internal static AuthorizationRuleListResult DeserializeAuthorizationRuleListResult(JsonElement element)
{
Optional <IReadOnlyList <AuthorizationRuleData> > value = default;
Optional <string> nextLink = default;
foreach (var property in element.EnumerateObject())
{
if (property.NameEquals("value"))
{
if (property.Value.ValueKind == JsonValueKind.Null)
{
property.ThrowNonNullablePropertyIsNull();
continue;
}
List <AuthorizationRuleData> array = new List <AuthorizationRuleData>();
foreach (var item in property.Value.EnumerateArray())
{
array.Add(AuthorizationRuleData.DeserializeAuthorizationRuleData(item));
}
value = array;
continue;
}
if (property.NameEquals("nextLink"))
{
nextLink = property.Value.GetString();
continue;
}
}
return(new AuthorizationRuleListResult(Optional.ToList(value), nextLink.Value));
}
private AuthorizationRuleData GetRuleFromReader(IDataReader reader)
{
AuthorizationRuleData rule = new AuthorizationRuleData();
rule.Name = reader.GetString(reader.GetOrdinal("Name"));
rule.Expression = reader.GetString(reader.GetOrdinal("Expression"));
return rule;
}
/// <summary>
/// Initializes a new instance of the node from existing configuration data.
/// </summary>
/// <param name="authorizationRuleData">Configuration data for a generic authorization provider</param>
public AuthorizationRuleNode(AuthorizationRuleData authorizationRuleData) : base()
{
if (authorizationRuleData == null)
{
throw new ArgumentNullException("authorizationRuleData");
}
this.authorizationRuleData = authorizationRuleData;
}
/// <summary>
/// Initializes a new instance of the node from existing configuration data.
/// </summary>
/// <param name="authorizationRuleData">Configuration data for a generic authorization provider</param>
public AuthorizationRuleNode(AuthorizationRuleData authorizationRuleData)
: base()
{
if (authorizationRuleData == null)
{
throw new ArgumentNullException("authorizationRuleData");
}
this.authorizationRuleData = authorizationRuleData;
}
public async Task EventhubCreateGetUpdateDeleteAuthorizationRule()
{
//create eventhub
string eventhubName = Recording.GenerateAssetName("eventhub");
EventHubResource eventHub = (await _eventHubCollection.CreateOrUpdateAsync(WaitUntil.Completed, eventhubName, new EventHubData())).Value;
//create an authorization rule
string ruleName = Recording.GenerateAssetName("authorizationrule");
EventHubAuthorizationRuleCollection ruleCollection = eventHub.GetEventHubAuthorizationRules();
AuthorizationRuleData parameter = new AuthorizationRuleData()
{
Rights = { AccessRights.Listen, AccessRights.Send }
};
EventHubAuthorizationRuleResource authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//get authorization rule
authorizationRule = await ruleCollection.GetAsync(ruleName);
Assert.AreEqual(authorizationRule.Id.Name, ruleName);
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//get all authorization rules
List <EventHubAuthorizationRuleResource> rules = await ruleCollection.GetAllAsync().ToEnumerableAsync();
//validate
Assert.True(rules.Count == 1);
bool isContainAuthorizationRuleName = false;
foreach (EventHubAuthorizationRuleResource rule in rules)
{
if (rule.Id.Name == ruleName)
{
isContainAuthorizationRuleName = true;
}
}
Assert.True(isContainAuthorizationRuleName);
//update authorization rule
parameter.Rights.Add(AccessRights.Manage);
authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//delete authorization rule
await authorizationRule.DeleteAsync(WaitUntil.Completed);
//validate if deleted
Assert.IsFalse(await ruleCollection.ExistsAsync(ruleName));
rules = await ruleCollection.GetAllAsync().ToEnumerableAsync();
Assert.True(rules.Count == 0);
}
/// <summary>
/// Initialize a new instance of the <see cref="AuthorizationRuleNode"/> class with an <see cref="AuthorizationRuleData"/> instance.
