public override async Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var policy = await base.GetPolicyAsync(policyName);
var tenant = await _tenantProvider.CurrentTenantId();
if (policy == null || await _iamProvider.NeedsUpdate(policyName, tenant, _iamProviderCache))
{
var iamRoles = await _iamProvider.GetRequiredRoles(policyName, tenant, _iamProviderCache);
var iamClaim = await _iamProvider.GetRequiredClaim(policyName, tenant, _iamProviderCache);
var isResourceIdAccessRequired = await _iamProvider.IsResourceIdAccessRequired(policyName, tenant, _iamProviderCache);
var builder = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser();
if (iamRoles != null)
{
var _iamRoles = !string.IsNullOrEmpty(iamClaim) ? new List <string>(iamRoles).Union(new List <string>()
{
iamClaim
}) : iamRoles;
if (iamRoles.Count > 0)
{
builder.RequireRole(_iamRoles.Select(x => x.ToMultiTenantRoleName(tenant)));
}
}
else if (!string.IsNullOrEmpty(iamClaim))
{
builder.RequireRole(iamClaim.ToMultiTenantRoleName(tenant));
}
if (isResourceIdAccessRequired)
{
builder.AddRequirements(new ResourceIdRequirement(policyName));
}
policy = builder
.Build();
}
return(policy);
}
