id", "string" } },
247247
RequiredPermissions = [new("managedinstance", "managementhub_instance_delete_action")]
248248
},
@@ -285,7 +285,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
285285
PublicAPIController = "ManagedChallenge",
286286
PublicAPIRoute = "update",
287287
ServiceAPIRoute = "managedchallenge",
288-
ReturnType = "Models.Config.ActionResult",
288+
ReturnType = actionResultTypeName,
289289
Params = new Dictionary<string, string>
290290
{
291291
{ "update", "Certify.Models.Hub.ManagedChallenge" }
@@ -300,7 +300,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
300300
PublicAPIController = "ManagedChallenge",
301301
PublicAPIRoute = "remove",
302302
ServiceAPIRoute = "managedchallenge/{id}",
303-
ReturnType = "Models.Config.ActionResult",
303+
ReturnType = actionResultTypeName,
304304
Params = new Dictionary<string, string>
305305
{
306306
{ "id", "string" }
@@ -314,7 +314,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
314314
Comment = "Perform a managed challenge (DNS challenge delegation etc)",
315315
PublicAPIController = null, // skip public controller implementation
316316
ServiceAPIRoute = "managedchallenge/request",
317-
ReturnType = "Models.Config.ActionResult",
317+
ReturnType = actionResultTypeName,
318318
Params = new Dictionary<string, string>
319319
{
320320
{ "request", "Certify.Models.Hub.ManagedChallengeRequest" }
@@ -328,7 +328,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
328328
Comment = "Perform cleanup for a previously managed challenge (DNS challenge delegation etc)",
329329
PublicAPIController = null, // skip public controller implementation
330330
ServiceAPIRoute = "managedchallenge/cleanup",
331-
ReturnType = "Models.Config.ActionResult",
331+
ReturnType = actionResultTypeName,
332332
Params = new Dictionary<string, string>
333333
{
334334
{ "request", "Certify.Models.Hub.ManagedChallengeRequest" }
@@ -376,7 +376,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
376376
UseManagementAPI = true,
377377
PublicAPIController = "CertificateAuthority",
378378
PublicAPIRoute = "{instanceId}/account/",
379-
ReturnType = "Models.Config.ActionResult",
379+
ReturnType = actionResultTypeName,
380380
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "registration", "Certify.Models.ContactRegistration" } },
381381
RequiredPermissions = [new("acmeaccount", "acmeaccount_add_action")]
382382
},
@@ -400,7 +400,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
400400
UseManagementAPI = true,
401401
PublicAPIController = "CertificateAuthority",
402402
PublicAPIRoute = "{instanceId}/authority",
403-
ReturnType = "Models.Config.ActionResult",
403+
ReturnType = actionResultTypeName,
404404
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "ca", "Certify.Models.CertificateAuthority" } },
405405
RequiredPermissions = [new("certificateauthority", "certificateauthority_update_action")]
406406
},
@@ -412,7 +412,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
412412
UseManagementAPI = true,
413413
PublicAPIController = "CertificateAuthority",
414414
PublicAPIRoute = "{instanceId}/authority/{id}",
415-
ReturnType = "Models.Config.ActionResult",
415+
ReturnType = actionResultTypeName,
416416
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "id", "string" } },
417417
RequiredPermissions = [new("certificateauthority", "certificateauthority_delete_action")]
418418
},
@@ -424,7 +424,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
424424
UseManagementAPI = true,
425425
PublicAPIController = "CertificateAuthority",
426426
PublicAPIRoute = "{instanceId}/accounts/{storageKey}/{deactivate}",
427-
ReturnType = "Models.Config.ActionResult",
427+
ReturnType = actionResultTypeName,
428428
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "storageKey", "string" }, { "deactivate", "bool" } },
429429
RequiredPermissions = [new("acmeaccount", "acmeaccount_delete_action")]
430430
},
@@ -447,7 +447,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
447447
Comment = "Add/Update Stored Credential",
448448
PublicAPIController = "StoredCredential",
449449
PublicAPIRoute = "{instanceId}",
450-
ReturnType = "Models.Config.ActionResult",
450+
ReturnType = actionResultTypeName,
451451
UseManagementAPI = true,
452452
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "item", "Models.Config.StoredCredential" } },
453453
RequiredPermissions = [new("storedcredential", "storedcredential_update_action")]
@@ -460,7 +460,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
460460
UseManagementAPI = true,
461461
PublicAPIController = "StoredCredential",
462462
PublicAPIRoute = "{instanceId}/{storageKey}",
463-
ReturnType = "Models.Config.ActionResult",
463+
ReturnType = actionResultTypeName,
464464
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "storageKey", "string" } },
465465
RequiredPermissions = [new("storedcredential", "storedcredential_delete_action")]
466466
},
@@ -602,7 +602,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
602602
UseManagementAPI = true,
603603
PublicAPIController = "Certificate",
604604
PublicAPIRoute = "{instanceId}/settings/{managedCertId}",
605-
ReturnType = "Models.Config.ActionResult",
605+
ReturnType = actionResultTypeName,
606606
Params = new Dictionary<string, string> { { "instanceId", "string" }, { "managedCertId", "string" } },
607607
RequiredPermissions = [new("certificate", "certificate_delete_action")]
608608
},
@@ -674,7 +674,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
674674
UseManagementAPI = true,
675675
PublicAPIController = "System",
676676
PublicAPIRoute = "{instanceId}/system/serviceconfig",
677-
ReturnType = "Models.Config.ActionResult",
677+
ReturnType = actionResultTypeName,
678678
Params = new Dictionary<string, string>
679679
{
680680
{ "instanceId", "string" },
@@ -690,7 +690,7 @@ public static List<GeneratedAPI> GetApiDefinitions()
690690
UseManagementAPI = true,
691691
PublicAPIController = "System",
692692
PublicAPIRoute = "{instanceId}/system/coresettings",
693-
ReturnType = "Models.Config.ActionResult",
693+
ReturnType = actionResultTypeName,
694694
Params = new Dictionary<string, string>
695695
{
696696
{ "instanceId", "string" },

0 commit comments

Comments
 (0)