/// </summary>
/// <param name="authorizationRuleData">An <see cref="AuthorizationRuleData"/> instance</param>
public AuthorizationRuleNode(AuthorizationRuleData authorizationRuleData)
: base((authorizationRuleData == null) ? Resources.AuthorizationRuleNodeName : authorizationRuleData.Name)
{
if (authorizationRuleData == null)
{
throw new ArgumentNullException("authorizationRuleData");
}
this.expression = authorizationRuleData.Expression;
}
/// <summary>
/// Initialize a new instance of the <see cref="AuthorizationRuleNode"/> class with an <see cref="AuthorizationRuleData"/> instance.
/// </summary>
/// <param name="authorizationRuleData">An <see cref="AuthorizationRuleData"/> instance</param>
public AuthorizationRuleNode(AuthorizationRuleData authorizationRuleData)
: base((authorizationRuleData == null) ? Resources.AuthorizationRuleNodeName : authorizationRuleData.Name)
{
if (authorizationRuleData == null)
{
throw new ArgumentNullException("authorizationRuleData");
}
this.expression = authorizationRuleData.Expression;
}
public void AddRoleToRule(string ruleName, string roleName)
{
if (ruleName.Length == 0 || roleName.Length == 0)
{
throw new ProviderException("权限名和角色名都不能为空");
}
string[] roles = new string[1] {
roleName
};
IPrincipal principal = new GenericPrincipal(new GenericIdentity(""), roles);
Parser parser = new Parser();
AuthorizationRuleData rule = GetRule(ruleName);
BooleanExpression parsedExpression;
if (rule == null)
{
throw new ProviderException(string.Format("权限: '{0}'不在数据库中", ruleName));
}
parsedExpression = parser.Parse(rule.Expression);
if (parsedExpression.Evaluate(principal))
{
throw new ProviderException(string.Format("角色: '{0}'已经拥有权限: '{1}'", roleName, ruleName));
}
string ruleExpression = string.Empty;
if (rule.Expression.Contains(string.Format(" AND (NOT R:{0})", roleName)))
{
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT R:{0})", roleName),
string.Format(" OR (R:{0})", roleName)
);
}
else
{
ruleExpression = rule.Expression + string.Format(" OR (R:{0})", roleName);
}
ruleExpression = rule.Expression + string.Format(" OR (R:{0})", roleName);
try
{
parser.Parse(ruleExpression);
}
catch (SyntaxException)//权限表达式非法
{
throw new ApplicationException("权限表达式非法");
}
UpdateRuleByName(rule.Name, ruleExpression);
}
/// <summary>
/// Retrieves a rule from the database and parses it into a boolean expresssion
/// </summary>
/// <param name="context">The Rule name</param>
/// <param name="mgr">The Database Rules Manager that queries the database</param>
/// <returns>A BooleanExpression object</returns>
private BooleanExpression GetParsedExpression(string context, DbRulesManager mgr)
{
AuthorizationRuleData rule = mgr.GetRule(context);
if (rule == null)
{
return(null);
}
Parser p = new Parser();
return(p.Parse(rule.Expression));
}
private static Rule GetRule(string ruleName, ConfigurationSourceSection section)
{
SqlConfigurationSource source = GetSelectedConfigurationSource(section);
//get selected source
SqlConfigurationSource selectedSource = GetSelectedConfigurationSource(section);
SecurityConfigurationView securityConfigurationView = new SecurityConfigurationView(selectedSource);
AuthorizationRuleProviderData authorizationProviderData = GetAuthorizationProviderData(securityConfigurationView, source, section);
AuthorizationRuleData authorizationRuleData = authorizationProviderData.Rules.Get(ruleName);
return(new Rule(authorizationRuleData.Name, authorizationRuleData.Expression));
}
public void AuthorizationRuleDataTest()
{
string name = "some name";
string expression = "some expression";
AuthorizationRuleData data = new AuthorizationRuleData();
data.Name = name;
data.Expression = expression;
AuthorizationRuleNode node = new AuthorizationRuleNode(data);
Assert.AreEqual(name, node.Name);
Assert.AreEqual(expression, node.Expression);
}
private BooleanExpression GetParsedExpression(string ruleName)
{
AuthorizationRuleDataCollection authorizationRuleDataCollection = GetAuthorizationRules();
AuthorizationRuleData authorizationRuleData = authorizationRuleDataCollection[ruleName];
if (authorizationRuleData == null)
{
return(null);
}
string expression = authorizationRuleData.Expression;
Parser parser = new Parser();
return(parser.Parse(expression));
}
public void RemoveUserFromRule(string ruleName, string username)
{
if (ruleName.Length == 0 || username.Length == 0)
{
throw new ProviderException("权限名和用户名都不能为空");
}
string[] roles = Roles.GetRolesForUser(username);
IPrincipal principal = new GenericPrincipal(new GenericIdentity(username), roles);
Parser parser = new Parser();
AuthorizationRuleData rule = GetRule(ruleName);
if ( !parser.Parse(rule.Expression).Evaluate(principal) )
{
throw new ProviderException(string.Format("用户: '{0}'已经没有权限: '{1}'", username,ruleName));
}
string ruleExpression;
//此用户已经拥有了此权限
if (rule.Expression.Contains(string.Format(" OR (I:{0})", username)))
{
ruleExpression = rule.Expression.Replace(string.Format(" OR (I:{0})", username), "");
}
//后面有表达式 OR...
