protected AclResult internalEvaluate(AclRequest request){
     AclResult result = null;
     result = tryEvaluateBySubProviders(request);
     if(null!=result) return result;
     result = tryEvaluateByRules(request);
     if (null != result) return result;
     return new AclResult {AccessAllowed = true, Processed = false};
 }
        private AclResult tryEvaluateByRules(AclRequest request){

            var rules = new List<IAclRule>();
            foreach (var rule in Rules){
                if(!rule.Active) continue;
                if(!(rule.StartDate <= DateTime.Now && rule.EndDate >= DateTime.Now)) continue;
                if(!rule.Match(request)) continue;
                rules.Add(rule);
                
            }
            rules = rules.OrderBy(x => x, new AclRuleComparer()).ToList();
                
            if(log.IsDebugEnabled){
                log.Debug("matched rules for " + request + " (" + rules.concat("; ") + ")");    
            }
			
            if(rules.Count()==0) return null;
            var result = new AclResult {Processed = true, AccessAllowed = true};
            foreach (var rule in rules){
                if(AclRuleType.Deny==rule.RuleType){
                    result.AccessAllowed = false;
					log.debug(()=>"deny by "+rule);
                    break;
                }
                if(AclRuleType.Allow==rule.RuleType){
                    result.AccessAllowed = true;
					log.debug(()=>"allow by "+rule);
                    break;
                }
                if(AclRuleType.Require==rule.RuleType){
                    if(!rule.IsRequireMatched(request)){
                        result.AccessAllowed = false;
						log.debug(()=>"no meet require by "+rule);
                        break;
                    }
                }
            }
			log.debug(()=>"result "+result.AccessAllowed);
            return result;
        }
Example #3
0
 private bool resolveByRoles(AclRequest request){
     var principal = request.Principal;
     return CheckRoles(principal);
 }
Example #4
0
 public virtual bool IsRequireMatched(AclRequest request){
     return resolveByRoles(request);
 }
Example #5
0
        public virtual bool Match(AclRequest request){
			//check by token
			
            if (!string.IsNullOrWhiteSpace(TokenMask) && !request.Token.like(getRegex())) {
				log.debug(()=>String.Empty+this+" no match token");
				return false;
			}
            //check by system
            if (!string.IsNullOrWhiteSpace(System) && request.System!=System) {
				log.debug(()=>String.Empty+this+" no match system");
				return false;
			}
            //check by domain or user
            if (!string.IsNullOrWhiteSpace(PrincipalMask) && !PrincipalMask.StartsWith("r:")){
				
                if (PrincipalMask.Contains("\\"))
                {
                    if (request.Principal.Identity.Name != PrincipalMask) return false;
                }
                else{
                    if (!request.Principal.Identity.Name.StartsWith(PrincipalMask)) return false;
                }
            }
            //check by permission
            var rp = request.Permission;
            if (string.IsNullOrWhiteSpace(rp)) rp = "_NULL_";
            if (!string.IsNullOrWhiteSpace(Permissions) && !Permissions.Contains(rp + ";")){
				log.debug(()=>String.Empty+this+" no match permission");
				return false;
			}
            //check by role - if rule has special REQUIRE mode - roles are not checked at match stage, but collected in 
            //eval stage
            if (!string.IsNullOrWhiteSpace(PrincipalMask) && PrincipalMask.StartsWith("r:") && RuleType!=AclRuleType.Require)
            {
                if (!resolveByRoles(request)) return false;
            }
            
            return true;
        }
Example #6
0
 public AclResult Evaluate(AclRequest request){
     Used = true;
     if (request.Principal.Identity.Name == "test\\test"){
         return new AclResult{Processed = true, AccessAllowed = true};
     }
     return null;
 }
 public AclResult Evaluate(AclRequest request){
     lock (this){
         checkInitialization();
         return cache.get(request.ToString(), () => internalEvaluate(request));
     }
 }
 private AclResult tryEvaluateBySubProviders(AclRequest request){
     if(null==AclProviders) return null;
     foreach (var impl in AclProviders.OrderBy(r=>r.Idx)){
         var result = impl.Evaluate(request);
         if(null!=result){
             return result;
         }
     }
     return null;
 }