public ActionResult Edit(int?id) { if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Ticket ticket = db.Tickets.Find(id); if (ticket == null) { return(HttpNotFound()); } if (DecisionHelper.TicketEditable(ticket)) { ViewBag.AssignedToUserId = new SelectList(db.Users, "Id", "FirstName", ticket.AssignedToUserId); //TODO project id should be limited to admin in case a ticket goes to the wrong project ViewBag.ProjectId = new SelectList(db.Projects, "Id", "Name", ticket.ProjectId); ViewBag.TicketPriorityId = new SelectList(db.TicketPriorities, "Id", "Name", ticket.TicketPriorityId); ViewBag.TicketStatusId = new SelectList(db.TicketStatuses, "Id", "Name", ticket.TicketStatusId); ViewBag.TicketTypeId = new SelectList(db.TicketTypes, "Id", "Name", ticket.TicketTypeId); return(View(ticket)); } else { return(RedirectToAction("AccessViolation", "Admin")); } }
public void ValidateResponse_TC02() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = "2" }; obligation.AttributeAssignment.Add(authenticationAttribute); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligation); // Act bool result = DecisionHelper.ValidateResponse(response.Response, CreateUserClaims(false)); // Assert Assert.True(result); }
private async Task <bool> Authorize(string currentTaskType, Instance instance) { string actionType; if (string.IsNullOrEmpty(currentTaskType) || currentTaskType.Equals("data")) { actionType = "write"; } else { actionType = currentTaskType; } string org = instance.Org; string app = instance.AppId.Split("/")[1]; XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, actionType, null, instance.Id); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Instance Controller // Authorization to update Process failed: {JsonConvert.SerializeObject(request)}."); return(false); } bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User); return(authorized); }
/// <summary> /// Authorizes a given action on an instance. /// </summary> /// <returns></returns> public async Task <bool> AuthorizeInstanceAction(ClaimsPrincipal user, Instance instance, string action) { string org = instance.Org; string app = instance.AppId.Split('/')[1]; int instanceOwnerPartyId = int.Parse(instance.InstanceOwner.PartyId); XacmlJsonRequestRoot request; if (instance.Id == null) { request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, null); } else { Guid instanceGuid = Guid.Parse(instance.Id.Split('/')[1]); request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, instanceGuid); } XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Authorization Helper // Authorize instance action failed for request: {JsonConvert.SerializeObject(request)}."); return(false); } bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, user); return(authorized); }
private async Task <bool> AuthorizeAction(string currentTaskType, string org, string app, int instanceOwnerPartyId, Guid instanceGuid) { string actionType; switch (currentTaskType) { case "data": case "feedback": actionType = "write"; break; case "confirmation": actionType = "confirm"; break; default: actionType = currentTaskType; break; } XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, actionType, instanceOwnerPartyId, instanceGuid); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Process Controller // Authorization of moving process forward failed with request: {JsonConvert.SerializeObject(request)}."); return(false); } bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User); return(authorized); }
private static XacmlJsonCategory CreateEventsResourceCategory(string org, string app, string instanceOwnerPartyId, string instanceGuid, bool includeResult = false) { XacmlJsonCategory resourceCategory = new XacmlJsonCategory(); resourceCategory.Attribute = new List <XacmlJsonAttribute>(); if (!string.IsNullOrWhiteSpace(instanceOwnerPartyId)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.PartyId, instanceOwnerPartyId, DefaultType, DefaultIssuer, includeResult)); } if (!string.IsNullOrWhiteSpace(instanceGuid) && !string.IsNullOrWhiteSpace(instanceOwnerPartyId)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.InstanceId, instanceOwnerPartyId + "/" + instanceGuid, DefaultType, DefaultIssuer, includeResult)); } if (!string.IsNullOrWhiteSpace(org)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.OrgId, org, DefaultType, DefaultIssuer)); } if (!string.IsNullOrWhiteSpace(app)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppId, app, DefaultType, DefaultIssuer)); } resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppResource, "events", DefaultType, DefaultIssuer)); return(resourceCategory); }
