/// <summary>
/// Create a new <see cref="AbacAuthorizationContext"/> using registered <see cref="IPropertyBag"/> elements.
/// </summary>
/// <param name="authorizationHandlerContext">The ASP.NET Core authorization handler context used.</param>
/// <returns>A new <see cref="AbacAuthorizationContext"/> created.</returns>
public async Task <AbacAuthorizationContext> Create(AuthorizationHandlerContext authorizationHandlerContext)
{
var context = new AbacAuthorizationContext();
foreach (var propertyBag in _propertyBags)
{
//initialize the property bag and add it to the collection of property bags to be used.
await propertyBag.Initialize(authorizationHandlerContext);
context.AddBag(propertyBag);
}
return(context);
}
internal bool Evaluate(AbacAuthorizationContext context)
{
try
{
return(_ruleExpression(context));
}
catch (KeyNotFoundException keyNotFoundException)
{
//evaluating a expression that use a property that does not exist on context bag's
throw new InvalidOperationException($"The rule {RuleName} is evaluating a property that does not exist on actual DslAuthorizationContext", keyNotFoundException);
}
catch (Exception exception)
{
//other exception out of scope
throw new InvalidOperationException($"The rule {RuleName} is not evaluated succesfully.", exception);
}
}
/// <summary>
/// Check if the current policy is satisfied.
/// </summary>
/// <param name="abacAuthorizationContext">The current <see cref="AbacAuthorizationContext"/>.</param>
/// <returns></returns>
public bool IsSatisfied(AbacAuthorizationContext abacAuthorizationContext)
{
if (abacAuthorizationContext == null)
{
throw new ArgumentNullException(nameof(abacAuthorizationContext));
}
bool isSatisfied = true;
foreach (var rule in _authorizationRules)
{
//evaluate all rules in the policy, checking if is a deny rule
isSatisfied = isSatisfied && !(rule.Evaluate(abacAuthorizationContext) ^ !rule.IsDenyRule);
}
return(isSatisfied);
}
