/// <summary> /// Authorizes and filters events based on authorization /// </summary> /// <param name="consumer">The event consumer</param> /// <param name="cloudEvents">The list of events</param> /// <returns>A list of authorized events</returns> public async Task <List <CloudEvent> > AuthorizeEvents(ClaimsPrincipal consumer, List <CloudEvent> cloudEvents) { XacmlJsonRequestRoot xacmlJsonRequest = CloudEventXacmlMapper.CreateMultiDecisionRequest(consumer, cloudEvents); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest); List <CloudEvent> authorizedEventsList = new List <CloudEvent>(); foreach (XacmlJsonResult result in response.Response) { if (DecisionHelper.ValidateDecisionResult(result, consumer)) { string eventId = string.Empty; // Loop through all attributes in Category from the response foreach (XacmlJsonCategory category in result.Category) { var attributes = category.Attribute; foreach (var attribute in attributes) { if (attribute.AttributeId.Equals(AltinnXacmlUrns.EventId)) { eventId = attribute.Value; } } } // Find the instance that has been validated to add it to the list of authorized instances. CloudEvent authorizedEvent = cloudEvents.First(i => i.Id == eventId); authorizedEventsList.Add(authorizedEvent); } } return(authorizedEventsList); }
/// <summary> /// Method to authorize access to an Altinn App event /// </summary> public async Task <bool> AuthorizeConsumerForAltinnAppEvent(CloudEvent cloudEvent, string consumer) { XacmlJsonRequestRoot xacmlJsonRequest = CloudEventXacmlMapper.CreateDecisionRequest(cloudEvent, consumer); XacmlJsonResponse response = await _pdp.GetDecisionForRequest(xacmlJsonRequest); return(ValidateResult(response)); }