* started implemented authorization for applications

* updated the schema for invites so that the handling is more straightforward.
* Limited cleanup routines to 1000 rows per removal to avoid deadlocks
* Minor styling fixes.

Author: gauffininteractive

src/Server/OneTrueError.App/Core/Accounts/Account.cs

@@ -70,6 +70,11 @@ protected Account()
         // ReSharper disable once UnusedAutoPropertyAccessor.Local
         public int Id { get; private set; }
 
+        /// <summary>
+        ///     IS system administrator
+        /// </summary>
+        public bool IsSysAdmin { get; set; }
+
         /// <summary>
         ///     When last successful login attempt was made.
         /// </summary>

src/Server/OneTrueError.App/Core/Accounts/Requests/ActivateAccountHandler.cs

@@ -52,15 +52,15 @@ public async Task<ActivateAccountReply> ExecuteAsync(ActivateAccount request)
             account.Activate();
             await _repository.UpdateAsync(account);
 
-            var query = new GetApplicationList();
+            var query = new GetApplicationList {AccountId = account.Id};
             var apps = await _queryBus.QueryAsync(query);
             var claims =
                 apps.Select(x => new Claim(OneTrueClaims.Application, x.Id.ToString(), ClaimValueTypes.Integer32))
                     .ToArray();
 
             if (ClaimsPrincipal.Current.IsAccount(account.Id))
             {
-                var context = new PrincipalFactoryContext(account.Id, account.UserName, new string[0]) {Claims = claims};
+                var context = new PrincipalFactoryContext(account.Id, account.UserName, new string[0]) { Claims = claims };
                 var identity = await PrincipalFactory.CreateAsync(context);
                 identity.AddUpdateCredentialClaim();
                 Thread.CurrentPrincipal = identity;

src/Server/OneTrueError.App/Core/Applications/QueryHandlers/GetMyApplications.cs

@@ -5,6 +5,7 @@
 using Griffin.Container;
 using OneTrueError.Api.Core.Applications;
 using OneTrueError.Api.Core.Applications.Queries;
+using OneTrueError.App.Core.Accounts;
 
 namespace OneTrueError.App.Core.Applications.QueryHandlers
 {
@@ -15,15 +16,18 @@ namespace OneTrueError.App.Core.Applications.QueryHandlers
     public class GetApplicationListHandler : IQueryHandler<GetApplicationList, ApplicationListItem[]>
     {
         private readonly IApplicationRepository _applicationRepository;
+        private readonly IAccountRepository _accountRepository;
 
         /// <summary>
         ///     Creates a new instance of <see cref="GetApplicationInfoHandler" />.
         /// </summary>
         /// <param name="applicationRepository">repos</param>
-        public GetApplicationListHandler(IApplicationRepository applicationRepository)
+        public GetApplicationListHandler(IApplicationRepository applicationRepository,
+            IAccountRepository accountRepository)
         {
             if (applicationRepository == null) throw new ArgumentNullException("applicationRepository");
             _applicationRepository = applicationRepository;
+            _accountRepository = accountRepository;
         }
 
         /// <summary>
@@ -38,10 +42,21 @@ public async Task<ApplicationListItem[]> ExecuteAsync(GetApplicationList query)
             if (query == null) throw new ArgumentNullException("query");
             ApplicationListItem[] result;
 
+            if (query.AccountId > 0)
+            {
+                var account = await _accountRepository.GetByIdAsync(query.AccountId);
+                if (account.IsSysAdmin)
+                    query.AccountId = 0;
+            }
+
             if (query.AccountId != 0)
-                result = (await _applicationRepository.GetForUserAsync(query.AccountId))
-                    .Select(x => new ApplicationListItem(x.ApplicationId, x.ApplicationName) {IsAdmin = x.IsAdmin})
-                    .ToArray();
+            {
+                var apps = await _applicationRepository.GetForUserAsync(query.AccountId);
+                result = (
+                    from x in apps
+                    select new ApplicationListItem(x.ApplicationId, x.ApplicationName) {IsAdmin = x.IsAdmin}
+                ).ToArray();
+            }
             else
                 result = (await _applicationRepository.GetAllAsync())
                     .Select(x => new ApplicationListItem(x.Id, x.Name))

src/Server/OneTrueError.App/Core/Incidents/Jobs/DeleteEmptyIncidents.cs

@@ -39,7 +39,7 @@ public async Task ExecuteAsync()
             using (var cmd = _unitOfWork.CreateDbCommand())
             {
                 cmd.CommandText =
-                    @"DELETE Incidents WHERE Id IN (select Incidents.Id
+                    @"DELETE TOP(1000) Incidents WHERE Id IN (select Incidents.Id
                         FROM Incidents 
                         LEFT JOIN ErrorReports ON (ErrorReports.IncidentId = Incidents.Id)
                         WHERE ErrorReports.Id IS NULL) AND IgnoreReports <> 1";

src/Server/OneTrueError.App/Core/Invitations/CommandHandlers/InviteUserHandler.cs

