/// <summary> /// The evaluation implementation in the pseudo-code described in the specification. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <param name="policies">The policies that must be evaluated.</param> /// <returns>The final decission for the combination of the policy evaluation.</returns> public Decision Evaluate(EvaluationContext context, IMatchEvaluableCollection policies) { Boolean atLeastOne = false; Policy selectedPolicy = null; TargetEvaluationValue appResult; for (int i = 0; i < policies.Count; i++) { Policy tempPolicy = (Policy)policies[i]; appResult = appResult = tempPolicy.Match(context); if (appResult == TargetEvaluationValue.Indeterminate) { context.ProcessingError = true; context.TraceContextValues(); return(Decision.Indeterminate); } if (appResult == TargetEvaluationValue.Match) { if (atLeastOne) { context.ProcessingError = true; context.TraceContextValues(); return(Decision.Indeterminate); } else { atLeastOne = true; selectedPolicy = (Policy)policies[i]; } } if (appResult == TargetEvaluationValue.NoMatch) { continue; } } if (atLeastOne) { Decision retValue = selectedPolicy.Evaluate(context); context.TraceContextValues(); if (retValue == Decision.Deny || retValue == Decision.Permit) { context.ProcessingError = false; context.IsMissingAttribute = false; } return(retValue); } else { return(Decision.NotApplicable); } }
/// <summary> /// Method called by the EvaluationEngine when the evaluation is executed without a policy document, this /// method search in the policy repository and return the first policy that matches its target with the /// context document specified. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <returns>The policy document ready to be used by the evaluation engine.</returns> public pol.PolicyDocument Match(rtm.EvaluationContext context) { if (context == null) { throw new ArgumentNullException("context"); } pol.PolicyDocument polEv = null; //Search if there is a policySet which target matches the context document foreach (pol.PolicyDocument policy in _policySets.Values) { rtm.PolicySet tempPolicy = new rtm.PolicySet(context.Engine, (pol.PolicySetElement)policy.PolicySet); rtm.EvaluationContext tempContext = new rtm.EvaluationContext(context.Engine, policy, context.ContextDocument); // Match the policy set target with the context document if (tempPolicy.Match(tempContext) == rtm.TargetEvaluationValue.Match) { if (polEv == null) { polEv = policy; } else { throw new EvaluationException(Resource.ResourceManager[Resource.MessageKey.exc_duplicated_policy_in_repository]); } } } //Search if there is a policy which target matches the context document foreach (pol.PolicyDocument policy in _policies.Values) { rtm.Policy tempPolicy = new rtm.Policy((pol.PolicyElement)policy.Policy); rtm.EvaluationContext tempContext = new rtm.EvaluationContext(context.Engine, policy, context.ContextDocument); // Match the policy target with the context document if (tempPolicy.Match(tempContext) == rtm.TargetEvaluationValue.Match) { if (polEv == null) { polEv = policy; } else { throw new EvaluationException(Resource.ResourceManager[Resource.MessageKey.exc_duplicated_policy_in_repository]); } } } return(polEv); }
/// <summary> /// Method called by the EvaluationEngine when the evaluation is executed without a policy document, this /// method search in the policy repository and return the first policy that matches its target with the /// context document specified. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <returns>The policy document ready to be used by the evaluation engine.</returns> public pol.PolicyDocument Match( rtm.EvaluationContext context ) { if (context == null) throw new ArgumentNullException("context"); pol.PolicyDocument polEv = null; //Search if there is a policySet which target matches the context document foreach( pol.PolicyDocument policy in _policySets.Values ) { rtm.PolicySet tempPolicy = new rtm.PolicySet( context.Engine, (pol.PolicySetElement)policy.PolicySet ); rtm.EvaluationContext tempContext = new rtm.EvaluationContext( context.Engine, policy, context.ContextDocument ); // Match the policy set target with the context document if( tempPolicy.Match( tempContext ) == rtm.TargetEvaluationValue.Match ) { if( polEv == null ) { polEv = policy; } else { throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_duplicated_policy_in_repository ] ); } } } //Search if there is a policy which target matches the context document foreach( pol.PolicyDocument policy in _policies.Values ) { rtm.Policy tempPolicy = new rtm.Policy( (pol.PolicyElement)policy.Policy ); rtm.EvaluationContext tempContext = new rtm.EvaluationContext( context.Engine, policy, context.ContextDocument ); // Match the policy target with the context document if( tempPolicy.Match( tempContext ) == rtm.TargetEvaluationValue.Match ) { if( polEv == null ) { polEv = policy; } else { throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_duplicated_policy_in_repository ] ); } } } return polEv; }