/// <summary> /// Replaces Resource attributes with data from instance. Add all relevant values so PDP have it all /// </summary> /// <param name="jsonRequest">The JSON Request</param> /// <param name="instance">The instance</param> public static void EnrichXacmlJsonRequest(XacmlJsonRequestRoot jsonRequest, Instance instance) { XacmlJsonCategory resourceCategory = new XacmlJsonCategory { Attribute = new List <XacmlJsonAttribute>() }; string instanceId = instance.Id; string task = instance.Process?.CurrentTask?.ElementId; string instanceOwnerPartyId = instance.InstanceOwner.PartyId; string org = instance.Org; string app = instance.AppId.Split("/")[1]; if (task != null) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(XacmlResourceTaskId, task, DefaultType, DefaultIssuer)); } else if (instance.Process?.EndEvent != null) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(XacmlResourceEndId, instance.Process.EndEvent, DefaultType, DefaultIssuer)); } if (!string.IsNullOrWhiteSpace(instanceId)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.InstanceId, instanceId, DefaultType, DefaultIssuer, true)); } resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.PartyId, instanceOwnerPartyId, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.OrgId, org, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppId, app, DefaultType, DefaultIssuer)); // Replaces the current Resource attributes jsonRequest.Request.Resource = new List <XacmlJsonCategory> { resourceCategory }; }
public void ValidatePdpDecision_TC08() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevel = "3"; XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = minAuthLevel }; obligation.AttributeAssignment.Add(authenticationAttribute); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligation); // Act EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false)); // Assert Assert.False(result.Authorized); Assert.Contains(AltinnObligations.RequiredAuthenticationLevel, result.FailedObligations.Keys); Assert.Equal(minAuthLevel, result.FailedObligations[AltinnObligations.RequiredAuthenticationLevel]); }
/// <summary> /// This method authorize access bases on context and requirement /// Is triggered by annotation on MVC action and setup in startup. /// </summary> /// <param name="context">The context</param> /// <param name="requirement">The requirement</param> /// <returns>A Task</returns> protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AppAccessRequirement requirement) { XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(context, requirement, _httpContextAccessor.HttpContext.GetRouteData()); _logger.LogInformation($"// Storage PEP // AppAccessHandler // Request sent: {JsonConvert.SerializeObject(request)}"); XacmlJsonResponse response; // Get The instance to enrich the request Instance instance = await GetInstance(request); if (instance != null) { AuthorizationHelper.EnrichXacmlJsonRequest(request, instance); response = await GetDecisionForRequest(request); } else { response = await _pdp.GetDecisionForRequest(request); } if (response?.Response == null) { throw new Exception("Response is null from PDP"); } if (!DecisionHelper.ValidatePdpDecision(response.Response, context.User)) { context.Fail(); } context.Succeed(requirement); await Task.CompletedTask; }
/// <summary> /// Authorizes and filters events based on authorization /// </summary> /// <param name="consumer">The event consumer</param> /// <param name="cloudEvents">The list of events</param> /// <returns>A list of authorized events</returns> public async Task <List <CloudEvent> > AuthorizeEvents(ClaimsPrincipal consumer, List <CloudEvent> cloudEvents) { XacmlJsonRequestRoot xacmlJsonRequest = CloudEventXacmlMapper.CreateMultiDecisionRequest(consumer, cloudEvents); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest); List <CloudEvent> authorizedEventsList = new List <CloudEvent>(); foreach (XacmlJsonResult result in response.Response) { if (DecisionHelper.ValidateDecisionResult(result, consumer)) { string eventId = string.Empty; // Loop through all attributes in Category from the response foreach (XacmlJsonCategory category in result.Category) { var attributes = category.Attribute; foreach (var attribute in attributes) { if (attribute.AttributeId.Equals(AltinnXacmlUrns.EventId)) { eventId = attribute.Value; } } } // Find the instance that has been validated to add it to the list of authorized instances. CloudEvent authorizedEvent = cloudEvents.First(i => i.Id == eventId); authorizedEventsList.Add(authorizedEvent); } } return(authorizedEventsList); }
