public async Task <AuthorizationPolicyResult> Execute(TicketLineParameter ticketLineParameter, Policy authorizationPolicy, ClaimTokenParameter claimTokenParameter) { if (ticketLineParameter == null) { throw new ArgumentNullException(nameof(ticketLineParameter)); } if (authorizationPolicy == null) { throw new ArgumentNullException(nameof(authorizationPolicy)); } if (authorizationPolicy.Rules == null || !authorizationPolicy.Rules.Any()) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.Authorized }); } AuthorizationPolicyResult result = null; foreach (var rule in authorizationPolicy.Rules) { result = await ExecuteAuthorizationPolicyRule(ticketLineParameter, rule, claimTokenParameter); if (result.Type == AuthorizationPolicyResultEnum.Authorized) { return(result); } } return(result); }
public async Task <AuthorizationPolicyResult> IsAuthorized(Ticket validTicket, string clientId, ClaimTokenParameter claimTokenParameter) { if (validTicket == null) { throw new ArgumentNullException(nameof(validTicket)); } if (string.IsNullOrWhiteSpace(clientId)) { throw new ArgumentNullException(nameof(clientId)); } if (validTicket.Lines == null || !validTicket.Lines.Any()) { throw new ArgumentNullException(nameof(validTicket.Lines)); } var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId); var resources = await _resourceSetRepository.Get(resourceIds); if (resources == null || !resources.Any() || resources.Count() != resourceIds.Count()) { throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.SomeResourcesDontExist); } AuthorizationPolicyResult validationResult = null; foreach (var ticketLine in validTicket.Lines) { var ticketLineParameter = new TicketLineParameter(clientId, ticketLine.Scopes, validTicket.IsAuthorizedByRo); var resource = resources.First(r => r.Id == ticketLine.ResourceSetId); validationResult = await Validate(ticketLineParameter, resource, claimTokenParameter); if (validationResult.Type != AuthorizationPolicyResultEnum.Authorized) { _umaServerEventSource.AuthorizationPoliciesFailed(validTicket.Id); return(validationResult); } } return(validationResult); }