public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList <ISecurityPolicy> policies)
{
if (securityPolicyToAdd == null)
{
throw new ArgumentNullException("securityPolicyToAdd");
}
if (policies == null)
{
throw new ArgumentNullException("policies");
}
if (securityPolicyToAdd is IgnorePolicy)
{
policies.Clear();
}
else if (securityPolicyToAdd is DenyAnonymousAccessPolicy)
{
policies.Clear();
}
else if (securityPolicyToAdd is DenyAuthenticatedAccessPolicy)
{
policies.Clear();
}
else if (securityPolicyToAdd is RequireRolePolicy)
{
policies.Clear();
}
else if (securityPolicyToAdd is RequireAllRolesPolicy)
{
policies.Clear();
}
policies.Add(securityPolicyToAdd);
}
public static string CreateFromStrategy(PolicyResultCacheStrategy strategy, ISecurityPolicy securityPolicy, ISecurityContext context)
{
var policyCacheKey = BuildPolicyCacheKey(strategy, securityPolicy, context);
var cacheKey = BuildCacheKey(strategy, policyCacheKey);
return(cacheKey);
}
public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList <ISecurityPolicy> policies)
{
if (securityPolicyToAdd == null)
{
throw new ArgumentNullException(nameof(securityPolicyToAdd));
}
if (policies == null)
{
throw new ArgumentNullException(nameof(policies));
}
if (securityPolicyToAdd.IsPolicyOf <IgnorePolicy>())
{
policies.Clear();
}
else if (securityPolicyToAdd.IsPolicyOf <DenyAnonymousAccessPolicy>())
{
policies.Clear();
}
else if (securityPolicyToAdd.IsPolicyOf <DenyAuthenticatedAccessPolicy>())
{
policies.Clear();
}
else if (securityPolicyToAdd.IsPolicyOf <RequireAnyRolePolicy>())
{
policies.Clear();
}
else if (securityPolicyToAdd.IsPolicyOf <RequireAllRolesPolicy>())
{
policies.Clear();
}
policies.Add(securityPolicyToAdd);
}
/// <summary>
/// Ensures we are working with the actual policy. Takes care of loading lazy policies.
/// </summary>
internal static ISecurityPolicy EnsureNonLazyPolicy(this ISecurityPolicy securityPolicy)
{
var lazySecurityPolicy = securityPolicy as ILazySecurityPolicy;
return(lazySecurityPolicy != null
? lazySecurityPolicy.Load()
: securityPolicy);
}
/// <summary>
/// Gets the actual type of the ISecurityPolicy. Takes care of checking for lazy policies.
/// </summary>
public static Type GetPolicyType(this ISecurityPolicy securityPolicy)
{
var lazySecurityPolicy = securityPolicy as ILazySecurityPolicy;
return(lazySecurityPolicy != null
? lazySecurityPolicy.PolicyType
: securityPolicy.GetType());
}
public IConventionPolicyContainer AddPolicy(ISecurityPolicy securityPolicy)
{
foreach (var policyContainer in _policyContainers)
{
policyContainer.AddPolicy(securityPolicy);
}
return this;
}
public IConventionPolicyContainer AddPolicy(ISecurityPolicy securityPolicy)
{
foreach (var policyContainer in _policyContainers)
{
policyContainer.AddPolicy(securityPolicy);
}
return(this);
}
public static PolicyResult CreateSuccessResult(ISecurityPolicy policy)
{
return(new PolicyResult
{
PolicyType = policy.GetType(),
ViolationOccured = false,
Message = null
});
}
public void SetUp()
{
// Arrange
_policy = new DenyAnonymousAccessPolicy();
_policyContainer = TestDataFactory.CreateValidPolicyContainer();
// Act
_return = _policyContainer.AddPolicy(_policy);
}
public IPolicyContainerConfiguration AddPolicy(ISecurityPolicy securityPolicy)
{
foreach (var policyContainer in _policyContainers)
{
policyContainer.AddPolicy(securityPolicy);
}
return(this);
}
internal EffectivePermission(IPermission Permission, ISecurityPolicy policy, PermissionResult PermissionResult)
{
this.Permission = Permission;
this.Policy = policy;
this.Input = PermissionResult.Input;
this.Metadata = PermissionResult.Metadata;
this.Allow = PermissionResult.Allow;
this.DenialMessage = PermissionResult.DenialMessage;
}
public static PolicyResult CreateSuccessResult(ISecurityPolicy policy)
{
return new PolicyResult
{
PolicyType = policy.GetType(),
ViolationOccured = false,
Message = null
};
}
public DataAccess(MyAppDbContext dbContext, ISecurityPolicy securityPolicy)
{
_dbContext = dbContext;
_securityPolicy = securityPolicy;
if (_securityPolicy == null)
{
throw new ArgumentNullException(nameof(securityPolicy));
}
}
/// <summary>
/// Returns true if the policy is of the expected type. Takes care of checking for lazy policies.