else if (rule.Expression.Contains(string.Format("(I:{0}) OR ", username)))
{
ruleExpression = rule.Expression.Replace(string.Format("(I:{0}) OR ", username), "");
}
//后面有表达式 AND...
else if (rule.Expression.Contains(string.Format("(I:{0}) AND ", username)))
{
ruleExpression = rule.Expression.Replace(string.Format("(I:{0}) AND ", username), "");
}
//只有此用户拥有此权限
else if (rule.Expression.Contains(string.Format("(I:{0})", username)))
{
//ruleExpression = rule.Expression.Replace(string.Format("(I:{0})", username), "");
throw new ProviderException("权限必须属于至少一个角色或用户!!!");
}
//只是此用户所属的角色拥有此权限
else
{
ruleExpression = rule.Expression + string.Format(" AND (NOT I:{0})", username);
}
UpdateRuleByName(ruleName,ruleExpression);
}
public void AuthorizationRuleDataTest()
{
string name = "some name";
string expression = "some expression";
AuthorizationRuleData data = new AuthorizationRuleData();
data.Name = name;
data.Expression = expression;
AuthorizationRuleNode node = new AuthorizationRuleNode(data);
Assert.AreEqual(name, node.Name);
Assert.AreEqual(expression, node.Expression);
}
public void AuthorizationRuleNodeTest()
{
string name = "some name";
string expression = "some expression";
AuthorizationRuleNode authorizationNode = new AuthorizationRuleNode();
authorizationNode.Name = name;
authorizationNode.Expression = expression;
AuthorizationRuleData nodeData = (AuthorizationRuleData)authorizationNode.AuthorizationRuleData;
Assert.AreEqual(name, nodeData.Name);
Assert.AreEqual(expression, nodeData.Expression);
}
///// <summary>
///// Retrieves all rules in the database as a DataSet
///// </summary>
///// <returns>A DataSet containing all of the rules</returns>
//public DataSet GetAllRules()
//{
// DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
// using(DataSet ds = dbRules.ExecuteDataSet(cmd))
// {
// return ds;
// }
//}
/// <summary>
/// Retrieves all rules in the database as a Collection
/// </summary>
/// <returns>An AuthorizationRuleDataCollection containing all of the rules</returns>
public List <AuthorizationRuleData> GetAllRulesAsCollection()
{
List <AuthorizationRuleData> rules = new List <AuthorizationRuleData>();
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetAllRules");
using (IDataReader reader = dbRules.ExecuteReader(cmd))
{
while (reader.Read())
{
AuthorizationRuleData rule = GetRuleFromReader(reader);
rules.Add(rule);
}
}
return(rules);
}
/// <summary>
/// Retrieves a rule from the database
/// </summary>
/// <param name="Name">The name of the rule</param>
/// <returns>An AuthorizationRuleData object</returns>
public AuthorizationRuleData GetRule(string name)
{
AuthorizationRuleData rule = null;
DbCommand cmd = dbRules.GetStoredProcCommand("dbo.GetRuleByName");
dbRules.AddInParameter(cmd, "Name", DbType.String, name);
using (IDataReader reader = dbRules.ExecuteReader(cmd))
{
if (reader.Read())
{
rule = GetRuleFromReader(reader);
}
}
return(rule);
}
public async Task NamespaceAuthorizationRuleRegenerateKey()
{
//create namespace
_resourceGroup = await CreateResourceGroupAsync();
