permissions revamp (#45)

- moved from pre-defined roles to granular permissions
- custom roles can be defined and given specific permissions
- Roles  can optionally be pulled from Identity Provider token
  - new settings for identity provider under ClaimsTransformation

Author: sei-aschlackman

.github/workflows/client.yml

@@ -15,7 +15,7 @@ jobs:
       - name: Setup dotnet
         uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: "6.x.x"
+          dotnet-version: "8.x.x"
 
       - name: Setup Package Name
         id: package_name
@@ -41,7 +41,7 @@ jobs:
         run: |
           cd ${{ steps.package_name.outputs.name }}
           npm install
-          ./node_modules/.bin/nswag run /runtime:Net60
+          ./node_modules/.bin/nswag run /runtime:Net80
 
       - name: Create NuGet Package
         run: |
@@ -59,7 +59,6 @@ jobs:
           sed -i '/<\/version>/a \    <license type="expression">MIT<\/license>' ${{ steps.package_name.outputs.name }}.nuspec
           sed -i '/<\/version>/a \    <licenseUrl>https:\/\/licenses.nuget.org\/MIT<\/licenseUrl>' ${{ steps.package_name.outputs.name }}.nuspec
           sed -i '/<\/version>/a \    <projectUrl>https:\/\/github.com\/cmu-sei\/crucible<\/projectUrl>' ${{ steps.package_name.outputs.name }}.nuspec
-          sed -i '/<\/version>/a \    <repository type="git" url="https:\/\/github.com\/cmu-sei\/crucible.git" \/>' ${{ steps.package_name.outputs.name }}.nuspec
           zip -r ../${{ steps.package_name.outputs.name }}.${{ github.event.inputs.clientVersion }}.nupkg *
 
       - name: Publish to Nuget.org as Unlisted

Player.Api.Client/Player.Api.Client.csproj

@@ -10,7 +10,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="System.Text.Json" Version="6.0.1" />
+    <PackageReference Include="System.Text.Json" Version="8.0.5" />
     <PackageReference Include="System.ComponentModel.Annotations" Version="6.0.0-preview.4.21253.7" />
   </ItemGroup>
 

