private AccessControlEffect CollectionAccessControlProcess(Subject subject, Resource resource, string action, EnvironmentObject environment) { AccessControlEffect result = AccessControlEffect.NotApplicable; ICollection <AccessControlPolicy> collectionPolicies = _accessControlPolicyRepository.Get(resource.Name, action, false); string policyCombining = _policyCombiningRepository.GetRuleCombining(collectionPolicies); var targetPolicies = new List <AccessControlPolicy>(); foreach (var policy in collectionPolicies) { bool isTarget = _expressionService.Evaluate(policy.Target, subject.Data, null, environment.Data); if (isTarget) { targetPolicies.Add(policy); } } foreach (var policy in targetPolicies) { string policyEffect = String.Empty; foreach (var rule in policy.Rules) { bool isApplied = _expressionService.Evaluate(rule.Condition, subject.Data, null, environment.Data); if (isApplied && rule.Effect.Equals("Permit") && policy.RuleCombining.Equals("permit-overrides")) { policyEffect = "Permit"; break; } if (isApplied && rule.Effect.Equals("Deny") && policy.RuleCombining.Equals("deny-overrides")) { policyEffect = "Deny"; break; } } if (policyEffect.Equals("Permit") && policyCombining.Equals("permit-overrides")) { result = AccessControlEffect.Permit; break; } else if (policyEffect.Equals("Deny") && policyCombining.Equals("deny-overrides")) { result = AccessControlEffect.Deny; break; } } return(result); }
private IDictionary <string, string> GetFieldCollectionRules(Subject subject, Resource resource, string action, EnvironmentObject environment) { var policies = _privacyPolicyRepository.GetPolicies(resource.Name, false); var targetPolicies = new List <PrivacyPolicy>(); foreach (var policy in policies) { bool isTarget = _expressionService.Evaluate(policy.Target, subject.Data, null, environment.Data); if (isTarget) { targetPolicies.Add(policy); } } var fieldCollectionRules = new Dictionary <string, string>(); foreach (var policy in targetPolicies) { foreach (var collectionField in policy.Rules) { bool isApplied = _expressionService.Evaluate(collectionField.Condition, subject.Data, null, environment.Data); if (isApplied) { InsertPrivacyRule(fieldCollectionRules, collectionField.FieldEffects); } } } return(fieldCollectionRules); }