/// <summary> /// The evaluation implementation in the pseudo-code described in the specification. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <param name="rules">The policies that must be evaluated.</param> /// <returns>The final decission for the combination of the rule evaluation.</returns> public Decision Evaluate(EvaluationContext context, RuleCollection rules) { Decision decision = Decision.Indeterminate; context.Trace("Evaluating rules..."); context.AddIndent(); try { foreach (Rule rule in rules) { decision = rule.Evaluate(context); context.TraceContextValues(); if (decision == Decision.Deny) { decision = Decision.Deny; return(decision); } if (decision == Decision.Permit) { decision = Decision.Permit; return(decision); } if (decision == Decision.NotApplicable) { continue; } if (decision == Decision.Indeterminate) { decision = Decision.Indeterminate; return(decision); } } return(Decision.NotApplicable); } finally { context.Trace("Rule combination algorithm: {0}", decision.ToString()); context.RemoveIndent(); } }
/// <summary> /// The evaluation implementation in the pseudo-code described in the specification. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <param name="rules">The policies that must be evaluated.</param> /// <returns>The final decission for the combination of the rule evaluation.</returns> public Decision Evaluate(EvaluationContext context, RuleCollection rules) { if (context == null) { throw new ArgumentNullException("context"); } if (rules == null) { throw new ArgumentNullException("rules"); } Decision decision = Decision.Indeterminate; bool atLeastOneError = false; bool potentialPermit = false; bool atLeastOneDeny = false; context.Trace("Evaluating rules..."); context.AddIndent(); try { foreach (Rule rule in rules) { decision = rule.Evaluate(context); context.TraceContextValues(); if (decision == Decision.Deny) { atLeastOneDeny = true; continue; } if (decision == Decision.Permit) { decision = Decision.Permit; return(decision); } if (decision == Decision.NotApplicable) { continue; } if (decision == Decision.Indeterminate) { atLeastOneError = true; if (rule.RuleDefinition.Effect == pol.Effect.Permit) { potentialPermit = true; } continue; } } if (potentialPermit) { decision = Decision.Indeterminate; return(decision); } if (atLeastOneDeny) { decision = Decision.Deny; return(decision); } if (atLeastOneError) { decision = Decision.Indeterminate; return(decision); } decision = Decision.NotApplicable; return(decision); } finally { context.Trace("Rule combination algorithm: {0}", decision.ToString()); context.RemoveIndent(); } }