public async Task visitor_allow_to_parse_with_not_title_case() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin suBjEct.roLe = ""Nurse"" AND reSourcE.acTion = ""MedicalRecord"" end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Role", new[] { "Nurse" } }, }), new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >() { { "Action", new[] { "MedicalRecord" } } }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue(); }
public async Task visitor_throw_when_check_satisfied_if_context_does_not_contain_a_property() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Role = ""Nurse"" end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Name", new [] { "Mary Joe" } }, }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); Assert.Throws <InvalidOperationException>(() => { dslAuthorizationPolicy.IsSatisfied(context); }).Message.Should().BeEquivalentTo("The rule CardiologyNurses is evaluating a property that does not exist on actual DslAuthorizationContext"); }
public async Task visitor_allow_to_parse_contains_bool_operators() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Role CONTAINS ""Nurse"" AND Resource.Action <> ""internalreports"" end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Role", new [] { "Doctor", "Nurse" } }, }), new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >() { { "Action", new[] { "medicalreports" } } }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context) .Should() .BeTrue(); }
public async Task visitor_allow_to_parse_primitive_string_comparer_expressions() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Name = ""Mary Joe"" end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Name", new [] { "Mary Joe" } }, }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue(); }
public async Task visitor_allow_to_parse_aritmetic_operations_with_context_data() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Age < 20 AND Subject.Id * 1000 >= 1000 * 1 end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Age", new object[] { 19 } }, { "Id", new object[] { 1 } } }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue(); }
public async Task visitor_allow_to_parse_aritmetic_operations() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Role = ""Nurse"" AND Resource.Id > (10 * 100 * 10) end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Role", new [] { "Nurse" } }, }), new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >() { { "Id", new object[] { 999 } }, }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse(); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AbacRequirement requirement) { if (context.User.Identity.IsAuthenticated) { try { var policy = await _runtimeAuthorizationServerStore .GetPolicyAsync(requirement.Name); if (policy is object) { Log.AbacAuthorizationHandlerIsEvaluatingPolicy(_logger, policy.Name, policy.Content); var abacContext = await _abacAuthorizationContextFactory.Create(context); var abacPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy.Content, WellKnownGrammars.Bal); if (abacPolicy.IsSatisfied(abacContext)) { Log.AbacAuthorizationHandlerEvaluationSuccesss(_logger, policy.Name); context.Succeed(requirement); return; } } } catch (Exception ex) { Log.AbacAuthorizationHandlerThrow(_logger, ex); } } context.Fail(); }
public async Task visitor_allow_to_use_multiple_rules() { const string policy = @" policy Example begin rule CardiologyNurses (PERMIT) begin Subject.Role = ""Nurse"" AND Resource.Action = ""medicalreports"" end rule CardiologyNursesExcepJhonDoe (DENY) begin Subject.Role = ""Nurse"" AND Resource.Action = ""medicalreports"" AND Subject.Name = ""Jhon Doe"" end end"; var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal); dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example"); var propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Role", new[] { "Nurse" } }, { "Name", new[] { "Mary Joe" } }, }), new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >() { { "Action", new[] { "medicalreports" } } }) }; var contextFactory = new AbacAuthorizationContextFactory(propertyBags); var context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context) .Should().BeTrue(); propertyBags = new List <IPropertyBag>() { new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >() { { "Role", new[] { "Nurse" } }, { "Name", new[] { "Jhon Doe" } }, }), new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >() { { "Action", new[] { "medicalreports" } } }) }; contextFactory = new AbacAuthorizationContextFactory(propertyBags); context = await contextFactory.Create(null); dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse(); }