public Task AuthorizeSingleItemAsync(
IEnumerable <Claim> relevantClaims,
EdFiAuthorizationContext authorizationContext,
CancellationToken cancellationToken)
{
var claimNamespacePrefixes = GetClaimNamespacePrefixes(authorizationContext);
var contextData = _authorizationContextDataFactory
.CreateContextData <NamespaceBasedAuthorizationContextData>(
authorizationContext.Data);
if (contextData == null)
{
throw new NotSupportedException(
"No 'Namespace' property could be found on the resource in order to perform authorization. Should a different authorization strategy be used?");
}
if (string.IsNullOrWhiteSpace(contextData.Namespace))
{
throw new EdFiSecurityException(
"Access to the resource item could not be authorized because the Namespace of the resource is empty.");
}
if (!claimNamespacePrefixes.Any(ns => contextData.Namespace.StartsWithIgnoreCase(ns)))
{
string claimNamespacePrefixesText = string.Join("', '", claimNamespacePrefixes);
throw new EdFiSecurityException(
$"Access to the resource item with namespace '{contextData.Namespace}' could not be authorized based on the caller's NamespacePrefix claims: '{claimNamespacePrefixesText}'.");
}
return(Task.CompletedTask);
}
protected override void Act()
{
var factory = new AuthorizationContextDataFactory();
_suppliedEntity = new EntityWithRoleNamedProperties
{
Name = "Bob", SchoolId = 1, FirstEducationOrganizationId = 10, SecondEducationOrganizationId = 20
};
_actualContextData = factory.CreateContextData <RelationshipsAuthorizationContextData>(_suppliedEntity);
}
protected override void Act()
{
var factory = new AuthorizationContextDataFactory();
_suppliedEntity = new EntityWithRoleNamedProperties
{
Name = "Bob", SchoolId = 1, UnmappedEducationOrganizationId = 10, MappedEducationOrganizationId = 20
};
_actualContextData = factory.CreateContextData <RelationshipsAuthorizationContextData>(
_suppliedEntity,
new[]
{
new PropertyMapping("MappedEducationOrganizationId", "EducationOrganizationId")
});
}
protected override void Act()
{
var factory = new AuthorizationContextDataFactory();
_suppliedEntity = new EntityWithRoleNamedProperties
{
Name = "Bob", SchoolId = 1, UnmappedEducationOrganizationId = 10, MappedEducationOrganizationId = 20
};
factory.CreateContextData <RelationshipsAuthorizationContextData>(
_suppliedEntity,
new[]
{
new PropertyMapping("NonExistingSourcePropertyName", "SchoolId"),
new PropertyMapping("SchoolId", "NonExistingTargetPropertyName")
});
}
public Task AuthorizeSingleItemAsync(
IEnumerable <Claim> relevantClaims,
EdFiAuthorizationContext authorizationContext,
CancellationToken cancellationToken)
{
var contextData = _authorizationContextDataFactory
.CreateContextData <OwnershipBasedAuthorizationContextData>(
authorizationContext.Data);
if (contextData == null)
{
throw new NotSupportedException(
"No 'OwnershipToken' property could be found on the resource in order to perform authorization. Should a different authorization strategy be used?");
}
if (contextData != null)
{
if (contextData.CreatedByOwnershipTokenId != null)
{
var tokens = authorizationContext.Principal.Claims.Where(c => c.Type == EdFiOdsApiClaimTypes.OwnershipTokenId &&
c.Value == contextData.CreatedByOwnershipTokenId.ToString());
if (!tokens.Any())
{
throw new EdFiSecurityException(
"Access to the resource item could not be authorized caller's Ownership token is not matching with resources Ownership token");
}
}
else
{
throw new EdFiSecurityException(
"Access to the resource item could not be authorized based on the caller's Ownership token");
}
}
return(Task.CompletedTask);
}
