private void InitializeInterpreter() { Dictionary <String, AbstractFunction> functions = new Dictionary <string, AbstractFunction>(); foreach (var entry in fm.FunctionDict) { String key = entry.Key; var function = entry.Value; functions.Add(key, function); } if (model.Model.ContainsKey("g")) { foreach (var entry in model.Model["g"]) { String key = entry.Key; Assertion ast = entry.Value; IRoleManager rm = ast.RM; functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm)); } } _interpreter = new Interpreter(); foreach (var func in functions) { _interpreter.SetFunction(func.Key, func.Value); } _parsedExpression = null; }
private Interpreter GetAndInitializeInterpreter() { var functions = new Dictionary <string, AbstractFunction>(); foreach (var entry in functionMap.FunctionDict) { string key = entry.Key; var function = entry.Value; functions.Add(key, function); } if (model.Model.ContainsKey(PermConstants.Section.RoleSection)) { foreach (var entry in model.Model[PermConstants.Section.RoleSection]) { string key = entry.Key; var ast = entry.Value; var rm = ast.RoleManager; functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm)); } } var interpreter = new Interpreter(); foreach (var func in functions) { interpreter.SetFunction(func.Key, func.Value); } return(interpreter); }
/// <summary> /// enforce decides whether a "subject" can access a "object" with the operation /// "action", input parameters are usually: (sub, obj, act). /// </summary> /// <param name="rvals">the request needs to be mediated, usually an array of strings, /// can be class instances if ABAC is used.</param> /// <returns>whether to allow the request.</returns> public Boolean Enforce(params Object[] rvals) { if (!_enabled) { return(true); } Dictionary <String, AbstractFunction> functions = new Dictionary <string, AbstractFunction>(); foreach (var entry in fm.FunctionDict) { String key = entry.Key; var function = entry.Value; functions.Add(key, function); } if (model.Model.ContainsKey("g")) { foreach (var entry in model.Model["g"]) { String key = entry.Key; Assertion ast = entry.Value; IRoleManager rm = ast.RM; functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm)); } } String expString = model.Model["m"]["m"].Value; var interpreter = new Interpreter(); foreach (var func in functions) { interpreter.SetFunction(func.Key, func.Value); } Effect.Effect[] policyEffects; float[] matcherResults; int policyLen; object result = null; if ((policyLen = model.Model["p"]["p"].Policy.Count) != 0) { policyEffects = new Effect.Effect[policyLen]; matcherResults = new float[policyLen]; for (int i = 0; i < model.Model["p"]["p"].Policy.Count; i++) { List <String> pvals = model.Model["p"]["p"].Policy[i]; Dictionary <String, Object> parameters = new Dictionary <string, object>(); for (int j = 0; j < model.Model["r"]["r"].Tokens.Length; j++) { String token = model.Model["r"]["r"].Tokens[j]; parameters.Add(token, rvals[j]); } for (int j = 0; j < model.Model["p"]["p"].Tokens.Length; j++) { String token = model.Model["p"]["p"].Tokens[j]; parameters.Add(token, pvals[j]); } foreach (var item in parameters) { interpreter.SetVariable(item.Key, item.Value); } result = interpreter.Eval(expString); if (result is Boolean) { if (!((Boolean)result)) { policyEffects[i] = Effect.Effect.Indeterminate; continue; } } else if (result is float) { if ((float)result == 0) { policyEffects[i] = Effect.Effect.Indeterminate; continue; } else { matcherResults[i] = (float)result; } } else { throw new Exception("matcher result should be bool, int or float"); } if (parameters.ContainsKey("p_eft")) { String eft = (String)parameters["p_eft"]; if (eft.Equals("allow")) { policyEffects[i] = Effect.Effect.Allow; } else if (eft.Equals("deny")) { policyEffects[i] = Effect.Effect.Deny; } else { policyEffects[i] = Effect.Effect.Indeterminate; } } else { policyEffects[i] = Effect.Effect.Allow; } if (model.Model["e"]["e"].Value.Equals("priority(p_eft) || deny")) { break; } } } else { policyEffects = new Effect.Effect[1]; matcherResults = new float[1]; Dictionary <String, Object> parameters = new Dictionary <string, Object>(); for (int j = 0; j < model.Model["r"]["r"].Tokens.Length; j++) { String token = model.Model["r"]["r"].Tokens[j]; parameters.Add(token, rvals[j]); } for (int j = 0; j < model.Model["p"]["p"].Tokens.Length; j++) { String token = model.Model["p"]["p"].Tokens[j]; parameters.Add(token, ""); } foreach (var item in parameters) { interpreter.SetVariable(item.Key, item.Value); } result = interpreter.Eval(expString, parameters.Select(x => new Parameter(x.Key, x.Value)).ToArray()); if ((Boolean)result) { policyEffects[0] = Effect.Effect.Allow; } else { policyEffects[0] = Effect.Effect.Indeterminate; } } result = eft.MergeEffects(model.Model["e"]["e"].Value, policyEffects, matcherResults); return((Boolean)result); }