@@ -1,4 +1,6 @@
 using System.Linq;
+using System.Security;
+using System.Security.Claims;
 using System.Threading.Tasks;
 using DotNetCqs;
 using Griffin.Container;
@@ -12,6 +14,7 @@
 using OneTrueError.App.Core.Applications;
 using OneTrueError.App.Core.Users;
 using OneTrueError.Infrastructure.Configuration;
+using OneTrueError.Infrastructure.Security;
 
 namespace OneTrueError.App.Core.Invitations.CommandHandlers
 {
@@ -55,6 +58,13 @@ public InviteUserHandler(IInvitationRepository invitationRepository, IEventBus e
         public async Task ExecuteAsync(InviteUser command)
         {
             var inviter = await _userRepository.GetUserAsync(command.UserId);
+            if (!ClaimsPrincipal.Current.IsSysAdmin() &&
+                !ClaimsPrincipal.Current.IsApplicationAdmin(command.ApplicationId))
+            {
+                _logger.Warn($"User {command.UserId} attempted to do an invite for an application: {command.ApplicationId}.");
+                throw new SecurityException("You are not an admin of that application.");
+            }
+
             var invitedUser = await _userRepository.FindByEmailAsync(command.EmailAddress);
             if (invitedUser != null)
             {

src/Server/OneTrueError.App/Core/Reports/Jobs/DeleteOldReports.cs

@@ -54,7 +54,7 @@ public async Task ExecuteAsync()
         {
             using (var cmd = _unitOfWork.CreateDbCommand())
             {
-                var sql = @"DELETE FROM ErrorReports WHERE CreatedAtUtc < @date";
+                var sql = @"DELETE TOP(1000) FROM ErrorReports WHERE CreatedAtUtc < @date";
                 cmd.CommandText = sql;
                 cmd.AddParameter("date", DateTime.UtcNow.AddDays(-RetentionDays));
                 cmd.CommandTimeout = 90;

src/Server/OneTrueError.Data.Common/Security/OneTrueClaims.cs

@@ -7,7 +7,7 @@ public class OneTrueClaims
         public const string CurrentApplicationId = "http://onetrueerror.com/claims/currentapplicationid";
         public const string Application = "http://onetrueerror.com/claims/application";
         public const string ApplicationName = "http://onetrueerror.com/claims/application/name";
-        public const string ApplicationAdmin = "http://onetrueerror.com/claims/application";
+        public const string ApplicationAdmin = "http://onetrueerror.com/claims/application/admin";
 
         public const string RoleSysAdmin = "SysAdmin";
         public const string RoleUser = "SysAdmin";

src/Server/OneTrueError.SqlServer/Core/Users/ApplicationTeamMemberMapper.cs

@@ -8,19 +8,19 @@ public class ApplicationTeamMemberMapper : CrudEntityMapper<ApplicationTeamMembe
     {
         public ApplicationTeamMemberMapper() : base("ApplicationMembers")
         {
-            Property(x => x.EmailAddress)
-                .PrimaryKey(false);
+            Property(x => x.Id)
+                .PrimaryKey(true);
 
             Property(x => x.AccountId)
-                .ToColumnValue(x => x == 0 ? (object) DBNull.Value : x)
-                .ToPropertyValue(x => x is DBNull ? 0 : (int) x);
+                .ToColumnValue(x => x == 0 ? (object)DBNull.Value : x)
+                .ToPropertyValue(x => x is DBNull ? 0 : (int)x);
 
             Property(x => x.UserName)
                 .NotForCrud();
 
             Property(x => x.Roles)
                 .ToColumnValue(x => string.Join(",", x))
-                .ToPropertyValue(x => ((string) x).Split(','));
+                .ToPropertyValue(x => ((string)x).Split(','));
         }
     }
 }

src/Server/OneTrueError.SqlServer/OneTrueError.SqlServer.csproj

@@ -181,6 +181,12 @@
   <ItemGroup>
     <EmbeddedResource Include="Schema\Update.v3.sql" />
   </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Schema\Update.v4.sql" />
+  </ItemGroup>
+  <ItemGroup>
+    <EmbeddedResource Include="Schema\Update.v5.sql" />
+  </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
   <!-- To modify your build process, add your task inside one of the targets below and uncomment it. 
        Other similar extension points exist, see Microsoft.Common.targets.

src/Server/OneTrueError.SqlServer/Schema/Update.v4.sql

@@ -0,0 +1,8 @@
+--version 1.0 (part A) of OneTrueError
+
+ALTER TABLE Accounts ADD IsSysAdmin bit not null default 0;
+alter table ApplicationMembers add Id int identity not null primary key;
+ALTER TABLE ApplicationMembers ALTER COLUMN [EmailAddress]  nvarchar(255) null;
+
+
+UPDATE DatabaseSchema SET Version = 4;