public async Task <ActionResult <Instance> > Post(string appId, [FromBody] Instance instance) { (Application appInfo, ActionResult appInfoError) = await GetApplicationOrErrorAsync(appId); int instanceOwnerPartyId = int.Parse(instance.InstanceOwner.PartyId); if (appInfoError != null) { return(appInfoError); } if (string.IsNullOrWhiteSpace(instance.InstanceOwner.PartyId)) { return(BadRequest("Cannot create an instance without an instanceOwner.PartyId.")); } // Checking that user is authorized to instantiate. XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(appInfo.Org, appInfo.Id.Split('/')[1], HttpContext.User, "instantiate", instanceOwnerPartyId, null); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Instances Controller // Authorization of instantiation failed with request: {JsonConvert.SerializeObject(request)}."); return(Forbid()); } bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User); if (!authorized) { return(Forbid()); } Instance storedInstance = new Instance(); try { DateTime creationTime = DateTime.UtcNow; string userId = GetUserId(); Instance instanceToCreate = CreateInstanceFromTemplate(appInfo, instance, creationTime, userId); storedInstance = await _instanceRepository.Create(instanceToCreate); await DispatchEvent(InstanceEventType.Created, storedInstance); _logger.LogInformation($"Created instance: {storedInstance.Id}"); storedInstance.SetPlatformSelflink(_storageBaseAndHost); return(Created(storedInstance.SelfLinks.Platform, storedInstance)); } catch (Exception storageException) { _logger.LogError($"Unable to create {appId} instance for {instance.InstanceOwner.PartyId} due to {storageException}"); // compensating action - delete instance await _instanceRepository.Delete(storedInstance); _logger.LogError($"Deleted instance {storedInstance.Id}"); return(StatusCode(500, $"Unable to create {appId} instance for {instance.InstanceOwner.PartyId} due to {storageException.Message}")); } }
/// <summary> /// This method authorize access bases on context and requirement /// Is triggered by annotation on MVC action and setup in startup. /// </summary> /// <param name="context">The context</param> /// <param name="requirement">The requirement</param> /// <returns>A Task</returns> protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AppAccessRequirement requirement) { if (_pepSettings.DisablePEP) { context.Succeed(requirement); return; } XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(context, requirement, _httpContextAccessor.HttpContext.GetRouteData()); _logger.LogInformation($"// Altinn PEP // AppAccessHandler // Request sent: {JsonConvert.SerializeObject(request)}"); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { throw new ArgumentNullException("response"); } if (!DecisionHelper.ValidatePdpDecision(response.Response, context.User)) { context.Fail(); } context.Succeed(requirement); await Task.CompletedTask; }
private static XacmlJsonCategory CreateMultipleSubjectCategory(IEnumerable <Claim> claims) { XacmlJsonCategory subjectAttributes = DecisionHelper.CreateSubjectCategory(claims); subjectAttributes.Id = SubjectId + "1"; return(subjectAttributes); }
private static XacmlJsonCategory CreateActionCategory(string actionType, bool includeResult = false) { XacmlJsonCategory actionAttributes = new XacmlJsonCategory(); actionAttributes.Attribute = new List <XacmlJsonAttribute>(); actionAttributes.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(MatchAttributeIdentifiers.ActionId, actionType, DefaultType, DefaultIssuer, includeResult)); return(actionAttributes); }
public void ValidateResponse_TC07() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); // Act & Assert Assert.Throws <ArgumentNullException>(() => DecisionHelper.ValidateResponse(response.Response, null)); }
public void ValidateResponse_TC06() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = null; // Act & Assert Assert.Throws <ArgumentNullException>(() => DecisionHelper.ValidateResponse(response.Response, CreateUserClaims(false))); }
public async Task <bool> GetDecisionForUnvalidateRequest(XacmlJsonRequestRoot xacmlJsonRequest, ClaimsPrincipal user) { if (_pepSettings.DisablePEP) { return(true); } XacmlJsonResponse response = await GetDecisionForRequest(xacmlJsonRequest); return(DecisionHelper.ValidatePdpDecision(response.Response, user)); }