EventHubNamespaceCollection namespaceCollection = _resourceGroup.GetEventHubNamespaces();
string namespaceName = await CreateValidNamespaceName("testnamespacemgmt");
EventHubNamespaceResource eventHubNamespace = (await namespaceCollection.CreateOrUpdateAsync(WaitUntil.Completed, namespaceName, new EventHubNamespaceData(DefaultLocation))).Value;
NamespaceAuthorizationRuleCollection ruleCollection = eventHubNamespace.GetNamespaceAuthorizationRules();
//create authorization rule
string ruleName = Recording.GenerateAssetName("authorizationrule");
AuthorizationRuleData parameter = new AuthorizationRuleData()
{
Rights = { AccessRights.Listen, AccessRights.Send }
};
NamespaceAuthorizationRuleResource authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
AccessKeys keys1 = await authorizationRule.GetKeysAsync();
Assert.NotNull(keys1);
Assert.NotNull(keys1.PrimaryConnectionString);
Assert.NotNull(keys1.SecondaryConnectionString);
AccessKeys keys2 = await authorizationRule.RegenerateKeysAsync(new RegenerateAccessKeyOptions(KeyType.PrimaryKey));
if (Mode != RecordedTestMode.Playback)
{
Assert.AreNotEqual(keys1.PrimaryKey, keys2.PrimaryKey);
Assert.AreEqual(keys1.SecondaryKey, keys2.SecondaryKey);
}
AccessKeys keys3 = await authorizationRule.RegenerateKeysAsync(new RegenerateAccessKeyOptions(KeyType.SecondaryKey));
if (Mode != RecordedTestMode.Playback)
{
Assert.AreEqual(keys2.PrimaryKey, keys3.PrimaryKey);
Assert.AreNotEqual(keys2.SecondaryKey, keys3.SecondaryKey);
}
}
public async Task EventhubAuthorizationRuleRegenerateKey()
{
//create eventhub
string eventhubName = Recording.GenerateAssetName("eventhub");
EventHubResource eventHub = (await _eventHubCollection.CreateOrUpdateAsync(WaitUntil.Completed, eventhubName, new EventHubData())).Value;
EventHubAuthorizationRuleCollection ruleCollection = eventHub.GetEventHubAuthorizationRules();
//create authorization rule
string ruleName = Recording.GenerateAssetName("authorizationrule");
AuthorizationRuleData parameter = new AuthorizationRuleData()
{
Rights = { AccessRights.Listen, AccessRights.Send }
};
EventHubAuthorizationRuleResource authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
AccessKeys keys1 = await authorizationRule.GetKeysAsync();
Assert.NotNull(keys1);
Assert.NotNull(keys1.PrimaryConnectionString);
Assert.NotNull(keys1.SecondaryConnectionString);
AccessKeys keys2 = await authorizationRule.RegenerateKeysAsync(new RegenerateAccessKeyOptions(KeyType.PrimaryKey));
//the recordings are sanitized therefore cannot be compared
if (Mode != RecordedTestMode.Playback)
{
Assert.AreNotEqual(keys1.PrimaryKey, keys2.PrimaryKey);
Assert.AreEqual(keys1.SecondaryKey, keys2.SecondaryKey);
}
AccessKeys keys3 = await authorizationRule.RegenerateKeysAsync(new RegenerateAccessKeyOptions(KeyType.SecondaryKey));
if (Mode != RecordedTestMode.Playback)
{
Assert.AreEqual(keys2.PrimaryKey, keys3.PrimaryKey);
Assert.AreNotEqual(keys2.SecondaryKey, keys3.SecondaryKey);
}
}
/// <summary>
/// Creates the a new rule.
