public async Task DemandAccessAsync(IAuthorisationContext authorisationContext)
{
if (!await HasAccessAsync(authorisationContext))
{
throw new UnauthorizedAccessException();
}
}
public AuthorisationContextCacheKey(IAuthorisationContext authorisationContext)
{
Resource = authorisationContext.Resource;
Action = authorisationContext.Action;
ResourceType = authorisationContext.ResourceType;
ResourceId = authorisationContext.ResourceId;
}
private async Task <bool> CheckPolicyAsync(string restrictionValue, IAuthorisationContext authorisationContext)
{
IAuthorisationRestriction authorisationRestriction = _authorisationRestrictionProvider.GetByRestriction(restrictionValue);
IRestrictionResult restrictionResult = await authorisationRestriction.CheckRestrictionAsync(authorisationContext);
return(restrictionResult.Succeeded);
}
private async Task <bool> CheckSelfAsync(IAuthorisationContext authorisationContext)
{
ValidateAuthorisationContext(authorisationContext);
IDictionary <Type, Guid> whoAmI = await _selfProvider.WhoAmIAsync();
whoAmI.TryGetValue(authorisationContext.ResourceType, out Guid entityId);
return(entityId != Guid.Empty && entityId == authorisationContext.ResourceId);
}
public async Task <IRestrictionResult> CheckRestrictionAsync(IAuthorisationContext authorisationContext)
{
if (_currentUserProvider.IsAuthenticated && _currentUserProvider.Id.HasValue)
{
User user = await _userQueryRepository.GetByIdAsync(_currentUserProvider.Id.Value);
return(user == null || user.Identity.Session.IsRevoked ? RestrictionResult.Fail : RestrictionResult.Succeed);
}
return(RestrictionResult.Fail);
}
private void ValidateAuthorisationContext(IAuthorisationContext authorisationContext)
{
if (authorisationContext == null)
{
throw new ArgumentNullException(nameof(authorisationContext));
}
if (authorisationContext.ResourceType == null)
{
throw new ArgumentNullException(nameof(authorisationContext.ResourceType));
}
}
public async Task SecureAsync(Func <Task> function,
IAuthorisationContext authorisationContext)
{
try
{
await _authorisationManager.DemandAccessAsync(authorisationContext);
await function();
}
catch (UnauthorizedAccessException e)
{
throw new BusinessApplicationException(ExceptionType.Unauthorized, "You are not authorised to perform this action", e);
}
}
public async Task <IRestrictionResult> CheckRestrictionAsync(IAuthorisationContext authorisationContext)
{
using (ITransaction transaction = _transactionManager.Create())
{
if (_currentIdentityProvider.IsAuthenticated)
{
Identity identity = await _identityQueryRepository.GetByIdAsync(_currentIdentityProvider.Id);
transaction.Commit();
return(identity == null || identity.IsConfirmed || identity.Session.IsRevoked ? RestrictionResult.Fail : RestrictionResult.Succeed);
}
return(RestrictionResult.Fail);
}
}
private async Task <bool> CheckOwnerAsync(IAuthorisationContext authorisationContext)
{
ValidateAuthorisationContext(authorisationContext);
IResourceOwnerProvider resourceOwnerProvider = _resourceOwnerProviderCollection.Get(authorisationContext.ResourceType);
if (!authorisationContext.ResourceId.HasValue)
{
return(false);
}
IAggregateOwner aggregateOwner = await resourceOwnerProvider.GetOwnerAsync(authorisationContext.ResourceId.Value);
IDictionary <Type, Guid> whoAmI = await _selfProvider.WhoAmIAsync();
return(whoAmI.Any(i => i.Key == aggregateOwner.AggregateType && i.Value == aggregateOwner.Id));
}
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext)
{
ActionPolicy policy = _authorisationPolicyProvider.ResourcePolicies[authorisationContext.Resource][authorisationContext.Action];
string restrictionValue = policy.Restriction;
switch (restrictionValue)
{
case ResourceRestriction.Everyone:
return(Task.FromResult(true));
case ResourceRestriction.Self:
return(CheckSelfAsync(authorisationContext));
case ResourceRestriction.Owner:
return(CheckOwnerAsync(authorisationContext));
default:
return(CheckPolicyAsync(restrictionValue, authorisationContext));
}
}
public bool HasAccess(IAuthorisationContext authorisationContext)
{
return(true);
}
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext)
{
return(_authorisationPolicy.HasAccessAsync(authorisationContext));
}
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext)
{
return(Task.FromResult(true));
}
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext)
{
return(_cacheService.GetOrAddAsync(new AuthorisationContextCacheKey(authorisationContext), () => _authorisationPolicy.HasAccessAsync(authorisationContext)));
}
