public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
object[] requestValues = new object[data.ValueCount + 1];
requestValues[0] = SubTransform(context, data);
switch (requestValues.Length)
{
case 3:
requestValues[1] = ObjTransform(context, data,
(_, d) => d.Value1);
requestValues[2] = ActTransform(context, data,
(_, d) => d.Value2);
break;
case 4:
requestValues[1] = DomTransform(context, data,
(_, d) => d.Value1);
requestValues[2] = ObjTransform(context, data,
(_, d) => d.Value2);
requestValues[3] = ActTransform(context, data,
(_, d) => d.Value3);
break;
}
return(new ValueTask <IEnumerable <object> >(requestValues));
}
public virtual Task <bool> EnforceAsync(ICasbinAuthorizationContext context)
{
var enforcer = _enforcerProvider.GetEnforcer();
if (enforcer is null)
{
throw new ArgumentException("Can not find any enforcer.");
}
bool noDefault = _options.Value.DefaultRequestTransformer is null;
var transformersArray = _transformers.ToArray();
if (transformersArray.Length == 0 && noDefault)
{
throw new ArgumentException("Can find any request transformer.");
}
// The order of decide transformer is :
// 1. context.Data.RequestTransformerType >
// 2. _options.Value.DefaultRequestTransformer >
// 3. _transformers.FirstOrDefault()
IRequestTransformer?transformer = null;
if (!(context.Data.RequestTransformerType is null))
{
transformer = _transformers.FirstOrDefault(t => t.GetType() == context.Data.RequestTransformerType);
}
public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy,
AuthenticateResult authenticationResult, HttpContext context,
ICasbinAuthorizationContext casbinContext, object?resource)
{
if (policy == null)
{
throw new ArgumentNullException(nameof(policy));
}
if (casbinContext == null)
{
throw new ArgumentNullException(nameof(casbinContext));
}
var result = await _authorizationService.AuthorizeAsync(context.User, casbinContext, policy);
if (result.Succeeded)
{
return(PolicyAuthorizationResult.Success());
}
// If authentication was successful, return forbidden, otherwise challenge
return(authenticationResult.Succeeded
? PolicyAuthorizationResult.Forbid()
: PolicyAuthorizationResult.Challenge());
}
public virtual ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
var requestValues = new object[3];
requestValues[0] = SubTransform(context, data);
requestValues[1] = ObjTransform(context, data);
requestValues[2] = ActTransform(context, data);
return(new ValueTask <IEnumerable <object> >(requestValues));
}
public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
object[] requestValues = new object[3];
requestValues[0] = SubTransform(context, data);
requestValues[1] = ObjTransform(context, data, (c, _) =>
c.HttpContext.Request.Path);
requestValues[2] = ActTransform(context, data, (c, _) =>
c.HttpContext.Request.Method);
return(new ValueTask <IEnumerable <object> >(requestValues));
}
public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
object[] requestValues = new object[data.ValueCount + 1];
requestValues[0] = SubTransform(context, data);
requestValues[1] = ObjTransform(context, data,
(_, d) => d.Value1);
requestValues[2] = ActTransform(context, data,
(_, d) => d.Value2);
return(new ValueTask <IEnumerable <object> >(requestValues));
}
public virtual string SubTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
Claim?claim;
if (Issuer is null)
{
claim = context.User.FindFirst(PreferSubClaimType);
return(claim is null ? string.Empty : claim.Value);
}
claim = context.User.FindAll(PreferSubClaimType).FirstOrDefault(
c => string.Equals(c.Issuer, Issuer));
return(claim is null ? string.Empty : claim.Value);
}
public virtual ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data)
{
if (data.ValueCount is 0)
{
throw new ArgumentException("Value count is invalid.");
}
object[]? requestValues = new object[data.ValueCount];
int requestValuesLength = requestValues.Length;
if (requestValuesLength > 0)
{
requestValues[0] = data.Value1;
}
if (requestValuesLength > 1)
{
requestValues[1] = data.Value2;
}
if (requestValuesLength > 2)
{
requestValues[2] = data.Value3;
}
if (requestValuesLength > 3)
{
requestValues[3] = data.Value4;
}
if (requestValuesLength > 4)
{
requestValues[4] = data.Value5;
}
if (requestValuesLength <= 5)
{
return(new ValueTask <IEnumerable <object> >(requestValues));
}
// Add the custom values
if (data.CustomValues is null)
{
throw new ArgumentException("Value count is invalid.");
}
string[]? customValues = data.CustomValues;
for (int index = 0; index < customValues.Length; index++)
{
requestValues[4 + index] = customValues[index];
}
return(new ValueTask <IEnumerable <object> >(requestValues));
}
protected virtual string ActTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data, Func <ICasbinAuthorizationContext, ICasbinAuthorizationData, string> valueSelector) => valueSelector(context, data);
protected virtual string DomTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data, Func <ICasbinAuthorizationContext, ICasbinAuthorizationData, string> valueSelector)
{
return(valueSelector(context, data));
}
public virtual async Task <bool> EnforceAsync(ICasbinAuthorizationContext context)
{
var enforcer = _enforcerProvider.GetEnforcer();
if (enforcer is null)
{
throw new ArgumentException("Can not find any enforcer.");
}
var transformersArray =
_transformersCache.Transformers as IRequestTransformer[] ??
_transformersCache.Transformers?.ToArray();
bool noDefault = _options.Value.DefaultRequestTransformer is null;
if (transformersArray is null || transformersArray.Length == 0 && noDefault)
{
throw new ArgumentException("Can find any request transformer.");
}
foreach (var data in context.AuthorizationData)
{
// The order of decide transformer is :
// 1. context.Data.RequestTransformerType >
// 2. _options.Value.DefaultRequestTransformer >
// 3. _transformers.FirstOrDefault()
IRequestTransformer?transformer = null;
if (data.RequestTransformerType is not null)
{
transformer = transformersArray.FirstOrDefault(t =>
t.GetType() == data.RequestTransformerType);
if (transformer is null)
{
throw new ArgumentException("Can find any specified type request transformer.", nameof(data.RequestTransformerType));
}
}
else if (!noDefault)
{
transformer = _options.Value.DefaultRequestTransformer;
}
transformer ??= transformersArray.FirstOrDefault();
if (transformer is null)
{
throw new ArgumentException("Can find any request transformer.", nameof(_transformersCache.Transformers));
}
// The order of deciding transformer.PreferSubClaimType is :
// 1. context.Data.PreferSubClaimType >
// 2. _options.Value.PreferSubClaimType
transformer.PreferSubClaimType = data.PreferSubClaimType ?? _options.Value.PreferSubClaimType;
// The order of deciding transformer.PreferSubClaimType is :
// 1. context.Data.PreferSubClaimType >
// 2. null (if this issuer is null, it will be ignored)
transformer.Issuer = data.Issuer;
var requestValues = await transformer.TransformAsync(context, data);
if (await enforcer.EnforceAsync(requestValues as object[] ?? requestValues.ToArray()))
{
_logger.CasbinAuthorizationSucceeded();
continue;
}
_logger.CasbinAuthorizationFailed();
return(false);
}
return(true);
}
public virtual string ActTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) => data.Value2 ?? string.Empty;
public virtual object ObjTransform(ICasbinAuthorizationContext context) => context.Data.Resource ?? string.Empty;
public virtual string ActTransform(ICasbinAuthorizationContext context) => context.Data.Action ?? string.Empty;