/// </summary>
/// <param name="securityPolicy">The policy</param>
/// <returns>A boolean</returns>
internal static bool IsPolicyOf <TSecurityPolicy>(this ISecurityPolicy securityPolicy) where TSecurityPolicy : class, ISecurityPolicy
{
var isMatch = securityPolicy is TSecurityPolicy;
if (!isMatch)
{
isMatch = securityPolicy.GetPolicyType() == typeof(TSecurityPolicy);
}
return(isMatch);
}
public static PolicyResult CreateFailureResult(ISecurityPolicy policy, string message)
{
if (policy == null) throw new ArgumentNullException("policy", "A policy must be provided.");
if (String.IsNullOrEmpty(message)) throw new ArgumentNullException("message", "A failure message must be provided.");
return new PolicyResult
{
PolicyType = policy.GetType(),
ViolationOccured = true,
Message = message
};
}
public virtual ISecurityPolicy Merge(ISecurityPolicy next)
{
if (next == null)
{
throw new ArgumentNullException("next");
}
if (next.GetType() != this.GetType())
{
throw new ArgumentException("Merging of policies of different types not allowed");
}
return(next);
}
public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList<ISecurityPolicy> policies)
{
if (securityPolicyToAdd == null) throw new ArgumentNullException("securityPolicyToAdd");
if (policies == null) throw new ArgumentNullException("policies");
if (securityPolicyToAdd is IgnorePolicy)
PrepareForIgnorePolicy(policies);
else if (securityPolicyToAdd is DenyAnonymousAccessPolicy)
PrepareForDenyAnonymousAccessPolicy(policies);
else if (securityPolicyToAdd is DenyAuthenticatedAccessPolicy)
PrepareForDenyAuthenticatedAccessPolicy(policies);
else if (securityPolicyToAdd is RequireRolePolicy)
PrepareForRequireRolePolicy(policies);
policies.Add(securityPolicyToAdd);
}
public static PolicyResult CreateFailureResult(ISecurityPolicy policy, string message)
{
if (policy == null)
{
throw new ArgumentNullException("policy", "A policy must be provided.");
}
if (String.IsNullOrEmpty(message))
{
throw new ArgumentNullException("message", "A failure message must be provided.");
}
return(new PolicyResult
{
PolicyType = policy.GetType(),
ViolationOccured = true,
Message = message
});
}
public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList<ISecurityPolicy> policies)
{
if (securityPolicyToAdd == null) throw new ArgumentNullException("securityPolicyToAdd");
if (policies == null) throw new ArgumentNullException("policies");
if (securityPolicyToAdd.IsPolicyOf<IgnorePolicy>())
policies.Clear();
else if (securityPolicyToAdd.IsPolicyOf<DenyAnonymousAccessPolicy>())
policies.Clear();
else if (securityPolicyToAdd.IsPolicyOf<DenyAuthenticatedAccessPolicy>())
policies.Clear();
else if (securityPolicyToAdd.IsPolicyOf<RequireAnyRolePolicy>())
policies.Clear();
else if (securityPolicyToAdd.IsPolicyOf<RequireAllRolesPolicy>())
policies.Clear();
policies.Add(securityPolicyToAdd);
}
public IPolicyContainerConfiguration AddPolicy(ISecurityPolicy securityPolicy)
{
Publish.ConfigurationEvent(() => "Updating policies for {0} action {1} using {2}.".FormatWith(ControllerName, ActionName, PolicyAppender.GetType().FullName));