public void CreateXacmlJsonRequest_TC02() { // Arrange & Act XacmlJsonRequestRoot requestRoot = DecisionHelper.CreateXacmlJsonRequest(org, app, CreateUserClaims(true), actionType, partyId, null); XacmlJsonRequest request = requestRoot.Request; // Assert Assert.Equal(2, request.AccessSubject[0].Attribute.Count); Assert.Single(request.Action[0].Attribute); Assert.Equal(3, request.Resource[0].Attribute.Count); }
/// <inheritdoc/> public async Task <bool> GetDecisionForUnvalidateRequest(XacmlJsonRequestRoot xacmlJsonRequest, ClaimsPrincipal user) { XacmlJsonResponse response = await GetDecisionForRequest(xacmlJsonRequest); if (response?.Response == null) { throw new ArgumentNullException("response"); } _logger.LogInformation($"// Altinn PEP // PDPAppSI // Request sent to platform authorization: {JsonConvert.SerializeObject(xacmlJsonRequest)}"); return(DecisionHelper.ValidatePdpDecision(response.Response, user)); }
private async Task <bool> AuthorizeAction(string currenTaskType, string org, string app, string instanceId) { string actionType = currenTaskType.Equals("data") ? "write" : null; XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, actionType, null, instanceId); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Process Controller // Authorization of moving process forward failed with request: {JsonConvert.SerializeObject(request)}."); return(false); } bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User); return(authorized); }
private async Task <EnforcementResult> AuthorizeAction(string org, string app, int partyId, string action) { EnforcementResult enforcementResult = new EnforcementResult(); XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, action, partyId, null); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Instances Controller // Authorization of action {action} failed with request: {JsonConvert.SerializeObject(request)}."); return(enforcementResult); } enforcementResult = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, HttpContext.User); return(enforcementResult); }
private async Task <bool> AuthorizeInstatiation(string org, string app, Party party) { bool authorized = false; XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, "instantiate", party.PartyId.ToString(), null); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request); if (response?.Response == null) { _logger.LogInformation($"// Instances Controller // Authorization of instantiation failed with request: {JsonConvert.SerializeObject(request)}."); return(authorized); } authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User); return(authorized); }
private static List <XacmlJsonCategory> CreateMultipleActionCategory(List <string> actionTypes) { List <XacmlJsonCategory> actionCategories = new List <XacmlJsonCategory>(); int counter = 1; foreach (string actionType in actionTypes) { XacmlJsonCategory actionCategory; actionCategory = DecisionHelper.CreateActionCategory(actionType, true); actionCategory.Id = ActionId + counter.ToString(); actionCategories.Add(actionCategory); counter++; } return(actionCategories); }
public void ValidatePdpDecision_TC10() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevel = "4"; XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = minAuthLevel }; obligation.AttributeAssignment.Add(authenticationAttribute); XacmlJsonObligationOrAdvice obligationOrg = new XacmlJsonObligationOrAdvice(); obligationOrg.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevelOrg = "2"; XacmlJsonAttributeAssignment authenticationAttributeOrg = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel-org", Value = minAuthLevelOrg }; obligationOrg.AttributeAssignment.Add(authenticationAttributeOrg); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligationOrg); xacmlJsonResult.Obligations.Add(obligation); // Act EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false, "ttd")); // Assert Assert.True(result.Authorized); Assert.Null(result.FailedObligations); }
public void ValidateResponse_TC01() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Act bool result = DecisionHelper.ValidateResponse(response.Response, CreateUserClaims(false)); // Assert Assert.True(result); }
