public bool Evaluate(IPermissionManaged resource, LNode parsedNode)
{
lock (IdentifierTable)
{
_factory = new LNodeFactory(parsedNode.Source);
IdentifierTable[ResourceIdentifierName] = () => resource;
var result = ResolveLiteral(parsedNode);
return((bool)result.Value);
}
}
public PermissionResult GetResultUsingChain(string chainName, INode permissionToCheck, int identifier,
IPermissionManaged resource = null)
{
if (!Chains.ContainsKey(chainName))
{
Chains[chainName] = new PermissionsChain(_evaluator);
}
var tuple = Chains[chainName].ResolvePermission(permissionToCheck, identifier, resource);
ComputedChainDecision?.Invoke(this, new ComputedChainDecisionEventArgs
(
tuple.Item2, chainName, identifier, tuple.Item1, permissionToCheck
));
return(tuple.Item1);
}
public (PermissionResult, IEnumerable <PermissionDecision>) ResolvePermission(INode nodeToResolve,
int identifier, IPermissionManaged resource = null)
{
var result = PermissionResult.Unset;
var considered = new List <PermissionDecision>();
if (!_entries.ContainsKey(identifier))
{
return(result, considered);
}
var items = _entries[identifier];
lock (items)
{
foreach (var keyValuePair in items.Where(kvp => kvp.Value.IsFor(nodeToResolve)))
{
var grant = keyValuePair.Value;
if (grant.PermissionType == PermissionType.Generic)
{
switch (grant.GrantType)
{
case GrantType.Allow:
result = PermissionResult.Allowed;
break;
case GrantType.Deny:
result = PermissionResult.Denied;
break;
}
considered.Add(new PermissionDecision(grant, result, true));
}
else
{
var resourcedGrant = grant as ResourcedPermissionGrant <IPermissionManaged>;
var conditionsSatisfied = true;
if (resourcedGrant.Condition != null)
{
conditionsSatisfied = _evaluator.Evaluate(resource, resourcedGrant.Condition);
}
switch (grant.GrantType)
{
case GrantType.Allow when conditionsSatisfied:
result = PermissionResult.Allowed;
considered.Add(new PermissionDecision(grant, result, conditionsSatisfied));
break;
case GrantType.Deny when conditionsSatisfied:
result = PermissionResult.Denied;
considered.Add(new PermissionDecision(grant, result, conditionsSatisfied));
break;
default:
considered.Add(new PermissionDecision(grant, PermissionResult.Unset,
conditionsSatisfied));
break;
}
}
}
}
return(result, considered);
}