private static EffectiveActionAndStrategy GetEffectiveActionPermissions(
Resource resource, string actionName, string claimSetName)
{
var effectiveActionAndStrategy = new EffectiveActionAndStrategy(resource.Name, actionName);
// Step 1: Process default metadata, top to bottom (least to most in terms of priority)
// Process ancestors first, top to bottom
var inheritedDefaultActionAndStrategyPairs =
(from r in resource.Ancestors
let pair = r.ActionAndStrategyPairs.SingleOrDefault(x => x.ActionName == actionName)
where pair != null
select new
{
OriginatingResourceName = r.Name,
ActionAndStrategy = pair
})
.Reverse()
.ToList();
foreach (var pair in inheritedDefaultActionAndStrategyPairs)
{
effectiveActionAndStrategy.TrySetAuthorizationStrategy(
pair.ActionAndStrategy.AuthorizationStrategy,
pair.OriginatingResourceName,
inherited: true,
isDefault: true);
}
var localActionAndStrategy = resource
.ActionAndStrategyPairs
.SingleOrDefault(x => x.ActionName == actionName)
?? ActionAndStrategy.Empty;
effectiveActionAndStrategy.TrySetAuthorizationStrategy(
localActionAndStrategy.AuthorizationStrategy,
resource.Name,
inherited: false,
isDefault: true);
// Step 2: Process from bottom to top (least to most in terms of priority)
// Are there any explicit settings on the resource for the current actiona and claim set?
ActionAndStrategy explicitActionAndStrategyForAction;
if (localActionAndStrategy.ExplicitActionAndStrategyByClaimSetName.TryGetValue(
claimSetName,
out explicitActionAndStrategyForAction))
{
// There was a claim set specific setting on the current resource
effectiveActionAndStrategy.TrySetActionGranted(inherited: false);
effectiveActionAndStrategy.TrySetAuthorizationStrategy(
explicitActionAndStrategyForAction.AuthorizationStrategy,
resource.Name,
inherited: false,
isDefault: false);
}
// Now look for explicit claim set overrides up the resource claim lineage
var claimsetOverridePermissions =
(from r in resource.Ancestors
let pair = r.ActionAndStrategyPairs.SingleOrDefault(x => x.ActionName == actionName)
let claimsetPair = GetClaimSetSpecificActionAndStrategy(pair, claimSetName)
where claimsetPair != null
select new
{
OriginatingResourceName = r.Name,
ActionAndStrategy = claimsetPair
})
.ToList();
foreach (var pair in claimsetOverridePermissions)
{
effectiveActionAndStrategy.TrySetActionGranted(inherited: true);
effectiveActionAndStrategy.TrySetAuthorizationStrategy(
pair.ActionAndStrategy.AuthorizationStrategy,
pair.OriginatingResourceName,
inherited: true,
isDefault: false);
}
return(effectiveActionAndStrategy);
}