/// </summary>
/// <param name="rule">The rule.</param>
public static void CreateRule(Rule rule)
{
using (TransactionScope scope = new TransactionScope())
{
ConfigurationSourceSection section = GetConfigurationSourceSection();
//get selected source
SqlConfigurationSource selectedSource = GetSelectedConfigurationSource(section);
//get authorization Provider
SecurityConfigurationView securityConfigurationView = new SecurityConfigurationView(selectedSource);
SecuritySettings securitySettings = securityConfigurationView.GetSecuritySettings();
AuthorizationRuleProviderData authorizationProviderData = securitySettings.AuthorizationProviders.Get(
securityConfigurationView.GetDefaultAuthorizationProviderName()) as AuthorizationRuleProviderData;
//add the new rule to the collection
//create a new rule
AuthorizationRuleData newRule = new AuthorizationRuleData(rule.Name, rule.Expression);
authorizationProviderData.Rules.Add(newRule);
SqlConfigurationSourceElement element = GetElement(section.SelectedSource, section.Sources);
selectedSource.Save(element.ConnectionString, element.SetStoredProcedure, "securityConfiguration", securitySettings);
scope.Complete();
}
}
private void BuildAuthorizationRule(AuthorizationRuleData authorizationRule)
{
AuthorizationRuleNode ruleNode = new AuthorizationRuleNode(authorizationRule);
authorizationRuleProviderNode.AddNode(ruleNode);
}
public async Task CreateGetUpdateDeleteDisasterRecovery()
{
_resourceGroup = await CreateResourceGroupAsync();
//create namespace1
string namespaceName1 = await CreateValidNamespaceName("testnamespacemgmt");
EventHubNamespaceCollection namespaceCollection = _resourceGroup.GetEventHubNamespaces();
EventHubNamespaceResource eHNamespace1 = (await namespaceCollection.CreateOrUpdateAsync(WaitUntil.Completed, namespaceName1, new EventHubNamespaceData(DefaultLocation))).Value;
//create namespace2 with a different location
string namespaceName2 = await CreateValidNamespaceName("testnamespacemgmt");
EventHubNamespaceResource eHNamespace2 = (await namespaceCollection.CreateOrUpdateAsync(WaitUntil.Completed, namespaceName2, new EventHubNamespaceData(AzureLocation.EastUS))).Value;
//create authorization rule on namespace1
string ruleName = Recording.GenerateAssetName("authorizationrule");
AuthorizationRuleData ruleParameter = new AuthorizationRuleData()
{
Rights = { AccessRights.Listen, AccessRights.Send }
};
NamespaceAuthorizationRuleResource authorizationRule = (await eHNamespace1.GetNamespaceAuthorizationRules().CreateOrUpdateAsync(WaitUntil.Completed, ruleName, ruleParameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, ruleParameter.Rights.Count);
//create a disaster recovery
string disasterRecoveryName = Recording.GenerateAssetName("disasterrecovery");
DisasterRecoveryData parameter = new DisasterRecoveryData()
{
PartnerNamespace = eHNamespace2.Id
};
DisasterRecoveryResource armDisasterRecovery = (await eHNamespace1.GetDisasterRecoveries().CreateOrUpdateAsync(WaitUntil.Completed, disasterRecoveryName, parameter)).Value;
Assert.NotNull(armDisasterRecovery);
Assert.AreEqual(armDisasterRecovery.Id.Name, disasterRecoveryName);
Assert.AreEqual(armDisasterRecovery.Data.PartnerNamespace, eHNamespace2.Id.ToString());
//get the disaster recovery - primary
armDisasterRecovery = await eHNamespace1.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
Assert.AreEqual(armDisasterRecovery.Data.Role, RoleDisasterRecovery.Primary);
//get the disaster recovery - secondary
DisasterRecoveryResource armDisasterRecoverySec = await eHNamespace2.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
Assert.AreEqual(armDisasterRecoverySec.Data.Role, RoleDisasterRecovery.Secondary);
//wait for completion, this may take several minutes in live and record mode
armDisasterRecovery = await eHNamespace1.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
int i = 0;
while (armDisasterRecovery.Data.ProvisioningState != ProvisioningStateDisasterRecovery.Succeeded && i < 100)
{
if (Mode != RecordedTestMode.Playback)
{
await Task.Delay(5000);
}
