public IamMultiTenantAuthorizationPolicyProvider(IOptions <AuthorizationOptions> options, IMultiTenantIamProvider <TTenantKey> iamProvider, IMultiTenantIamProviderCache <TTenantKey> iamProviderCache, ITenantProvider <TTenantKey> tenantProvider) : base(options) { if (options == null) { throw new ArgumentNullException(nameof(options)); } _options = options.Value; _iamProvider = iamProvider ?? throw new ArgumentNullException(nameof(iamProvider)); _iamProviderCache = iamProviderCache ?? throw new ArgumentNullException(nameof(iamProviderCache)); _tenantProvider = tenantProvider ?? throw new ArgumentNullException(nameof(tenantProvider)); }
Task IMultiTenantIamProvider <TTenantKey> .AddClaim(string policyName, TTenantKey tenantId, string claimValue, IMultiTenantIamProviderCache <TTenantKey> cache) { cache.AddOrUpdateClaim(policyName, tenantId, claimValue); return(Task.CompletedTask); }
public Task ToggleResourceIdAccess(string policyName, TTenantKey tenantId, bool isRequired, IMultiTenantIamProviderCache <TTenantKey> cache) { cache.ToggleResourceIdAccess(policyName, tenantId, isRequired); return(Task.CompletedTask); }
public Task <bool> IsResourceIdAccessRequired(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var ret = cache.IsResourceIdAccessRequired(policyName, tenantId); return(Task.FromResult(ret.GetValueOrDefault(false))); }
async Task IMultiTenantIamProvider <TTenantKey> .AddClaim(string policyName, TTenantKey tenantId, string claimValue, IMultiTenantIamProviderCache <TTenantKey> cache) { if (string.IsNullOrEmpty(cache.GetClaim(policyName, tenantId))) { var policyId = await CreateOrGetPolicy(policyName); if (!(await _context.IamPolicyClaims.AnyAsync(x => x.PolicyId.Equals(policyId) && x.Claim == claimValue && x.TenantId.Equals(tenantId)))) { var policyClaim = new Model.MultiTenantPolicyClaim <TKey, TTenantKey>() { PolicyId = policyId, TenantId = tenantId, Claim = claimValue }; _context.IamPolicyClaims.Add(policyClaim); await _context.SaveChangesAsync(); cache.AddOrUpdateClaim(policyName, tenantId, claimValue); } } }
private static void AddPoliciesToRolesMt(string[] policies, string[] roles, long[] tenantIds, IMultiTenantIamProvider <long> iamProvider, IMultiTenantIamProviderCache <long> iamProviderCache) { foreach (var policy in policies) { foreach (var role in roles) { foreach (var tenantId in tenantIds) { iamProvider.AddRole(policy, tenantId, role, iamProviderCache).Wait(); } } } }
Task IMultiTenantIamProvider <TTenantKey> .RemoveRoles(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { cache.RemoveRoles(policyName, tenantId); return(Task.CompletedTask); }
Task <ICollection <string> > IMultiTenantIamProvider <TTenantKey> .GetRequiredRoles(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var ret = cache.GetRoles(policyName, tenantId); return(Task.FromResult(ret)); }
async Task IMultiTenantIamProvider <TTenantKey> .RemoveRole(string policyName, TTenantKey tenantId, string roleName, IMultiTenantIamProviderCache <TTenantKey> cache) { var policyId = await CreateOrGetPolicy(policyName); var role = await _roleManager.FindByNameAsync(roleName); if (role != null) { var iamRole = await _context.IamPolicyRoles.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId) && x.RoleId.Equals(role.Id) && x.TenantId.Equals(tenantId)); if (iamRole != null) { _context.IamPolicyRoles.Remove(iamRole); await _context.SaveChangesAsync(); } cache.RemoveRole(policyName, tenantId, roleName); } }
async Task IMultiTenantIamProvider <TTenantKey> .RemoveClaim(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var policyId = await CreateOrGetPolicy(policyName); var claim = await _context.IamPolicyClaims.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId) && x.TenantId.Equals(tenantId)); if (claim != null) { _context.IamPolicyClaims.Remove(claim); await _context.SaveChangesAsync(); } cache.RemoveClaim(policyName, tenantId); }
async Task <ICollection <string> > IMultiTenantIamProvider <TTenantKey> .GetRequiredRoles(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { ICollection <string> ret = cache.GetRoles(policyName, tenantId); if (ret == null || ret.Count == 0) { var policyId = await CreateOrGetPolicy(policyName); var roles = await _context.IamPolicyRoles .AsNoTracking() .Where(x => x.PolicyId.Equals(policyId) && x.TenantId.Equals(tenantId)) .Select(x => x.RoleId) .ToListAsync(); ret = await _context.Roles .AsNoTracking() .Where(x => roles.Contains(x.Id)) .Select(x => x.Name) .ToListAsync(); foreach (var role in ret) { cache.AddRole(policyName, tenantId, role); } } return(ret); }
