public bool Evaluate(IPermissionManaged resource, LNode parsedNode)
 {
     lock (IdentifierTable)
     {
         _factory = new LNodeFactory(parsedNode.Source);
         IdentifierTable[ResourceIdentifierName] = () => resource;
         var result = ResolveLiteral(parsedNode);
         return((bool)result.Value);
     }
 }
Exemplo n.º 2
0
        public PermissionResult GetResultUsingChain(string chainName, INode permissionToCheck, int identifier,
                                                    IPermissionManaged resource = null)
        {
            if (!Chains.ContainsKey(chainName))
            {
                Chains[chainName] = new PermissionsChain(_evaluator);
            }

            var tuple = Chains[chainName].ResolvePermission(permissionToCheck, identifier, resource);

            ComputedChainDecision?.Invoke(this, new ComputedChainDecisionEventArgs
                                          (
                                              tuple.Item2, chainName, identifier, tuple.Item1, permissionToCheck
                                          ));

            return(tuple.Item1);
        }
Exemplo n.º 3
0
        public (PermissionResult, IEnumerable <PermissionDecision>) ResolvePermission(INode nodeToResolve,
                                                                                      int identifier, IPermissionManaged resource = null)
        {
            var result     = PermissionResult.Unset;
            var considered = new List <PermissionDecision>();

            if (!_entries.ContainsKey(identifier))
            {
                return(result, considered);
            }

            var items = _entries[identifier];

            lock (items)
            {
                foreach (var keyValuePair in items.Where(kvp => kvp.Value.IsFor(nodeToResolve)))
                {
                    var grant = keyValuePair.Value;
                    if (grant.PermissionType == PermissionType.Generic)
                    {
                        switch (grant.GrantType)
                        {
                        case GrantType.Allow:
                            result = PermissionResult.Allowed;
                            break;

                        case GrantType.Deny:
                            result = PermissionResult.Denied;
                            break;
                        }

                        considered.Add(new PermissionDecision(grant, result, true));
                    }
                    else
                    {
                        var resourcedGrant      = grant as ResourcedPermissionGrant <IPermissionManaged>;
                        var conditionsSatisfied = true;
                        if (resourcedGrant.Condition != null)
                        {
                            conditionsSatisfied = _evaluator.Evaluate(resource, resourcedGrant.Condition);
                        }

                        switch (grant.GrantType)
                        {
                        case GrantType.Allow when conditionsSatisfied:
                            result = PermissionResult.Allowed;
                            considered.Add(new PermissionDecision(grant, result, conditionsSatisfied));
                            break;

                        case GrantType.Deny when conditionsSatisfied:
                            result = PermissionResult.Denied;
                            considered.Add(new PermissionDecision(grant, result, conditionsSatisfied));
                            break;

                        default:
                            considered.Add(new PermissionDecision(grant, PermissionResult.Unset,
                                                                  conditionsSatisfied));
                            break;
                        }
                    }
                }
            }

            return(result, considered);
        }