/// <summary>
/// Retrieves a rule from the database and parses it into a boolean expresssion
/// </summary>
/// <param name="context">The Rule name</param>
/// <param name="mgr">The Database Rules Manager that queries the database</param>
/// <returns>A BooleanExpression object</returns>
private BooleanExpression GetParsedExpression(string context, DbRulesManager mgr)
{
AuthorizationRuleData rule = mgr.GetRule(context);
if (rule == null)
{
return(null);
}
Parser p = new Parser();
return(p.Parse(rule.Expression));
}
/// <summary>
/// Checks a user's authorization against a given rule
/// </summary>
/// <param name="principal">The user to authorize</param>
/// <param name="context">The name of the rule to check</param>
/// <returns>boolean indicating whether the user is authorized</returns>
public override bool Authorize(System.Security.Principal.IPrincipal principal, string context)
{
if (principal == null)
{
throw new ArgumentNullException("principal");
}
if (context == null || context.Length == 0)
{
throw new ArgumentNullException("context");
}
if (mgr == null)
{
mgr = new DbRulesManager(database);
}
//SecurityAuthorizationCheckEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckPerformed(principal.Identity.Name, context);
BooleanExpression expression = GetParsedExpression(context, mgr);
if (expression == null)
{
//todo : better exception
throw new ApplicationException(String.Format("Authorization Rule {0} not found in the database.", context));
}
bool result = expression.Evaluate(principal);
if (result == false)
{
//SecurityAuthorizationFailedEvent.Fire(principal.Identity.Name, context);
InstrumentationProvider.FireAuthorizationCheckFailed(principal.Identity.Name, context);
}
return(result);
}