private static List <XacmlJsonCategory> CreateMultipleResourceCategory(List <CloudEvent> events) { List <XacmlJsonCategory> resourcesCategories = new List <XacmlJsonCategory>(); int counter = 1; foreach (CloudEvent cloudEvent in events) { XacmlJsonCategory resourceCategory = new XacmlJsonCategory { Attribute = new List <XacmlJsonAttribute>() }; Uri source = cloudEvent.Source; string path = source.PathAndQuery; string[] paths = path.Split("/"); if (paths.Length == 6) { // This is the scenario for events related to a given instance string instanceId = paths[4] + "/" + paths[5]; string instanceOwnerPartyId = cloudEvent.Subject.Split("/")[2]; string org = paths[1]; string app = paths[2]; string eventId = cloudEvent.Id; if (!string.IsNullOrWhiteSpace(instanceId)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.InstanceId, instanceId, DefaultType, DefaultIssuer, true)); } resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppResource, "events", DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.EventId, eventId, DefaultType, DefaultIssuer, true)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.PartyId, instanceOwnerPartyId, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.OrgId, org, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppId, app, DefaultType, DefaultIssuer)); resourceCategory.Id = ResourceId + counter.ToString(); resourcesCategories.Add(resourceCategory); counter++; } } return(resourcesCategories); }
/// <summary> /// Authorize instances, and returns a list of instances that the user has the right to read. /// </summary> public async Task <List <Instance> > AuthorizeInstances(ClaimsPrincipal user, List <Instance> instances) { if (instances.Count <= 0) { return(instances); } List <Instance> authorizedInstanceList = new List <Instance>(); List <string> actionTypes = new List <string> { "read" }; XacmlJsonRequestRoot xacmlJsonRequest = CreateMultiDecisionRequest(user, instances, actionTypes); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest); foreach (XacmlJsonResult result in response.Response) { if (DecisionHelper.ValidateDecisionResult(result, user)) { string instanceId = string.Empty; // Loop through all attributes in Category from the response foreach (XacmlJsonCategory category in result.Category) { var attributes = category.Attribute; foreach (var attribute in attributes) { if (attribute.AttributeId.Equals(AltinnXacmlUrns.InstanceId)) { instanceId = attribute.Value; } } } Instance instance = instances.FirstOrDefault(i => i.Id == instanceId); authorizedInstanceList.Add(instance); } } return(authorizedInstanceList); }
private static List <XacmlJsonCategory> CreateMultipleResourceCategory(List <Instance> instances) { List <XacmlJsonCategory> resourcesCategories = new List <XacmlJsonCategory>(); int counter = 1; foreach (Instance instance in instances) { XacmlJsonCategory resourceCategory = new XacmlJsonCategory { Attribute = new List <XacmlJsonAttribute>() }; string instanceId = instance.Id.Split("/")[1]; string task = instance.Process?.CurrentTask?.ElementId; string instanceOwnerPartyId = instance.InstanceOwner.PartyId; string org = instance.Org; string app = instance.AppId.Split("/")[1]; if (task != null) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(XacmlResourceTaskId, task, DefaultType, DefaultIssuer)); } else if (instance.Process?.EndEvent != null) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(XacmlResourceEndId, instance.Process.EndEvent, DefaultType, DefaultIssuer)); } if (!string.IsNullOrWhiteSpace(instanceId)) { resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.InstanceId, instanceOwnerPartyId + "/" + instanceId, DefaultType, DefaultIssuer, true)); } resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.PartyId, instanceOwnerPartyId, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.OrgId, org, DefaultType, DefaultIssuer)); resourceCategory.Attribute.Add(DecisionHelper.CreateXacmlJsonAttribute(AltinnXacmlUrns.AppId, app, DefaultType, DefaultIssuer)); resourceCategory.Id = ResourceId + counter.ToString(); resourcesCategories.Add(resourceCategory); counter++; } return(resourcesCategories); }
public ActionResult Edit(int?id) { var userId = User.Identity.GetUserId(); if (id == null) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } Project project = db.Projects.Find(id); if (project == null) { return(HttpNotFound()); } if (DecisionHelper.ProjectIsEditableByUser(project)) { return(View(project)); } return(RedirectToAction("AccessViolation, Admin")); }
public static PestDetectedResult Generate(List <Pest> pests) { if (pests == null || pests.Count == 0) { return(null); } if (!DecisionHelper.ShouldDoAction(50)) { return(null); } var rand = new Random(); var pestNumber = rand.Next(0, pests.Count); var count = rand.Next(10, 200); return(new PestDetectedResult() { PestId = pests[pestNumber].Id, CountOnSquareMeter = count }); }