public static void Insert(string policyDb, IConditionalExpressionService expression)
{
var data = new List <AccessControlPolicy>();
IMongoClient _client = new MongoClient();
IMongoDatabase _database = _client.GetDatabase(policyDb);
var acPolicyCollection = _database.GetCollection <AccessControlPolicy>("AccessControlPolicy");
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = true,
PolicyId = "policy 1",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[0]),
Rules = new AccessControlRule[] { new AccessControlRule {
Id = "rule 1", Effect = "Permit", Condition = expression.Parse(Rules[0])
} }
});
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = true,
PolicyId = "policy 1",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[1]),
Rules = new AccessControlRule[] { new AccessControlRule {
Id = "rule 1", Effect = "Permit", Condition = expression.Parse(Rules[1])
} }
});
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = false,
PolicyId = "policy 1",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[2]),
Rules = new AccessControlRule[] { new AccessControlRule {
Id = "rule 1", Effect = "Permit", Condition = expression.Parse(Rules[2])
} }
});
acPolicyCollection.InsertMany(data);
}
public void Post([FromBody] AccessControlPolicyInsertCommand command)
{
bool IsResourceRequired = false;
if (command.Target.Contains("\"Resource."))
{
IsResourceRequired = true;
}
var accessControlRules = new List <AccessControlRule>();
foreach (var rule in command.Rules)
{
var condition = _conditionalExpressionService.Parse(rule.Condition);
var accessControlRule = new AccessControlRule()
{
Id = rule.RuleID,
Effect = rule.Effect,
Condition = condition
};
accessControlRules.Add(accessControlRule);
if (!IsResourceRequired)
{
IsResourceRequired = rule.Condition.Contains("\"Resource.");
}
}
var target = _conditionalExpressionService.Parse(command.Target);
var accessControlModel = new AccessControlPolicy()
{
PolicyId = command.PolicyID,
CollectionName = command.CollectionName,
Action = command.Action,
Description = command.Description,
RuleCombining = command.RuleCombining,
Target = target,
Rules = accessControlRules,
IsAttributeResourceRequired = IsResourceRequired
};
_accessControlPolicyRepository.Add(accessControlModel);
}
public void Create([FromBody] PrivacyPolicyInsertCommand command)
{
bool IsResourceRequired = false;
if (command.Target.Contains("\"Resource."))
{
IsResourceRequired = true;
}
var fieldRules = new List <FieldRule>();
var target = _conditionalExpressionService.Parse(command.Target);
foreach (var rule in command.Rules)
{
var condition = _conditionalExpressionService.Parse(rule.Condition);
var fieldRule = new FieldRule()
{
Identifer = rule.RuleID,
FieldEffects = rule.FieldEffects,
Condition = condition
};
fieldRules.Add(fieldRule);
if (!IsResourceRequired)
{
IsResourceRequired = rule.Condition.Contains("\"Resource.");
}
}
var policy = new PrivacyPolicy()
{
CollectionName = command.CollectionName,
Description = command.Description,
PolicyId = command.PolicyID,
Rules = fieldRules,
IsAttributeResourceRequired = IsResourceRequired,
Target = target
};
_privacyPolicyRepository.Add(policy);
}
public static void InsertFivePoliciesForTestingPerformance(string policyDb, IConditionalExpressionService expression)
{
string[] Targets = new string[]
{
"BooleanEqual ( Subject.active , 'true' )"
};
string[] Rules = new string[]
{
"IntegerGreaterThan ( Resource.number_developers , '15' ) AND IntegerGreaterThan ( Subject.age , '15' ) AND DateGreaterThan ( Resource.leader.info.date_of_birth , '1/1/1995' )"
};
var data = new List <AccessControlPolicy>();
IMongoClient _client = new MongoClient();
IMongoDatabase _database = _client.GetDatabase(policyDb);
var acPolicyCollection = _database.GetCollection <AccessControlPolicy>("AccessControlPolicy");
for (int i = 1; i <= 4; i++)
{
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = true,
PolicyId = "policy 1",
RuleCombining = "deny-overrides",
Target = expression.Parse(Targets[0]),
Rules = new AccessControlRule[] {
new AccessControlRule {
Id = "rule 1", Effect = "Deny", Condition = expression.Parse(Rules[0])
},
new AccessControlRule {
Id = "rule 2", Effect = "Deny", Condition = expression.Parse(Rules[0])
},
new AccessControlRule {
Id = "rule 3", Effect = "Deny", Condition = expression.Parse(Rules[0])
}
}
});
}
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = true,
PolicyId = "policy 1",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[0]),
Rules = new AccessControlRule[] {
new AccessControlRule {
Id = "rule 1", Effect = "Permit", Condition = expression.Parse(Rules[0])
},
new AccessControlRule {
Id = "rule 2", Effect = "Permit", Condition = expression.Parse(Rules[0])
},
new AccessControlRule {
Id = "rule 3", Effect = "Permit", Condition = expression.Parse(Rules[0])
}
}
});
acPolicyCollection.InsertMany(data);
}
public static void InsertPolicyForDemo(string policyDb, IConditionalExpressionService expression)
{
string[] Targets = new string[]
{
"BooleanEqual ( Subject.active , 'true' )"
};
string[] Rules = new string[]
{
"StringEqual ( Subject.role , 'intern' ) Or StringEqual ( Subject.role , 'doctor' )",
"IntegerGreaterThan ( Resource.dept_id , '8' )"
};
var data = new List <AccessControlPolicy>();
IMongoClient _client = new MongoClient();
IMongoDatabase _database = _client.GetDatabase(policyDb);
var acPolicyCollection = _database.GetCollection <AccessControlPolicy>("AccessControlPolicy");
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = false,
PolicyId = "policy 1",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[0]),
Rules = new AccessControlRule[] {
new AccessControlRule {
Id = "rule 1", Effect = "Permit", Condition = expression.Parse(Rules[0])
}
}
});
data.Add(new AccessControlPolicy
{
Action = "read",
CollectionName = "Department",
Description = "....",
IsAttributeResourceRequired = false,
PolicyId = "policy 2",
RuleCombining = "permit-overrides",
Target = expression.Parse(Targets[0]),
Rules = new AccessControlRule[] {
new AccessControlRule {
Id = "rule 2", Effect = "Permit", Condition = expression.Parse(Rules[1])
}
}
});
acPolicyCollection.InsertMany(data);
var ruleCombiningDB = _database.GetCollection <AccessControlPolicyCombining>("AccessControlPolicyCombiningConfiguration");
var rules = new List <AccessControlPolicyCombining>();
rules.Add(new AccessControlPolicyCombining()
{
Algorithm = "permit-overrides", PolicyIds = new string[2] {
"policy 1", "policy 2"
}
});
ruleCombiningDB.InsertMany(rules);
}