private void AddStrategiesForResourceClaimLineage(List <ResourceClaimAuthorizationMetadata> strategies, string resourceClaimUri, string action)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
//check for exact match on resource and action
var claimAndStrategy = instanceSecurityRepoCacheObject.ResourceClaimAuthorizationMetadata
.SingleOrDefault(
rcas =>
rcas.ResourceClaim.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase) &&
rcas.Action.ActionUri.Equals(action, StringComparison.InvariantCultureIgnoreCase));
// Add the claim/strategy if it was found
if (claimAndStrategy != null)
{
strategies.Add(claimAndStrategy);
}
var resourceClaim =
instanceSecurityRepoCacheObject.ResourceClaims.FirstOrDefault(rc => rc.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase));
// if there's a parent resource, recurse
if (resourceClaim != null && resourceClaim.ParentResourceClaim != null)
{
AddStrategiesForResourceClaimLineage(strategies, resourceClaim.ParentResourceClaim.ClaimName, action);
}
}
private void AddResourceClaimsInLineage(List <ResourceClaimAction> resourceClaimActions, string resourceClaimUri, string action)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
//check for exact match on resource and action
var resourceClaimAction = instanceSecurityRepoCacheObject.ResourceClaimActions
.SingleOrDefault(
rca =>
rca.ResourceClaim.ClaimName.EqualsIgnoreCase(resourceClaimUri) &&
rca.Action.ActionUri.EqualsIgnoreCase(action));
// Add the resource claim (with strategies) if it was found
if (resourceClaimAction != null)
{
resourceClaimActions.Add(resourceClaimAction);
}
var resourceClaim = instanceSecurityRepoCacheObject.ResourceClaims
.FirstOrDefault(rc => rc.ClaimName.EqualsIgnoreCase(resourceClaimUri));
// if there's a parent resource, recurse up the hierarchy
if (resourceClaim != null && resourceClaim.ParentResourceClaim != null)
{
AddResourceClaimsInLineage(resourceClaimActions, resourceClaim.ParentResourceClaim.ClaimName, action);
}
}
private IInstanceSecurityRepositoryCache MockInstanceSecurityRepositoryCallsAndInitializeCache(ISecurityContextFactory securityContextFactory)
{
InstanceSecurityRepositoryCacheObject values = new InstanceSecurityRepositoryCacheObject
(
new Application {
ApplicationId = 20, ApplicationName = "Ed-Fi ODS API"
},
null,
null,
null,
null,
null,
null
);
var memoryCacheOption = A.Fake <IOptions <MemoryCacheOptions> >();
MemoryCache memoryCache = new MemoryCache(memoryCacheOption);
CacheProvider = new MemoryCacheProvider(memoryCache);
CacheProvider.SetCachedObject(TestInstanceId, values);
CacheProvider.SetCachedObject(GetLastSynchedKey(TestInstanceId), SystemClock.Now());
CacheProvider.SetCachedObject(GetCurrentCacheInitializedKey(TestInstanceId), true);
InstanceSecurityRepositoryCache = new InstanceSecurityRepositoryCache(securityContextFactory, CacheProvider);
return(InstanceSecurityRepositoryCache);
}
public virtual IEnumerable <ClaimSetResourceClaim> GetClaimsForClaimSet(string claimSetName)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
return(instanceSecurityRepoCacheObject.ClaimSetResourceClaims.Where(c => c.ClaimSet.ClaimSetName.Equals(claimSetName, StringComparison.InvariantCultureIgnoreCase)));
}
public virtual Action GetActionByName(string actionName)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
return(instanceSecurityRepoCacheObject.Actions.First(a => a.ActionName.Equals(actionName, StringComparison.InvariantCultureIgnoreCase)));
}
public virtual ResourceClaim GetResourceByResourceName(string resourceName)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
return(instanceSecurityRepoCacheObject.ResourceClaims.FirstOrDefault(rc => rc.ResourceName.Equals(resourceName, StringComparison.InvariantCultureIgnoreCase)));
}
public virtual AuthorizationStrategy GetAuthorizationStrategyByName(string authorizationStrategyName)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
return(instanceSecurityRepoCacheObject.AuthorizationStrategies
.First(a => a.AuthorizationStrategyName.EqualsIgnoreCase(authorizationStrategyName)));
}
private IEnumerable <ResourceClaim> GetResourceClaimLineageForResourceClaim(string resourceClaimUri)
{
var instanceId = _instanceIdContextProvider.GetInstanceId();
if (string.IsNullOrEmpty(instanceId))
{
throw new InvalidOperationException("Expected instanceId is null or empty.");
}
var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache()
.GetSecurityRepository(instanceId);
var resourceClaimLineage = new List <ResourceClaim>();
ResourceClaim resourceClaim;
try
{
resourceClaim = instanceSecurityRepoCacheObject.ResourceClaims
.SingleOrDefault(rc => rc.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase));
}
catch (InvalidOperationException ex)
{
// Use InvalidOperationException wrapper with custom message over InvalidOperationException
// thrown by Linq to communicate back to caller the problem with the configuration.
throw new InvalidOperationException($"Multiple resource claims with a claim name of '{resourceClaimUri}' were found in the Ed-Fi API's security configuration. Authorization cannot be performed.", ex);
}
if (resourceClaim != null)
{
resourceClaimLineage.Add(resourceClaim);
if (resourceClaim.ParentResourceClaim != null)
{
resourceClaimLineage.AddRange(GetResourceClaimLineageForResourceClaim(resourceClaim.ParentResourceClaim.ClaimName));
}
}
return(resourceClaimLineage);
}