Player.Api.Client/nswag.json

@@ -1,22 +1,101 @@
 {
-  "runtime": "Net60",
-  "swaggerGenerator":{
-    "fromSwagger":{
-      "json":"swagger.json"
+  "runtime": "Net80",
+  "defaultVariables": null,
+  "documentGenerator": {
+    "fromDocument": {
+      "json": "swagger.json",
+      "url": "http://redocly.github.io/redoc/openapi.yaml",
+      "output": null,
+      "newLineBehavior": "Auto"
     }
   },
   "codeGenerators": {
     "openApiToCSharpClient": {
-      "className": "PlayerApiClient",
-      "namespace": "Player.Api.Client",
-      "output": "Player.Api.Client.cs",
+      "clientBaseClass": null,
+      "configurationClass": null,
+      "generateClientClasses": true,
+      "suppressClientClassesOutput": false,
       "generateClientInterfaces": true,
+      "suppressClientInterfacesOutput": false,
+      "clientBaseInterface": null,
+      "injectHttpClient": true,
+      "disposeHttpClient": true,
+      "protectedMethods": [],
+      "generateExceptionClasses": true,
+      "exceptionClass": "ApiException",
+      "wrapDtoExceptions": true,
+      "useHttpClientCreationMethod": false,
+      "httpClientType": "System.Net.Http.HttpClient",
+      "useHttpRequestMessageCreationMethod": false,
+      "useBaseUrl": false,
+      "generateBaseUrlProperty": true,
+      "generateSyncMethods": false,
+      "generatePrepareRequestAndProcessResponseAsAsyncMethods": false,
+      "exposeJsonSerializerSettings": false,
+      "clientClassAccessModifier": "public",
+      "typeAccessModifier": "public",
+      "propertySetterAccessModifier": "",
+      "generateNativeRecords": false,
       "generateContractsOutput": true,
       "contractsNamespace": "Player.Api.Client",
       "contractsOutputFilePath": "Player.Api.Contracts.cs",
-      "jsonLibrary": "SystemTextJson",
+      "parameterDateTimeFormat": "s",
+      "parameterDateFormat": "yyyy-MM-dd",
+      "generateUpdateJsonSerializerSettingsMethod": true,
+      "useRequestAndResponseSerializationSettings": false,
+      "serializeTypeInformation": false,
+      "queryNullValue": "",
+      "className": "PlayerApiClient",
       "operationGenerationMode": "SingleClientFromOperationId",
-      "useBaseUrl": false
+      "additionalNamespaceUsages": [],
+      "additionalContractNamespaceUsages": [],
+      "generateOptionalParameters": false,
+      "generateJsonMethods": false,
+      "enforceFlagEnums": false,
+      "parameterArrayType": "System.Collections.Generic.IEnumerable",
+      "parameterDictionaryType": "System.Collections.Generic.IDictionary",
+      "responseArrayType": "System.Collections.Generic.ICollection",
+      "responseDictionaryType": "System.Collections.Generic.IDictionary",
+      "wrapResponses": false,
+      "wrapResponseMethods": [],
+      "generateResponseClasses": true,
+      "responseClass": "SwaggerResponse",
+      "namespace": "Player.Api.Client",
+      "requiredPropertiesMustBeDefined": true,
+      "dateType": "System.DateTimeOffset",
+      "jsonConverters": null,
+      "anyType": "object",
+      "dateTimeType": "System.DateTimeOffset",
+      "timeType": "System.TimeSpan",
+      "timeSpanType": "System.TimeSpan",
+      "arrayType": "System.Collections.Generic.ICollection",
+      "arrayInstanceType": "System.Collections.ObjectModel.Collection",
+      "dictionaryType": "System.Collections.Generic.IDictionary",
+      "dictionaryInstanceType": "System.Collections.Generic.Dictionary",
+      "arrayBaseType": "System.Collections.ObjectModel.Collection",
+      "dictionaryBaseType": "System.Collections.Generic.Dictionary",
+      "classStyle": "Poco",
+      "jsonLibrary": "SystemTextJson",
+      "generateDefaultValues": true,
+      "generateDataAnnotations": true,
+      "excludedTypeNames": [],
+      "excludedParameterNames": [],
+      "handleReferences": false,
+      "generateImmutableArrayProperties": false,
+      "generateImmutableDictionaryProperties": false,
+      "jsonSerializerSettingsTransformationMethod": null,
+      "inlineNamedArrays": false,
+      "inlineNamedDictionaries": false,
+      "inlineNamedTuples": true,
+      "inlineNamedAny": false,
+      "generateDtoTypes": true,
+      "generateOptionalPropertiesAsNullable": false,
+      "generateNullableReferenceTypes": false,
+      "templateDirectory": null,
+      "serviceHost": null,
+      "serviceSchemes": null,
+      "output": "Player.Api.Client.cs",
+      "newLineBehavior": "Auto"
     }
   }
 }

Player.Api.Client/package-lock.json

@@ -1,5 +1,5 @@
 {
   "dependencies": {
-    "nswag": "^13.15.5"
+    "nswag": "^14.2.0"
   }
 }

Player.Api.Client/package.json

@@ -7,16 +7,14 @@
 
 namespace Player.Api.Data.Data.Extensions
 {
-    public static class DirectoryExtensions
+    public static class UserExtensions
     {
         public static IQueryable<UserEntity> IncludePermissions(this IQueryable<UserEntity> query)
         {
             return query
                 .Include(u => u.Role)
                     .ThenInclude(r => r.Permissions)
-                        .ThenInclude(p => p.Permission)
-                .Include(u => u.Permissions)
-                    .ThenInclude(p => p.Permission);
+                        .ThenInclude(p => p.Permission);
         }
     }
 }

Player.Api.Data/Data/Extensions/UserExtensions.cs

@@ -8,7 +8,7 @@
 
 namespace Player.Api.Data.Data.Models
 {
-    public class ApplicationTemplateEntity
+    public class ApplicationTemplateEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
@@ -29,7 +29,7 @@ public ApplicationTemplateEntity()
         }
     }
 
-    public class ApplicationEntity
+    public class ApplicationEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
@@ -83,7 +83,7 @@ public string GetName()
         }
     }
 
-    public class ApplicationInstanceEntity
+    public class ApplicationInstanceEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]

Player.Api.Data/Data/Models/Application.cs

@@ -8,7 +8,7 @@
 
 namespace Player.Api.Data.Data.Models
 {
-    public class FileEntity
+    public class FileEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]