i++;
armDisasterRecovery = await eHNamespace1.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
}
System.Console.WriteLine(i);
//check name availability
CheckNameAvailabilityResult nameAvailability = await eHNamespace1.CheckDisasterRecoveryNameAvailabilityAsync(new CheckNameAvailabilityOptions(disasterRecoveryName));
Assert.IsFalse(nameAvailability.NameAvailable);
List <DisasterRecoveryAuthorizationRuleResource> rules = await armDisasterRecovery.GetDisasterRecoveryAuthorizationRules().GetAllAsync().ToEnumerableAsync();
Assert.IsTrue(rules.Count > 0);
//get access keys of the authorization rule
DisasterRecoveryAuthorizationRuleResource rule = rules.First();
AccessKeys keys = await rule.GetKeysAsync();
Assert.NotNull(keys);
//break pairing and wait for completion
await armDisasterRecovery.BreakPairingAsync();
armDisasterRecovery = await eHNamespace1.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
i = 0;
while (armDisasterRecovery.Data.ProvisioningState != ProvisioningStateDisasterRecovery.Succeeded && i < 100)
{
if (Mode != RecordedTestMode.Playback)
{
await Task.Delay(5000);
}
i++;
armDisasterRecovery = await eHNamespace1.GetDisasterRecoveries().GetAsync(disasterRecoveryName);
}
//get all disaster recoveries for a name space
List <DisasterRecoveryResource> disasterRcoveries = await eHNamespace1.GetDisasterRecoveries().GetAllAsync().ToEnumerableAsync();
Assert.IsTrue(disasterRcoveries.Count >= 1);
//delete disaster recovery;
await armDisasterRecovery.DeleteAsync(WaitUntil.Completed);
}
public void AddUserToRule(string ruleName, string username)
{
if (ruleName.Length == 0 || username.Length == 0)
{
throw new ProviderException("权限名和用户名都不能为空");
}
string[] roles = Roles.GetRolesForUser(username);
IPrincipal principal = new GenericPrincipal(new GenericIdentity(username), roles);
AuthorizationRuleData rule = GetRule(ruleName);
if (rule == null)
{
throw new ProviderException(string.Format("权限: '{0}'不在数据库中", ruleName));
}
if (IsInRule(principal, rule.Expression))
{
throw new ProviderException(string.Format("用户: '{0}'已经拥有权限: '{1}'", username, ruleName));
}
string ruleExpression = string.Empty;
string tempExpression = string.Empty;
if (rule.Expression.Contains(string.Format(" AND (NOT I:{0})", username)))
{
tempExpression = ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username), "");
if (IsInRule(principal, tempExpression))
{
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username), "");
}
else
{
ruleExpression = rule.Expression.Replace(string.Format(" AND (NOT I:{0})", username),
string.Format(" OR (I:{0})", username)
);
}
}
else if (rule.Expression.Contains(string.Format("(NOT I:{0})", username)))
{
ruleExpression = rule.Expression.Replace(string.Format("(NOT I:{0})", username),
string.Format("(I:{0})", username)
);
}
else
{
ruleExpression = rule.Expression + string.Format(" OR (I:{0})", username);
}
try
{
new Parser().Parse(ruleExpression);
}
catch (SyntaxException)
{
throw;
}
UpdateRuleByName(rule.Name, ruleExpression);
}
public void RemoveRoleFromRule(string ruleName, string roleName)
{
string[] roles;
roles = new string[1] {
roleName
};
if (ruleName.Length == 0 || roleName.Length == 0)
{
throw new ProviderException("权限名和角色名都不能为空");
}
IPrincipal principal;
principal = new GenericPrincipal(new GenericIdentity(""), roles);
Parser parser = new Parser();
AuthorizationRuleData rule = GetRule(ruleName);
if (!parser.Parse(rule.Expression).Evaluate(principal))
{
throw new ProviderException(string.Format("角色: '{0}'已经没有权限: '{1}'", roleName, ruleName));
}
string ruleExpression = string.Empty;
int i = 0;
//计算有几个角色拥有此权限
foreach (string role in Roles.GetAllRoles())
{
roles[0] = role;
principal = new GenericPrincipal(new GenericIdentity(""), roles);
if (parser.Parse(rule.Expression).Evaluate(principal))
{
i++;
}
}
if (i < 2)
{
throw new ProviderException("每个权限至少要属于一个角色!");
}
//此角色已经拥有了此权限
if (rule.Expression.Contains(string.Format(" OR (R:{0})", roleName)))
{
ruleExpression = rule.Expression.Replace(string.Format(" OR (R:{0})", roleName), "");
}
//后面有表达式 OR...
