public async Task visitor_allow_to_parse_with_not_title_case()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
suBjEct.roLe = ""Nurse"" AND reSourcE.acTion = ""MedicalRecord""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "MedicalRecord" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_throw_when_check_satisfied_if_context_does_not_contain_a_property()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Name", new [] { "Mary Joe" } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
Assert.Throws <InvalidOperationException>(() =>
{
dslAuthorizationPolicy.IsSatisfied(context);
}).Message.Should().BeEquivalentTo("The rule CardiologyNurses is evaluating a property that does not exist on actual DslAuthorizationContext");
}
public async Task visitor_allow_to_parse_contains_bool_operators()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role CONTAINS ""Nurse"" AND Resource.Action <> ""internalreports""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new [] { "Doctor", "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context)
.Should()
.BeTrue();
}
public async Task visitor_allow_to_parse_primitive_string_comparer_expressions()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Name = ""Mary Joe""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Name", new [] { "Mary Joe" } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_allow_to_parse_aritmetic_operations_with_context_data()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Age < 20 AND Subject.Id * 1000 >= 1000 * 1
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Age", new object[] { 19 } },
{ "Id", new object[] { 1 } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeTrue();
}
public async Task visitor_allow_to_parse_aritmetic_operations()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse"" AND Resource.Id > (10 * 100 * 10)
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new [] { "Nurse" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Id", new object[] { 999 } },
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
}
public async Task visitor_allow_to_use_multiple_rules()
{
const string policy = @"
policy Example begin
rule CardiologyNurses (PERMIT) begin
Subject.Role = ""Nurse""
AND Resource.Action = ""medicalreports""
end
rule CardiologyNursesExcepJhonDoe (DENY) begin
Subject.Role = ""Nurse""
AND Resource.Action = ""medicalreports""
AND Subject.Name = ""Jhon Doe""
end
end";
var dslAuthorizationPolicy = AbacAuthorizationPolicy.CreateFromGrammar(policy, WellKnownGrammars.Bal);
dslAuthorizationPolicy.PolicyName.Should().BeEquivalentTo("Example");
var propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
{ "Name", new[] { "Mary Joe" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
var contextFactory = new AbacAuthorizationContextFactory(propertyBags);
var context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context)
.Should().BeTrue();
propertyBags = new List <IPropertyBag>()
{
new TestPropertyBag("Subject", new Dictionary <string, IEnumerable <object> >()
{
{ "Role", new[] { "Nurse" } },
{ "Name", new[] { "Jhon Doe" } },
}),
new TestPropertyBag("Resource", new Dictionary <string, IEnumerable <object> >()
{
{ "Action", new[] { "medicalreports" } }
})
};
contextFactory = new AbacAuthorizationContextFactory(propertyBags);
context = await contextFactory.Create(null);
dslAuthorizationPolicy.IsSatisfied(context).Should().BeFalse();
}
public AbacAuthorizationHandler(
AbacAuthorizationContextFactory abacAuthorizationContextFactory,
IRuntimeAuthorizationServerStore runtimeAuthorizationServerStore,
ILogger <AbacAuthorizationHandler> logger)
{
Ensure.Argument.NotNull(abacAuthorizationContextFactory, nameof(abacAuthorizationContextFactory));
Ensure.Argument.NotNull(runtimeAuthorizationServerStore, nameof(runtimeAuthorizationServerStore));
Ensure.Argument.NotNull(logger, nameof(logger));
_abacAuthorizationContextFactory = abacAuthorizationContextFactory;
_runtimeAuthorizationServerStore = runtimeAuthorizationServerStore;
_logger = logger;
}