var policiesBeforeUpdate = new ISecurityPolicy[_policies.Count];
_policies.CopyTo(policiesBeforeUpdate, 0);
PolicyAppender.UpdatePolicies(securityPolicy, _policies);
var policiesRemoved = policiesBeforeUpdate.Except(_policies).ToList();
policiesRemoved.Each(p => Publish.ConfigurationEvent(() => "- Removed policy {0} [{1}].".FormatWith(p.GetPolicyType().FullName, p is ILazySecurityPolicy ? "Lazy" : "Instance")));
var policiesAdded = _policies.Except(policiesBeforeUpdate).ToList();
policiesAdded.Each(p => Publish.ConfigurationEvent(() => "- Added policy {0} [{1}].".FormatWith(p.GetPolicyType().FullName, p is ILazySecurityPolicy ? "Lazy" : "Instance")));
return(this);
}
private static string BuildPolicyCacheKey(PolicyResultCacheStrategy strategy, ISecurityPolicy securityPolicy, ISecurityContext context)
{
var customPolicyCacheKey = String.Empty;
var cacheKeyProvider = securityPolicy as ICacheKeyProvider;
if (cacheKeyProvider != null)
{
customPolicyCacheKey = cacheKeyProvider.Get(context);
if (customPolicyCacheKey != null)
{
while (customPolicyCacheKey.StartsWith(" ") || customPolicyCacheKey.EndsWith(" "))
customPolicyCacheKey = customPolicyCacheKey.Trim();
if (!String.IsNullOrWhiteSpace(customPolicyCacheKey))
customPolicyCacheKey = String.Concat(Separator, customPolicyCacheKey);
}
}
return String.Concat(strategy.PolicyType.FullName, customPolicyCacheKey);
}
public static string CreateFromStrategy(PolicyResultCacheStrategy strategy, ISecurityPolicy securityPolicy, ISecurityContext context)
{
var policyCacheKey = BuildPolicyCacheKey(strategy, securityPolicy, context);
var cacheKey = BuildCacheKey(strategy, policyCacheKey);
return cacheKey;
}
internal DelegateSecurityContext(ISecurityPolicy policy, ISecurityContext securityContext) : base(securityContext)
{
Policy = policy;
}
protected override bool EvaluatePredicate(ISecurityPolicy securityPolicy)
{
var policy = securityPolicy.EnsureNonLazyPolicyOf <TSecurityPolicy>();
return(policy != null && Predicate.Invoke(policy));
}
public IPolicyContainer AddPolicy(ISecurityPolicy securityPolicy)
{
PolicyAppender.UpdatePolicies(securityPolicy, _policies);
return this;
}
public static PolicyViolationException CreateExceptionFor(ISecurityPolicy policy)
{
return new PolicyViolationException(PolicyResult.CreateFailureResult(policy, "Access denied"));
}
public IPolicyContainerConfiguration AddPolicy(ISecurityPolicy securityPolicy)
{
return(_inner.AddPolicy(securityPolicy));
}
private PolicyResultCacheStrategy GetExecutionCacheStrategyForPolicy(ISecurityPolicy securityPolicy, Cache defaultResultsCacheLifecycle)
{
var existingStrategy = GetExistingCacheStrategyForPolicy(securityPolicy.GetType());
return(existingStrategy ?? new PolicyResultCacheStrategy(ControllerName, ActionName, securityPolicy.GetType(), defaultResultsCacheLifecycle));
}
public static PolicyViolationException CreateExceptionFor(ISecurityPolicy policy)
{
return(CreatePolicyViolationException(PolicyResult.CreateFailureResult(policy, "Access denied")));
}
protected abstract bool EvaluatePredicate(ISecurityPolicy securityPolicy);