async Task <string> IMultiTenantIamProvider <TTenantKey> .GetRequiredClaim(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { string ret = cache.GetClaim(policyName, tenantId); if (string.IsNullOrEmpty(ret)) { var policyId = await CreateOrGetPolicy(policyName); var policy = await _context.IamPolicyClaims .AsNoTracking() .FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId) && x.TenantId.Equals(tenantId)); ret = policy?.Claim; if (policy != null) { cache.AddOrUpdateClaim(policyName, tenantId, ret); } } return(ret); }
async Task IMultiTenantIamProvider <TTenantKey> .AddRole(string policyName, TTenantKey tenantId, string roleName, IMultiTenantIamProviderCache <TTenantKey> cache) { var roles = cache.GetRoles(policyName, tenantId); if (roles == null || !roles.Contains(roleName)) { var policyId = await CreateOrGetPolicy(policyName); var role = await _roleManager.FindByNameAsync(roleName); if (role != null) { if (!(await _context.IamPolicyRoles.AnyAsync(x => x.PolicyId.Equals(policyId) && x.RoleId.Equals(role.Id) && x.TenantId.Equals(tenantId)))) { var policyRole = new Model.MultiTenantPolicyRole <TKey, TTenantKey>() { PolicyId = policyId, TenantId = tenantId, RoleId = role.Id, }; _context.IamPolicyRoles.Add(policyRole); await _context.SaveChangesAsync(); cache.AddRole(policyName, tenantId, roleName); } } } }
private static void TogglePolicyResourceIdAccessMt(string[] policies, long tenantId, IMultiTenantIamProvider <long> iamProvider, IMultiTenantIamProviderCache <long> iamProviderCache) { foreach (var policy in policies) { iamProvider.ToggleResourceIdAccess(policy, tenantId, true, iamProviderCache).Wait(); } }
private static void AddPoliciesToClaimsMt(string[] policies, long tenantId, IMultiTenantIamProvider <long> iamProvider, IMultiTenantIamProviderCache <long> iamProviderCache) { foreach (var policy in policies) { iamProvider.AddClaim(policy, tenantId, policy, iamProviderCache).Wait(); } }
Task IMultiTenantIamProvider <TTenantKey> .AddRole(string policyName, TTenantKey tenantId, string roleName, IMultiTenantIamProviderCache <TTenantKey> cache) { cache.AddRole(policyName, tenantId, roleName); return(Task.CompletedTask); }
Task <string> IMultiTenantIamProvider <TTenantKey> .GetRequiredClaim(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var ret = cache.GetClaim(policyName, tenantId); return(Task.FromResult(ret)); }
async Task IMultiTenantIamProvider <TTenantKey> .RemoveRoles(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var policyId = await CreateOrGetPolicy(policyName); var iamRoles = await _context.IamPolicyRoles .Where(x => x.PolicyId.Equals(policyId) && x.TenantId.Equals(tenantId)) .ToListAsync(); _context.IamPolicyRoles.RemoveRange(iamRoles); await _context.SaveChangesAsync(); cache.RemoveRoles(policyName, tenantId); }
Task <bool> IMultiTenantIamProvider <TTenantKey> .NeedsUpdate(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { var ret = cache.NeedsUpdate(policyName, tenantId); return(Task.FromResult(ret)); }
public async Task <bool> IsResourceIdAccessRequired(string policyName, TTenantKey tenantId, IMultiTenantIamProviderCache <TTenantKey> cache) { bool?ret = cache.IsResourceIdAccessRequired(policyName, tenantId); if (!ret.HasValue) { var policyId = await CreateOrGetPolicy(policyName); var policy = await _context.IamPolicyResourceIds .AsNoTracking() .FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId) && x.TenantId.Equals(tenantId)); ret = policy?.RequiresResourceIdAccess; if (ret != null) { cache.ToggleResourceIdAccess(policyName, tenantId, policy.RequiresResourceIdAccess); } } return(ret.GetValueOrDefault(false)); }
public async Task ToggleResourceIdAccess(string policyName, TTenantKey tenantId, bool isRequired, IMultiTenantIamProviderCache <TTenantKey> cache) { var policyId = await CreateOrGetPolicy(policyName); var policy = await _context.IamPolicyResourceIds .FirstOrDefaultAsync(x => x.Id.Equals(policyId) && x.TenantId.Equals(tenantId)); if (policy == null) { _context.IamPolicyResourceIds.Add(new Model.MultiTenantPolicyResourceId <TKey, TTenantKey>() { PolicyId = policyId, TenantId = tenantId, RequiresResourceIdAccess = isRequired }); } else { policy.RequiresResourceIdAccess = isRequired; } await _context.SaveChangesAsync(); cache.ToggleResourceIdAccess(policyName, tenantId, isRequired); }
public void Initialize() { cache = new DefaultMultiTenantIamProviderCache <long>(); }