public void AuthorizationPolicy_For_returns_the_same_instance_via_generic_and_non_generic_overloads() { var viaGeneric = AuthorizationPolicy.For <Order, AddItem, Customer>(); var viaNonGeneric = AuthorizationPolicy.For(typeof(Order), typeof(AddItem), typeof(Customer)); viaGeneric.Should().Be(viaNonGeneric); }
/// <summary> /// Determines whether the principal is authorized to apply a command to a resource. /// </summary> /// <typeparam name="TResource">The type of the resource.</typeparam> /// <typeparam name="TCommand">The type of the command.</typeparam> /// <typeparam name="TPrincipal">The type of the principal.</typeparam> /// <param name="principal">The principal.</param> /// <param name="command">The command.</param> /// <param name="resource">The resource.</param> /// <returns> /// <c>true</c> if the principal is authorized; otherwise, <c>false</c>. /// </returns> public static bool IsAuthorizedTo <TResource, TCommand, TPrincipal>( this TPrincipal principal, TCommand command, TResource resource) where TCommand : class, ICommand <TResource> where TPrincipal : class, IPrincipal where TResource : class { if (principal == null) { return(false); } var query = AuthorizationQuery.Create(resource, command, principal); var policy = AuthorizationPolicy.For(resource.GetType(), command.GetType(), principal.GetType()); var report = ((dynamic)policy).ValidationPlan.Execute((dynamic)query, haltOnFirstFailure: true); if (report.HasFailures) { return(false); } return(true); }
/// <summary> /// Specifies an authorization rule for a principal applying a specific command type to a specific resource type. /// </summary> /// <param name="requirement">The requirement.</param> /// <param name="message">A message indicating the reason for the authorization failure. This message is intended for diagnostic and monitoring purposes only.</param> public static void Requires(Func <TPrincipal, TCommand, TResource, bool> requirement, string message = null) { ValidateTypeParameters(); ValidationPlan <IAuthorizationQuery <TResource, TCommand, TPrincipal> > plan = AuthorizationPolicy.For <TResource, TCommand, TPrincipal>().ValidationPlan; var defaultRule = AuthorizationPolicy <TResource, TCommand, TPrincipal> .Default; if (plan.Any(rule => rule == defaultRule)) { // the default rule will cause the authz check to fail, so we remove it plan.Remove(defaultRule); } var authzRule = Validate .That <IAuthorizationQuery <TResource, TCommand, TPrincipal> >(query => requirement(query.Principal, query.Command, query.Resource)) .WithErrorMessage(message ?? ("Requirement for " + typeof(TCommand))); plan.AddRule(authzRule); }