/// <summary> /// Builds the delegation policy path based on input policyMatch /// </summary> /// <param name="policyMatch">param to build policypath from</param> /// <returns>policypath matching input data</returns> public static string GetAltinnAppDelegationPolicyPath(PolicyMatch policyMatch) { DelegationHelper.TryGetResourceFromAttributeMatch(policyMatch.Resource, out string org, out string app); DelegationHelper.GetCoveredByFromMatch(policyMatch.CoveredBy, out int?coveredByUserId, out int?coveredByPartyId); return(PolicyHelper.GetAltinnAppDelegationPolicyPath(org, app, policyMatch.OfferedByPartyId.ToString(), coveredByUserId, coveredByPartyId)); }
/// <summary> /// Returns the count of unique Policies in a list of Rules /// </summary> /// <param name="rules">List of rules to check how many individual policies exist</param> /// <returns>count of policies</returns> public static int GetPolicyCount(List <Rule> rules) { List <string> policyPaths = new List <string>(); foreach (Rule rule in rules) { bool pathOk = DelegationHelper.TryGetDelegationPolicyPathFromRule(rule, out string delegationPolicyPath); if (pathOk && !policyPaths.Contains(delegationPolicyPath)) { policyPaths.Add(delegationPolicyPath); } } return(policyPaths.Count); }
/// <summary> /// Builds a XacmlPolicy <see cref="XacmlPolicy"/> representation based on the DelegationPolicy input /// </summary> /// <param name="org">Unique identifier of the organisation responsible for the app.</param> /// <param name="app">Application identifier which is unique within an organisation.</param> /// <param name="offeredByPartyId">The party id of the entity offering the delegated the policy</param> /// <param name="coveredByPartyId">The party of the entity having received the delegated policy, if the receiving entity is an organization</param> /// <param name="coveredByUserId">The user id of the entity having received the delegated policy, if the receiving entity is a user</param> /// <param name="rules">The set of rules to be delegated</param> public static XacmlPolicy BuildDelegationPolicy(string org, string app, int offeredByPartyId, int?coveredByPartyId, int?coveredByUserId, IList <Rule> rules) { XacmlPolicy delegationPolicy = new XacmlPolicy(new Uri($"{AltinnXacmlConstants.Prefixes.PolicyId}{1}"), new Uri(XacmlConstants.CombiningAlgorithms.PolicyDenyOverrides), new XacmlTarget(new List <XacmlAnyOf>())); delegationPolicy.Version = "1.0"; string coveredBy = coveredByPartyId.HasValue ? coveredByPartyId.Value.ToString() : coveredByUserId.Value.ToString(); delegationPolicy.Description = $"Delegation policy containing all delegated rights/actions from {offeredByPartyId} to {coveredBy}, for resources on the app; {org}/{app}"; foreach (Rule rule in rules) { if (!DelegationHelper.PolicyContainsMatchingRule(delegationPolicy, rule)) { delegationPolicy.Rules.Add(BuildDelegationRule(org, app, offeredByPartyId, coveredByPartyId, coveredByUserId, rule)); } } return(delegationPolicy); }