else if (rule.Expression.Contains(string.Format("(R:{0}) OR ", roleName)))
{
ruleExpression = rule.Expression.Replace(string.Format("(R:{0}) OR ", roleName), "");
}
//后面有表达式 AND...
else if (rule.Expression.Contains(string.Format("(R:{0}) AND ", roleName)))
{
ruleExpression = rule.Expression.Replace(string.Format("(R:{0}) AND ", roleName), "");
}
//只有此角色拥有此权限
//else if (rule.Expression.Contains(string.Format("(R:{0})", roleName)))
//{
// //ruleExpression = rule.Expression.Replace(string.Format("(I:{0})", username), "");
// throw new ProviderException("权限必须属于至少一个角色或用户!!!");
//}
////只是此角色拥有此权限
//else
//{
// ruleExpression = rule.Expression + string.Format(" AND (NOT I:{0})", roleName);
//}
UpdateRuleByName(ruleName, ruleExpression);
}
public async Task NamespaceCreateGetUpdateDeleteAuthorizationRule()
{
//create namespace
_resourceGroup = await CreateResourceGroupAsync();
EventHubNamespaceCollection namespaceCollection = _resourceGroup.GetEventHubNamespaces();
string namespaceName = await CreateValidNamespaceName("testnamespacemgmt");
EventHubNamespaceResource eventHubNamespace = (await namespaceCollection.CreateOrUpdateAsync(WaitUntil.Completed, namespaceName, new EventHubNamespaceData(DefaultLocation))).Value;
NamespaceAuthorizationRuleCollection ruleCollection = eventHubNamespace.GetNamespaceAuthorizationRules();
//create authorization rule
string ruleName = Recording.GenerateAssetName("authorizationrule");
AuthorizationRuleData parameter = new AuthorizationRuleData()
{
Rights = { AccessRights.Listen, AccessRights.Send }
};
NamespaceAuthorizationRuleResource authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//get authorization rule
authorizationRule = await ruleCollection.GetAsync(ruleName);
Assert.AreEqual(authorizationRule.Id.Name, ruleName);
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//get all authorization rules
List <NamespaceAuthorizationRuleResource> rules = await ruleCollection.GetAllAsync().ToEnumerableAsync();
//there should be two authorization rules
Assert.True(rules.Count > 1);
bool isContainAuthorizationRuleName = false;
bool isContainDefaultRuleName = false;
foreach (NamespaceAuthorizationRuleResource rule in rules)
{
if (rule.Id.Name == ruleName)
{
isContainAuthorizationRuleName = true;
}
if (rule.Id.Name == DefaultNamespaceAuthorizationRule)
{
isContainDefaultRuleName = true;
}
}
Assert.True(isContainDefaultRuleName);
Assert.True(isContainAuthorizationRuleName);
//update authorization rule
parameter.Rights.Add(AccessRights.Manage);
authorizationRule = (await ruleCollection.CreateOrUpdateAsync(WaitUntil.Completed, ruleName, parameter)).Value;
Assert.NotNull(authorizationRule);
Assert.AreEqual(authorizationRule.Data.Rights.Count, parameter.Rights.Count);
//delete authorization rule
await authorizationRule.DeleteAsync(WaitUntil.Completed);
//validate if deleted
Assert.IsFalse(await ruleCollection.ExistsAsync(ruleName));
rules = await ruleCollection.GetAllAsync().ToEnumerableAsync();
Assert.True(rules.Count == 1);
Assert.AreEqual(rules[0].Id.Name, DefaultNamespaceAuthorizationRule);
}
private void BuildAuthorizationRule(AuthorizationRuleData authorizationRule)
{
AuthorizationRuleNode ruleNode = new AuthorizationRuleNode(authorizationRule);
authorizationRuleProviderNode.AddNode(ruleNode);
}
