/// <summary>
/// Builds the delegation policy path based on input policyMatch
/// </summary>
/// <param name="policyMatch">param to build policypath from</param>
/// <returns>policypath matching input data</returns>
public static string GetAltinnAppDelegationPolicyPath(PolicyMatch policyMatch)
{
DelegationHelper.TryGetResourceFromAttributeMatch(policyMatch.Resource, out string org, out string app);
DelegationHelper.GetCoveredByFromMatch(policyMatch.CoveredBy, out int?coveredByUserId, out int?coveredByPartyId);
return(PolicyHelper.GetAltinnAppDelegationPolicyPath(org, app, policyMatch.OfferedByPartyId.ToString(), coveredByUserId, coveredByPartyId));
}
/// <summary>
/// Returns the count of unique Policies in a list of Rules
/// </summary>
/// <param name="rules">List of rules to check how many individual policies exist</param>
/// <returns>count of policies</returns>
public static int GetPolicyCount(List <Rule> rules)
{
List <string> policyPaths = new List <string>();
foreach (Rule rule in rules)
{
bool pathOk = DelegationHelper.TryGetDelegationPolicyPathFromRule(rule, out string delegationPolicyPath);
if (pathOk && !policyPaths.Contains(delegationPolicyPath))
{
policyPaths.Add(delegationPolicyPath);
}
}
return(policyPaths.Count);
}
/// <summary>
/// Builds a XacmlPolicy <see cref="XacmlPolicy"/> representation based on the DelegationPolicy input
/// </summary>
/// <param name="org">Unique identifier of the organisation responsible for the app.</param>
/// <param name="app">Application identifier which is unique within an organisation.</param>
/// <param name="offeredByPartyId">The party id of the entity offering the delegated the policy</param>
/// <param name="coveredByPartyId">The party of the entity having received the delegated policy, if the receiving entity is an organization</param>
/// <param name="coveredByUserId">The user id of the entity having received the delegated policy, if the receiving entity is a user</param>
/// <param name="rules">The set of rules to be delegated</param>
public static XacmlPolicy BuildDelegationPolicy(string org, string app, int offeredByPartyId, int?coveredByPartyId, int?coveredByUserId, IList <Rule> rules)
{
XacmlPolicy delegationPolicy = new XacmlPolicy(new Uri($"{AltinnXacmlConstants.Prefixes.PolicyId}{1}"), new Uri(XacmlConstants.CombiningAlgorithms.PolicyDenyOverrides), new XacmlTarget(new List <XacmlAnyOf>()));
delegationPolicy.Version = "1.0";
string coveredBy = coveredByPartyId.HasValue ? coveredByPartyId.Value.ToString() : coveredByUserId.Value.ToString();
delegationPolicy.Description = $"Delegation policy containing all delegated rights/actions from {offeredByPartyId} to {coveredBy}, for resources on the app; {org}/{app}";
foreach (Rule rule in rules)
{
if (!DelegationHelper.PolicyContainsMatchingRule(delegationPolicy, rule))
{
delegationPolicy.Rules.Add(BuildDelegationRule(org, app, offeredByPartyId, coveredByPartyId, coveredByUserId, rule));
}
}
return(delegationPolicy);
}
