public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { object[] requestValues = new object[data.ValueCount + 1]; requestValues[0] = SubTransform(context, data); switch (requestValues.Length) { case 3: requestValues[1] = ObjTransform(context, data, (_, d) => d.Value1); requestValues[2] = ActTransform(context, data, (_, d) => d.Value2); break; case 4: requestValues[1] = DomTransform(context, data, (_, d) => d.Value1); requestValues[2] = ObjTransform(context, data, (_, d) => d.Value2); requestValues[3] = ActTransform(context, data, (_, d) => d.Value3); break; } return(new ValueTask <IEnumerable <object> >(requestValues)); }
public virtual Task <bool> EnforceAsync(ICasbinAuthorizationContext context) { var enforcer = _enforcerProvider.GetEnforcer(); if (enforcer is null) { throw new ArgumentException("Can not find any enforcer."); } bool noDefault = _options.Value.DefaultRequestTransformer is null; var transformersArray = _transformers.ToArray(); if (transformersArray.Length == 0 && noDefault) { throw new ArgumentException("Can find any request transformer."); } // The order of decide transformer is : // 1. context.Data.RequestTransformerType > // 2. _options.Value.DefaultRequestTransformer > // 3. _transformers.FirstOrDefault() IRequestTransformer?transformer = null; if (!(context.Data.RequestTransformerType is null)) { transformer = _transformers.FirstOrDefault(t => t.GetType() == context.Data.RequestTransformerType); }
public async Task <PolicyAuthorizationResult> AuthorizeAsync(AuthorizationPolicy policy, AuthenticateResult authenticationResult, HttpContext context, ICasbinAuthorizationContext casbinContext, object?resource) { if (policy == null) { throw new ArgumentNullException(nameof(policy)); } if (casbinContext == null) { throw new ArgumentNullException(nameof(casbinContext)); } var result = await _authorizationService.AuthorizeAsync(context.User, casbinContext, policy); if (result.Succeeded) { return(PolicyAuthorizationResult.Success()); } // If authentication was successful, return forbidden, otherwise challenge return(authenticationResult.Succeeded ? PolicyAuthorizationResult.Forbid() : PolicyAuthorizationResult.Challenge()); }
public virtual ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { var requestValues = new object[3]; requestValues[0] = SubTransform(context, data); requestValues[1] = ObjTransform(context, data); requestValues[2] = ActTransform(context, data); return(new ValueTask <IEnumerable <object> >(requestValues)); }
public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { object[] requestValues = new object[3]; requestValues[0] = SubTransform(context, data); requestValues[1] = ObjTransform(context, data, (c, _) => c.HttpContext.Request.Path); requestValues[2] = ActTransform(context, data, (c, _) => c.HttpContext.Request.Method); return(new ValueTask <IEnumerable <object> >(requestValues)); }
public override ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { object[] requestValues = new object[data.ValueCount + 1]; requestValues[0] = SubTransform(context, data); requestValues[1] = ObjTransform(context, data, (_, d) => d.Value1); requestValues[2] = ActTransform(context, data, (_, d) => d.Value2); return(new ValueTask <IEnumerable <object> >(requestValues)); }
public virtual string SubTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { Claim?claim; if (Issuer is null) { claim = context.User.FindFirst(PreferSubClaimType); return(claim is null ? string.Empty : claim.Value); } claim = context.User.FindAll(PreferSubClaimType).FirstOrDefault( c => string.Equals(c.Issuer, Issuer)); return(claim is null ? string.Empty : claim.Value); }
public virtual ValueTask <IEnumerable <object> > TransformAsync(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) { if (data.ValueCount is 0) { throw new ArgumentException("Value count is invalid."); } object[]? requestValues = new object[data.ValueCount]; int requestValuesLength = requestValues.Length; if (requestValuesLength > 0) { requestValues[0] = data.Value1; } if (requestValuesLength > 1) { requestValues[1] = data.Value2; } if (requestValuesLength > 2) { requestValues[2] = data.Value3; } if (requestValuesLength > 3) { requestValues[3] = data.Value4; } if (requestValuesLength > 4) { requestValues[4] = data.Value5; } if (requestValuesLength <= 5) { return(new ValueTask <IEnumerable <object> >(requestValues)); } // Add the custom values if (data.CustomValues is null) { throw new ArgumentException("Value count is invalid."); } string[]? customValues = data.CustomValues; for (int index = 0; index < customValues.Length; index++) { requestValues[4 + index] = customValues[index]; } return(new ValueTask <IEnumerable <object> >(requestValues)); }
protected virtual string ActTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data, Func <ICasbinAuthorizationContext, ICasbinAuthorizationData, string> valueSelector) => valueSelector(context, data);
protected virtual string DomTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data, Func <ICasbinAuthorizationContext, ICasbinAuthorizationData, string> valueSelector) { return(valueSelector(context, data)); }
public virtual async Task <bool> EnforceAsync(ICasbinAuthorizationContext context) { var enforcer = _enforcerProvider.GetEnforcer(); if (enforcer is null) { throw new ArgumentException("Can not find any enforcer."); } var transformersArray = _transformersCache.Transformers as IRequestTransformer[] ?? _transformersCache.Transformers?.ToArray(); bool noDefault = _options.Value.DefaultRequestTransformer is null; if (transformersArray is null || transformersArray.Length == 0 && noDefault) { throw new ArgumentException("Can find any request transformer."); } foreach (var data in context.AuthorizationData) { // The order of decide transformer is : // 1. context.Data.RequestTransformerType > // 2. _options.Value.DefaultRequestTransformer > // 3. _transformers.FirstOrDefault() IRequestTransformer?transformer = null; if (data.RequestTransformerType is not null) { transformer = transformersArray.FirstOrDefault(t => t.GetType() == data.RequestTransformerType); if (transformer is null) { throw new ArgumentException("Can find any specified type request transformer.", nameof(data.RequestTransformerType)); } } else if (!noDefault) { transformer = _options.Value.DefaultRequestTransformer; } transformer ??= transformersArray.FirstOrDefault(); if (transformer is null) { throw new ArgumentException("Can find any request transformer.", nameof(_transformersCache.Transformers)); } // The order of deciding transformer.PreferSubClaimType is : // 1. context.Data.PreferSubClaimType > // 2. _options.Value.PreferSubClaimType transformer.PreferSubClaimType = data.PreferSubClaimType ?? _options.Value.PreferSubClaimType; // The order of deciding transformer.PreferSubClaimType is : // 1. context.Data.PreferSubClaimType > // 2. null (if this issuer is null, it will be ignored) transformer.Issuer = data.Issuer; var requestValues = await transformer.TransformAsync(context, data); if (await enforcer.EnforceAsync(requestValues as object[] ?? requestValues.ToArray())) { _logger.CasbinAuthorizationSucceeded(); continue; } _logger.CasbinAuthorizationFailed(); return(false); } return(true); }
public virtual string ActTransform(ICasbinAuthorizationContext context, ICasbinAuthorizationData data) => data.Value2 ?? string.Empty;
public virtual object ObjTransform(ICasbinAuthorizationContext context) => context.Data.Resource ?? string.Empty;
public virtual string ActTransform(ICasbinAuthorizationContext context) => context.Data.Action ?? string.Empty;