private AccessControlEffect CollectionAccessControlProcess(
            Subject subject,
            Resource resource,
            string action,
            EnvironmentObject environment,
            ref List <AccessControlPolicy> permitPolicies,
            ref List <AccessControlPolicy> denyPolicies)
        {
            AccessControlEffect result = AccessControlEffect.Deny;

            ICollection <AccessControlPolicy> collectionPolicies = _accessControlPolicyRepository.Get(resource.Name, action, false);

            string policyCombining = _policyCombiningRepository.GetRuleCombining(collectionPolicies);

            var targetPolicies = new List <AccessControlPolicy>();

            foreach (var policy in collectionPolicies)
            {
                bool isTarget = _expressionService.Evaluate(policy.Target, subject.Data, null, environment.Data);
                if (isTarget)
                {
                    targetPolicies.Add(policy);
                }
            }

            foreach (var policy in targetPolicies)
            {
                string policyEffect = String.Empty;

                foreach (var rule in policy.Rules)
                {
                    bool isApplied = _expressionService.Evaluate(rule.Condition, subject.Data, null, environment.Data);
                    if (isApplied && rule.Effect.Equals("Permit") && policy.RuleCombining.Equals(AlgorithmCombining.PERMIT_OVERRIDES))
                    {
                        policyEffect = "Permit";
                        break;
                    }
                    if (isApplied && rule.Effect.Equals("Deny") && policy.RuleCombining.Equals(AlgorithmCombining.DENY_OVERRIDES))
                    {
                        policyEffect = "Deny";
                        break;
                    }
                }
                if (policyEffect.Equals("Permit") && policyCombining.Equals(AlgorithmCombining.PERMIT_OVERRIDES))
                {
                    result = AccessControlEffect.Permit;
                    break;
                }
                else if (policyEffect.Equals("Deny") && policyCombining.Equals(AlgorithmCombining.DENY_OVERRIDES))
                {
                    result = AccessControlEffect.Deny;
                    break;
                }
                // add retaive policy here
            }
            return(result);
        }
        public AccessControlResponseContext ExecuteProcess(Subject subject, Resource resource, string action, EnvironmentObject environment)
        {
            environment.Data.AddAnnotation(action);

            AccessControlEffect collectionEffect = CollectionAccessControlProcess(subject, resource, action, environment);

            if (collectionEffect == AccessControlEffect.Deny)
            {
                return(new AccessControlResponseContext(AccessControlEffect.Deny, null));
            }
            else if (collectionEffect == AccessControlEffect.Permit)
            {
                return(new AccessControlResponseContext(AccessControlEffect.Permit, resource.Data));
            }

            var accessControlRecordPolicies = _accessControlPolicyRepository.Get(resource.Name, action, true);

            if (accessControlRecordPolicies.Count == 0)
            {
                return(new AccessControlResponseContext(AccessControlEffect.Deny, null));
            }

            string policyCombining = _policyCombiningRepository.GetRuleCombining(accessControlRecordPolicies);

            ICollection <JObject> _resource = new List <JObject>();

            if (resource.Data.Length > 1000)
            {
                Parallel.ForEach(resource.Data, record =>
                {
                    if (RowAccessControlProcess(subject, record, environment, policyCombining, accessControlRecordPolicies) != null)
                    {
                        lock (_resource)
                            _resource.Add(record);
                    }
                });
            }
            else
            {
                foreach (var record in resource.Data)
                {
                    if (RowAccessControlProcess(subject, record, environment, policyCombining, accessControlRecordPolicies) != null)
                    {
                        _resource.Add(record);
                    }
                }
            }
            if (_resource.Count == 0)
            {
                return(new AccessControlResponseContext(AccessControlEffect.Deny, null));
            }

            return(new AccessControlResponseContext(AccessControlEffect.Permit, _resource));
        }