/// <summary>
/// Return a new permission with the union of this and the permission
/// provided.
/// IsAuthenticated must match.
/// Issuer must be an exact match.
/// All claims added to a new ClaimSet with the same Issuer.
/// </summary>
/// <param name="target"></param>
/// <returns></returns>
public IPermission Union(IPermission target)
{
if (target == null)
{
return(null);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(null);
}
if (perm.IsUnrestricted() || this.IsUnrestricted())
{
return(new ClaimsPrincipalPermission(PermissionState.Unrestricted));
}
if (this._isAuthenticated != perm.IsAuthenticated)
{
return(null);
}
if (!IsExactIssuerMatch(perm.Issuer))
{
return(null);
}
List <Claim> claims = new List <Claim>();
foreach (Claim c in this._requiredClaims)
{
claims.Add(c);
}
foreach (Claim c in perm.RequiredClaims)
{
if (!this._requiredClaims.ContainsClaim(c))
{
claims.Add(c);
}
}
// it is assumed that the issuers are identical from the call
// to IsExactIssuerMatch() above
ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this._isAuthenticated, new DefaultClaimSet(this._requiredClaims.Issuer, claims));
return(newPerm);
}
/// <summary>
/// Is the permission provided a subset of this permission?
/// Issuer must be an exact match.
/// Claims in this permission must all be contained in target.
/// </summary>
/// <param name="target"></param>
/// <returns></returns>
public bool IsSubsetOf(IPermission target)
{
if (target == null)
{
return(false);
}
ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission;
if (perm == null)
{
return(false);
}
if (perm.IsUnrestricted())
{
return(true);
}
if (this.IsUnrestricted())
{
return(false);
}
if (this._isAuthenticated != perm.IsAuthenticated)
{
return(false);
}
if (!IsExactIssuerMatch(perm.Issuer))
{
return(false);
}
bool isSubsetOf = false;
foreach (Claim c in this._requiredClaims)
{
if (!perm.RequiredClaims.ContainsClaim(c))
{
isSubsetOf = false;
break;
}
}
return(isSubsetOf);
}