public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList <ISecurityPolicy> policies)
{
policies.Add(securityPolicyToAdd);
}
protected PolicyResult(string message, bool violationOccured, ISecurityPolicy policy)
: this(message, violationOccured, policy.GetType())
{
}
public HasInstanceExpectation(ISecurityPolicy instance)
{
Instance = instance;
}
protected PolicyResult(string message, bool violationOccured, ISecurityPolicy policy)
: this(message, violationOccured, policy.GetType())
{
}
private static string BuildPolicyCacheKey(PolicyResultCacheStrategy strategy, ISecurityPolicy securityPolicy, ISecurityContext context)
{
var customPolicyCacheKey = String.Empty;
var cacheKeyProvider = securityPolicy as ICacheKeyProvider;
if (cacheKeyProvider != null)
{
customPolicyCacheKey = cacheKeyProvider.Get(context);
if (customPolicyCacheKey != null)
{
while (customPolicyCacheKey.StartsWith(" ") || customPolicyCacheKey.EndsWith(" "))
{
customPolicyCacheKey = customPolicyCacheKey.Trim();
}
if (!String.IsNullOrWhiteSpace(customPolicyCacheKey))
{
customPolicyCacheKey = String.Concat(Separator, customPolicyCacheKey);
}
}
}
return(String.Concat(strategy.PolicyType.FullName, customPolicyCacheKey));
}
public DoesNotHaveInstanceExpectation(ISecurityPolicy instance)
{
Instance = instance;
}
public bool IsMatch(ISecurityPolicy securityPolicy)
{
return(EvaluatePredicate(securityPolicy));
}
protected override bool EvaluatePredicate(ISecurityPolicy securityPolicy)
{
var policy = securityPolicy as TSecurityPolicy;
return(policy != null && Predicate.Invoke(policy));
}
internal DelegateSecurityContext(ISecurityPolicy policy, ISecurityContext securityContext)
: base(securityContext)
{
Policy = policy;
}
public void HasCompletedSecurity(ISecurityPolicy security_policy)
{
return(this.SecurityQuestionResponses.Count()
>= security_policy.MinimumSecurityQuestionResponses);
}
/// <summary>
/// Ensures we are working with the expected policy type. Takes care of loading and casting lazy policies.
/// </summary>
internal static TSecurityPolicy EnsureNonLazyPolicyOf <TSecurityPolicy>(this ISecurityPolicy securityPolicy) where TSecurityPolicy : class, ISecurityPolicy
{
return(securityPolicy.EnsureNonLazyPolicy() as TSecurityPolicy);
}
public IPolicyContainer AddPolicy(ISecurityPolicy securityPolicy)
{
PolicyAppender.UpdatePolicies(securityPolicy, _policies);
return(this);
}
/// <summary>
/// Returns true if the policy implements ICacheKeyProvider
/// </summary>
/// <param name="securityPolicy">The policy</param>
/// <returns>A boolean</returns>
internal static bool IsCacheKeyProvider(this ISecurityPolicy securityPolicy)
{
return(typeof(ICacheKeyProvider).IsAssignableFrom(securityPolicy.GetPolicyType()));
}
public static ITypeSecurityConfiguration <T> ApplyCustomPolicy <T>(this ISecurityPolicyContainer <T> container, ISecurityPolicy policy)
{
container.Policies.Add(policy);
return(container.Configuration());
}
public void UpdatePolicies(ISecurityPolicy securityPolicyToAdd, IList<ISecurityPolicy> policies)
{
policies.Add(securityPolicyToAdd);
}
