public async Task visitor_allow_to_parse_with_not_title_case()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
suBjEct.roLe = ""Nurse"" AND reSourcE.acTion = ""MedicalRecord""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "MedicalRecord" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_throw_when_check_satisfied_if_context_does_not_contain_a_property()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Name", new [] { "Mary Joe" } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
Assert.Throws <InvalidOperationException>(() =>
{
dslAuthorizationPolicy.IsSatisfied(context);
}).Message.Should().BeEquivalentTo("The rule CardiologyNurses is evaluating a property that does not exist on actual DslAuthorizationContext");
}
public async Task visitor_allow_to_parse_contains_bool_operators()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role CONTAINS ""Nurse"" AND Resource.Action <> ""internalreports""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new [] { "Doctor", "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context)
.Should()
.BeTrue();
}
public async Task visitor_allow_to_parse_primitive_string_comparer_expressions()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Name = ""Mary Joe""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Name", new [] { "Mary Joe" } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_allow_to_parse_aritmetic_operations_with_context_data()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Age < 20 AND Subject.Id * 1000 >= 1000 * 1
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Age", new object[] { 19 } },
{ "Id", new object[] { 1 } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_allow_to_parse_aritmetic_operations()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse"" AND Resource.Id > (10 * 100 * 10)
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new [] { "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Id", new object[] { 999 } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AbacRequirement requirement)
{
if (context.User.Identity.IsAuthenticated)
{
try
{
var policy = await _runtimeAuthorizationServerStore
.GetPolicyAsync(requirement.Name);
if (policy is object)
{
Log.AbacAuthorizationHandlerIsEvaluatingPolicy(_logger, policy.Name, policy.Content);
var abacContext = await _abacAuthorizationContextFactory.Create(context);
var abacPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy.Content, WellKnownGrammars.Bal);
if (abacPolicy.IsSatisfied(abacContext))
{
Log.AbacAuthorizationHandlerEvaluationSuccesss(_logger, policy.Name);
context.Succeed(requirement);
return;
}
}
}
catch (Exception ex)
{
Log.AbacAuthorizationHandlerThrow(_logger, ex);
}
}
context.Fail();
}
public async Task visitor_allow_to_use_multiple_rules()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse""
AND Resource.Action = ""medicalreports""
end
rule CardiologyNursesExcepJhonDoe (DENY) begin
Subject.Role = ""Nurse""
AND Resource.Action = ""medicalreports""
AND Subject.Name = ""Jhon Doe""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
{ "Name", new[] { "Mary Joe" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context)
.Should().BeTrue();
propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
{ "Name", new[] { "Jhon Doe" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
contextFactory = new AbacAuthorizationContextFactory(propertyBags);
context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
}
