public void AuthorizationPolicy_For_returns_the_same_instance_via_generic_and_non_generic_overloads()
{
var viaGeneric = AuthorizationPolicy.For <Order, AddItem, Customer>();
var viaNonGeneric = AuthorizationPolicy.For(typeof(Order), typeof(AddItem), typeof(Customer));
viaGeneric.Should().Be(viaNonGeneric);
}
/// <summary>
/// Determines whether the principal is authorized to apply a command to a resource.
/// </summary>
/// <typeparam name="TResource">The type of the resource.</typeparam>
/// <typeparam name="TCommand">The type of the command.</typeparam>
/// <typeparam name="TPrincipal">The type of the principal.</typeparam>
/// <param name="principal">The principal.</param>
/// <param name="command">The command.</param>
/// <param name="resource">The resource.</param>
/// <returns>
/// <c>true</c> if the principal is authorized; otherwise, <c>false</c>.
/// </returns>
public static bool IsAuthorizedTo <TResource, TCommand, TPrincipal>(
this TPrincipal principal,
TCommand command,
TResource resource)
where TCommand : class, ICommand <TResource>
where TPrincipal : class, IPrincipal where TResource : class
{
if (principal == null)
{
return(false);
}
var query = AuthorizationQuery.Create(resource, command, principal);
var policy = AuthorizationPolicy.For(resource.GetType(), command.GetType(), principal.GetType());
var report = ((dynamic)policy).ValidationPlan.Execute((dynamic)query, haltOnFirstFailure: true);
if (report.HasFailures)
{
return(false);
}
return(true);
}
/// <summary>
/// Specifies an authorization rule for a principal applying a specific command type to a specific resource type.
/// </summary>
/// <param name="requirement">The requirement.</param>
/// <param name="message">A message indicating the reason for the authorization failure. This message is intended for diagnostic and monitoring purposes only.</param>
public static void Requires(Func <TPrincipal, TCommand, TResource, bool> requirement, string message = null)
{
ValidateTypeParameters();
ValidationPlan <IAuthorizationQuery <TResource, TCommand, TPrincipal> > plan = AuthorizationPolicy.For <TResource, TCommand, TPrincipal>().ValidationPlan;
var defaultRule = AuthorizationPolicy <TResource, TCommand, TPrincipal> .Default;
if (plan.Any(rule => rule == defaultRule))
{
// the default rule will cause the authz check to fail, so we remove it
plan.Remove(defaultRule);
}
var authzRule = Validate
.That <IAuthorizationQuery <TResource, TCommand, TPrincipal> >(query =>
requirement(query.Principal, query.Command, query.Resource))
.WithErrorMessage(message ?? ("Requirement for " + typeof(TCommand)));
plan.AddRule(authzRule);
}
