/// <summary> /// Renvoie la liste du trigramme des utilisateurs autorisé pour un utilisateur, une action et une entitée donnés. /// </summary> /// <param name="request">La requête à fournir au moteur prolog : User, Action, Entity doivent être non nulls</param> /// <param name="request.User>">Non Null</param> /// <param name="request.Target>">Ignoré</param> /// <param name="request.Action>">Non Null</param> /// <param name="request.Entity>">Non Null</param> /// <returns>Un tableau des utilisateurs authorisés</returns> public virtual IEnumerable <string> GetAuthorizedTargets(PermissionRequest request) { SecurityProvider.Trace($"Call to {nameof(GetAuthorizedTargets)}"); if (request == null) { throw new ArgumentNullException(nameof(request)); } try { AssertIsNotNull(request.User, nameof(request.User)); AssertIsNotNull(request.Action, nameof(request.Action)); AssertIsNotNull(request.Entity, nameof(request.Entity)); var solutions = Solve(DefaultRuleName, request.MaxSolutionCount ?? int.MaxValue, request.User.AsPrologConstant(), TermTarget, request.Entity.AsPrologConstant(), request.Action.AsPrologConstant()); return(solutions .Select(solution => solution.GetTermValue(TermTarget)?.Trim('\'', '"')) .ToList() .OrderBy(e => e) .Distinct()); } catch (Exception ex) { SecurityProvider.Trace($" Error: {ex.GetFullMessage()}"); throw; } }
public virtual IEnumerable <string> GetEntityTargetPermissions(PermissionRequest request) { var solutions = Solve(DefaultRuleName, request.MaxSolutionCount ?? int.MaxValue, request.User, request.Target, request.Entity, TermAction); return(solutions .Select(s => s.GetTermValue(TermAction)?.Trim('\'', '"')) .Distinct() .Where(action => Actions.Contains(action)) .OrderBy(e => e)); }
//public virtual void AddFact(string fact) //{ // SecurityProvider.Trace($"Call to {nameof(AddFact)}"); // SecurityProvider.Trace($" Adding fact: {fact}"); // AddFacts(new List<string> { fact }); //} //public virtual void AddFacts(IEnumerable<string> facts) //{ // SecurityProvider.Trace($"Call to {nameof(AddFacts)}"); // if (facts == null) // return; // var addedFacts = facts as string[] ?? facts.ToArray(); // SecurityProvider.Trace($" Adding facts: {String.Join("; ", addedFacts)}"); // AddPredicates(addedFacts, _factsFileFullName); //} //public virtual void RemoveFact(string fact) //{ // SecurityProvider.Trace($"Call to {nameof(RemoveFact)}"); // SecurityProvider.Trace($" Removing fact: {fact}"); // RemoveFacts(new List<string> { fact }); //} //public virtual void RemoveFacts(IEnumerable<string> facts) //{ // SecurityProvider.Trace($"Call to {nameof(RemoveFacts)}"); // var removedFacts = facts as string[] ?? facts.ToArray(); // SecurityProvider.Trace($" Removing facts: {String.Join("; ", removedFacts)}"); // RemovePredicates(removedFacts, _factsFileFullName); //} //public virtual void AddRule(string rule) //{ // SecurityProvider.Trace($"Call to {nameof(AddRule)}"); // SecurityProvider.Trace($" Adding rule: {rule}"); // AddRules(new List<string> { rule }); //} //public virtual void AddRules(IEnumerable<string> rules) //{ // SecurityProvider.Trace($"Call to {nameof(AddRules)}"); // var addedRules = rules as string[] ?? rules.ToArray(); // SecurityProvider.Trace($" Adding rules: {String.Join("; ", addedRules)}"); // AddPredicates(addedRules, _rulesFileFullName); //} //public virtual void RemoveRule(string rule) //{ // SecurityProvider.Trace($"Call to {nameof(RemoveRule)}"); // SecurityProvider.Trace($" Removing rule: {rule}"); // RemoveRules(new List<string> { rule }); //} //public virtual void RemoveRules(IEnumerable<string> rules) //{ // SecurityProvider.Trace($"Call to {nameof(RemoveRules)}"); // var removedRules = rules as string[] ?? rules.ToArray(); // SecurityProvider.Trace($" Removing rules: {String.Join("; ", removedRules)}"); // RemovePredicates(removedRules, _rulesFileFullName); //} public virtual bool IsAuthorized(PermissionRequest request) { SecurityProvider.Trace($"Call to {nameof(IsAuthorized)}"); try { return(Eval(DefaultRuleName, request.User == null ? request.User : request.User.AsPrologConstant(), request.Target == null ? request.Target : request.Target.AsPrologConstant(), request.Entity == null ? request.Entity : request.Entity.AsPrologConstant(), request.Action == null ? request.Action : request.Action.AsPrologConstant())); } catch (Exception ex) { SecurityProvider.Trace($" Error: {ex.GetFullMessage()}"); throw; } }
/// <summary> /// Renvoie un objet Permission contenant les actions autorisées pour un utilisateur, sur une target et une entitée donnée. /// </summary> /// <param name="request">La requête à fournir au moteur prolog : User, Target, Entity doivent être non nulls</param> /// <param name="request.User>">Non Null</param> /// <param name="request.Target>">Non Null</param> /// <param name="request.Action>">Ignoré</param> /// <param name="request.Entity>">Non Null</param> /// <returns>Une Permission contenant les actions autorisées</returns> public virtual Permission GetTargetPermissions(PermissionRequest request) { SecurityProvider.Trace($"Call to {nameof(GetTargetPermissions)}"); if (request == null) { throw new ArgumentNullException(nameof(request)); } try { AssertIsNotNull(request.User, nameof(request.User)); AssertIsNotNull(request.Entity, nameof(request.Entity)); var permission = new Permission { Target = request.Target, Entity = request.Entity, }; var solutions = Solve(DefaultRuleName, request.MaxSolutionCount ?? int.MaxValue, request.User.AsPrologConstant(), request.Target == null ? request.Target : request.Target.AsPrologConstant(), request.Entity.AsPrologConstant(), TermAction); var access = solutions .Aggregate(AccessType.Values.None, (accessType, solution) => accessType | ActionToAccessType(solution.GetTermValue(TermAction)?.Trim('\'', '"'))); // Aucune Permission permission.AccessTypes = access; return(permission); } catch (Exception ex) { SecurityProvider.Trace($" Error: {ex.GetFullMessage()}"); throw; } }
/// <summary> /// Methode qui permet de récupérer toute les authorisations pour un utilisateur donné /// Authorisation(rma, G, E, A) permet par exemple de récupérer tous les couples (G, E, A) de solutions pour laquelle Authorisation(rma, G, E, A) est vraie /// </summary> /// <param name="request"> Action, Entite et Target sont ignoré, User doit être non null</param> /// <returns> </returns> public virtual IEnumerable <Permission> GetUserPermissions(PermissionRequest request) { SecurityProvider.Trace($"Call to {nameof(GetUserPermissions)}"); if (request == null) { throw new ArgumentNullException(nameof(request)); } try { AssertIsNotNull(request.User, nameof(request.User)); var solutions = Solve(DefaultRuleName, request.MaxSolutionCount ?? int.MaxValue, request.User.AsPrologConstant(), TermTarget, TermEntity, TermAction); return(solutions .GroupBy(solution => new { Target = solution.GetTermValue(TermTarget)?.Trim('\'', '"'), Entity = solution.GetTermValue(TermEntity)?.Trim('\'', '"') }) .Select(accessGroup => new Permission { Target = accessGroup.Key.Target, Entity = accessGroup.Key.Entity, AccessTypes = accessGroup .Select(solution => solution.GetTermValue(TermAction)?.Trim('\'', '"')) .Aggregate(AccessType.Values.None, (accessType, action) => accessType | ActionToAccessType(action)) })); } catch (Exception ex) { SecurityProvider.Trace($" Error: {ex.GetFullMessage()}"); throw; } }