/// <summary>
/// Authorizes and filters events based on authorization
/// </summary>
/// <param name="consumer">The event consumer</param>
/// <param name="cloudEvents">The list of events</param>
/// <returns>A list of authorized events</returns>
public async Task <List <CloudEvent> > AuthorizeEvents(ClaimsPrincipal consumer, List <CloudEvent> cloudEvents)
{
XacmlJsonRequestRoot xacmlJsonRequest = CloudEventXacmlMapper.CreateMultiDecisionRequest(consumer, cloudEvents);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest);
List <CloudEvent> authorizedEventsList = new List <CloudEvent>();
foreach (XacmlJsonResult result in response.Response)
{
if (DecisionHelper.ValidateDecisionResult(result, consumer))
{
string eventId = string.Empty;
// Loop through all attributes in Category from the response
foreach (XacmlJsonCategory category in result.Category)
{
var attributes = category.Attribute;
foreach (var attribute in attributes)
{
if (attribute.AttributeId.Equals(AltinnXacmlUrns.EventId))
{
eventId = attribute.Value;
}
}
}
// Find the instance that has been validated to add it to the list of authorized instances.
CloudEvent authorizedEvent = cloudEvents.First(i => i.Id == eventId);
authorizedEventsList.Add(authorizedEvent);
}
}
return(authorizedEventsList);
}
/// <summary>
/// Method to authorize access to an Altinn App event
/// </summary>
public async Task <bool> AuthorizeConsumerForAltinnAppEvent(CloudEvent cloudEvent, string consumer)
{
XacmlJsonRequestRoot xacmlJsonRequest = CloudEventXacmlMapper.CreateDecisionRequest(cloudEvent, consumer);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest);
return(ValidateResult(response));
}