Player.Api.Data/Data/Models/File.cs

@@ -0,0 +1,6 @@
+// Copyright 2025 Carnegie Mellon University. All Rights Reserved.
+// Released under a MIT (SEI)-style license. See LICENSE.md in the project root for license information.
+
+namespace Player.Api.Data.Data.Models;
+
+public interface IEntity { }

Player.Api.Data/Data/Models/IEntity.cs

@@ -11,7 +11,7 @@
 
 namespace Player.Api.Data.Data.Models
 {
-    public class NotificationEntity
+    public class NotificationEntity : IEntity
     {
         [Key]
         public int Key { get; set; }

Player.Api.Data/Data/Models/Notification.cs

@@ -3,36 +3,43 @@
 
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Metadata.Builders;
-using System.Text.Json.Serialization;
 using System;
-using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 
 namespace Player.Api.Data.Data.Models
 {
-    public class PermissionEntity
+    public class PermissionEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
         public Guid Id { get; set; }
-
-        public string Key { get; set; }
-
-        public string Value { get; set; }
-
+        public string Name { get; set; }
         public string Description { get; set; }
-
-        public bool ReadOnly { get; set; }
-
-        //public string[] Tags { get; set; }
+        public bool Immutable { get; set; }
     }
 
     public class PermissionConfiguration : IEntityTypeConfiguration<PermissionEntity>
     {
         public void Configure(EntityTypeBuilder<PermissionEntity> builder)
         {
-            builder.HasIndex(x => new { x.Key, x.Value }).IsUnique();
+            builder.HasIndex(x => x.Name).IsUnique();
         }
     }
+
+    public enum SystemPermission
+    {
+        CreateViews,
+        ViewViews,
+        EditViews,
+        ManageViews,
+        ViewUsers,
+        ManageUsers,
+        ViewApplications,
+        ManageApplications,
+        ViewRoles,
+        ManageRoles,
+        ViewWebhookSubscriptions,
+        ManageWebhookSubscriptions
+    }
 }

Player.Api.Data/Data/Models/Permission.cs

@@ -10,13 +10,15 @@
 
 namespace Player.Api.Data.Data.Models
 {
-    public class RoleEntity
+    public class RoleEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
         public Guid Id { get; set; }
 
         public string Name { get; set; }
+        public bool AllPermissions { get; set; }
+        public bool Immutable { get; set; }
 
         public virtual ICollection<RolePermissionEntity> Permissions { get; set; } = new List<RolePermissionEntity>();
     }

Player.Api.Data/Data/Models/Role.cs

@@ -9,7 +9,7 @@
 
 namespace Player.Api.Data.Data.Models
 {
-    public class RolePermissionEntity
+    public class RolePermissionEntity : IEntity
     {
         public RolePermissionEntity() { }
 

Player.Api.Data/Data/Models/RolePermission.cs

@@ -5,27 +5,26 @@
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
-using System.Text.Json.Serialization;
 
 namespace Player.Api.Data.Data.Models
 {
-    public class TeamEntity
+    public class TeamEntity : IEntity
     {
         [Key]
         [DatabaseGenerated(DatabaseGeneratedOption.Identity)]
         public Guid Id { get; set; }
 
         public string Name { get; set; }
 
-        public Guid? RoleId { get; set; }
-        public RoleEntity Role { get; set; }
+        public Guid RoleId { get; set; }
+        public virtual TeamRoleEntity Role { get; set; }
 
         public Guid ViewId { get; set; }
         public virtual ViewEntity View { get; set; }
 
         public virtual ICollection<ApplicationInstanceEntity> Applications { get; set; } = new List<ApplicationInstanceEntity>();
         public virtual ICollection<TeamMembershipEntity> Memberships { get; set; } = new List<TeamMembershipEntity>();
-        public virtual ICollection<TeamPermissionEntity> Permissions { get; set; } = new List<TeamPermissionEntity>();
+        public virtual ICollection<TeamPermissionAssignmentEntity> Permissions { get; set; } = new List<TeamPermissionAssignmentEntity>();
 
         public TeamEntity() { }
 
@@ -34,7 +33,7 @@ public TeamEntity Clone()
             var entity = this.MemberwiseClone() as TeamEntity;
             entity.Applications = new List<ApplicationInstanceEntity>();
             entity.Memberships = new List<TeamMembershipEntity>();
-            entity.Permissions = new List<TeamPermissionEntity>();
+            entity.Permissions = new List<TeamPermissionAssignmentEntity>();
             entity.Id = Guid.Empty;
             entity.ViewId = Guid.Empty;
             entity.View = null;