Exemplo n.º 1
0
        public async Task visitor_allow_to_parse_with_not_title_case()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    suBjEct.roLe = ""Nurse"" AND  reSourcE.acTion = ""MedicalRecord""
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Role", new[] { "Nurse" } },
                }),
                new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Action", new[] { "MedicalRecord" } }
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
        }
Exemplo n.º 2
0
        public async Task visitor_throw_when_check_satisfied_if_context_does_not_contain_a_property()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    Subject.Role = ""Nurse""
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Name", new [] { "Mary Joe" } },
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            Assert.Throws <InvalidOperationException>(() =>
            {
                dslAuthorizationPolicy.IsSatisfied(context);
            }).Message.Should().BeEquivalentTo("The rule CardiologyNurses is evaluating a property that does not exist on actual DslAuthorizationContext");
        }
Exemplo n.º 3
0
        public async Task visitor_allow_to_parse_contains_bool_operators()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                       Subject.Role CONTAINS ""Nurse""  AND Resource.Action <> ""internalreports""
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Role", new [] { "Doctor", "Nurse" } },
                }),
                new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Action", new[] { "medicalreports" } }
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context)
            .Should()
            .BeTrue();
        }
Exemplo n.º 4
0
        public async Task visitor_allow_to_parse_primitive_string_comparer_expressions()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    Subject.Name = ""Mary Joe""
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Name", new [] { "Mary Joe" } },
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
        }
Exemplo n.º 5
0
        public async Task visitor_allow_to_parse_aritmetic_operations_with_context_data()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    Subject.Age < 20 AND  Subject.Id * 1000 >= 1000 * 1
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Age", new object[] { 19 } },
                    { "Id", new object[] { 1 } }
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
        }
Exemplo n.º 6
0
        public async Task visitor_allow_to_parse_aritmetic_operations()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    Subject.Role = ""Nurse"" AND  Resource.Id > (10 * 100 * 10)
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Role", new [] { "Nurse" } },
                }),
                new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Id", new object[] { 999 } },
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
        }
Exemplo n.º 7
0
        public async Task visitor_allow_to_use_multiple_rules()
        {
            const string policy = @"
            policy Example begin
                rule CardiologyNurses (PERMIT) begin
                    Subject.Role = ""Nurse"" 
                    AND Resource.Action = ""medicalreports""
                end
                rule CardiologyNursesExcepJhonDoe (DENY) begin
                    Subject.Role = ""Nurse"" 
                    AND Resource.Action = ""medicalreports""
                    AND Subject.Name = ""Jhon Doe""
                end
            end";

            var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);

            dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");

            var propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Role", new[] { "Nurse" } },
                    { "Name", new[] { "Mary Joe" } },
                }),
                new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Action", new[] { "medicalreports" } }
                })
            };

            var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            var context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context)
            .Should().BeTrue();

            propertyBags = new List <IPropertyBag>()
            {
                new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Role", new[] { "Nurse" } },
                    { "Name", new[] { "Jhon Doe" } },
                }),
                new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
                {
                    { "Action", new[] { "medicalreports" } }
                })
            };

            contextFactory = new AbacAuthorizationContextFactory(propertyBags);
            context        = await contextFactory.Create(null);

            dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
        }
Exemplo n.º 8
0
 public AbacAuthorizationHandler(
     AbacAuthorizationContextFactory abacAuthorizationContextFactory,
     IRuntimeAuthorizationServerStore runtimeAuthorizationServerStore,
     ILogger <AbacAuthorizationHandler> logger)
 {
     Ensure.Argument.NotNull(abacAuthorizationContextFactory, nameof(abacAuthorizationContextFactory));
     Ensure.Argument.NotNull(runtimeAuthorizationServerStore, nameof(runtimeAuthorizationServerStore));
     Ensure.Argument.NotNull(logger, nameof(logger));
     _abacAuthorizationContextFactory = abacAuthorizationContextFactory;
     _runtimeAuthorizationServerStore = runtimeAuthorizationServerStore;
     _logger = logger;
 }