public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var scopePolicyPrefix = _configuration.GetValue <string>("ScopePolicyPrefix");
var permissionPolicyPrefix = _configuration.GetValue <string>("PermissionPolicyPrefix");
if (string.IsNullOrWhiteSpace(scopePolicyPrefix))
{
scopePolicyPrefix = "Scope";
}
if (string.IsNullOrWhiteSpace(permissionPolicyPrefix))
{
permissionPolicyPrefix = "Permission";
}
if (policyName.StartsWith(scopePolicyPrefix, StringComparison.OrdinalIgnoreCase))
{
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements(new ScopeRequirement(policyName));
return(Task.FromResult(policy.Build()));
}
if (policyName.StartsWith(permissionPolicyPrefix, StringComparison.OrdinalIgnoreCase))
{
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements(new PermissionRequirement(policyName));
return(Task.FromResult(policy.Build()));
}
return(_defaultAuthorizationPolicyProvider.GetPolicyAsync(policyName));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (policyName.StartsWith("Create") ||
policyName.StartsWith("Delete") ||
policyName.StartsWith("Edit") ||
policyName.StartsWith("View"))
{
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new PermissionRequirement(policyName));
return(Task.FromResult(policyBuilder.Build()));
}
else if (policyName.StartsWith("delete.") ||
policyName.StartsWith("read.") ||
policyName.StartsWith("worker.") ||
policyName.StartsWith("write."))
{
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.RequireAuthenticatedUser();
policyBuilder.AddRequirements(new ScopeRequirement(policyName));
return(Task.FromResult(policyBuilder.Build()));
}
return(FallbackPolicyProvider.GetPolicyAsync(policyName));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var defaultValue = _fallbackPolicyProvider.GetPolicyAsync(policyName);
if (!policyName.StartsWith(AuthorizeRoleAttribute.PolicyName, StringComparison.OrdinalIgnoreCase))
{
return(defaultValue);
}
var policyTokens = policyName.Split(AuthorizeRoleAttribute.PolicyDelimiter,
StringSplitOptions.RemoveEmptyEntries);
if (policyTokens.Length != 2)
{
return(defaultValue);
}
var policy = new AuthorizationPolicyBuilder("Bearer");
var roles = policyTokens[1]
.Split(AuthorizeRoleAttribute.RoleDelimiter, StringSplitOptions.RemoveEmptyEntries)
.Select(Enum.Parse <ApolloRoles>)
.ToArray();
policy.AddRequirements(new RolesRequirement(roles));
return(Task.FromResult(policy.Build()));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (!policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))
{
return(_fallbackPolicyProvider.GetPolicyAsync(policyName)); //here return back to static policies
}
var authorizationPolicyBuilder = new AuthorizationPolicyBuilder(Array.Empty <string>());
authorizationPolicyBuilder.AddRequirements((IAuthorizationRequirement) new MyAuthorizationRequirement(policyName.Substring(PolicyPrefix.Length)));
return(Task.FromResult <AuthorizationPolicy>(authorizationPolicyBuilder.Build()));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (policyName.TryParseApplicationPermissions(out var permissions))
{
var policyBuilder = new AuthorizationPolicyBuilder();
policyBuilder.AddRequirements(new AtLeastOnePermissionRequirement(permissions));
return(Task.FromResult(policyBuilder.Build()));
}
return(fallbackPolicyProvider.GetPolicyAsync(policyName));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
var requirements = GetPolicyRequirements(policyName);
if (requirements?.Any() ?? false)
{
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements(requirements);
return(Task.FromResult(policy.Build()));
}
return(FallbackPolicyProvider.GetPolicyAsync(policyName));
}
/// <summary>
/// Gets a <see cref="AuthorizationPolicy"/> from the given <paramref name="policyName"/>
/// </summary>
/// <param name="policyName">The policy name to retrieve.</param>
/// <returns>The named <see cref="AuthorizationPolicy"/>.</returns>
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
_logger.LogTrace($"PolicyName:{policyName}");
if (policyName.StartsWith(POLICY_PREFIX))
{
var role = policyName.Substring(POLICY_PREFIX.Length);
var policy = new AuthorizationPolicyBuilder();
policy.Requirements.Add(new RoleAuthorizationRequirement(role));
return(Task.FromResult(policy.Build()));
}
return(_defaultAuthorizationPolicyProvider.GetPolicyAsync(policyName));
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (_authorizationOptions.Value.GetPolicy(policyName) != null)
{
return(_fallbackPolicyProvider.GetPolicyAsync(policyName));
}
var builder = new AuthorizationPolicyBuilder();
builder.AuthenticationSchemes.Add(_options.Value.RequiredScheme);
builder.AddRequirements(new KeycloakRequirement(policyName));
return(Task.FromResult(builder.Build()));
}
public override Task <AuthorizationPolicy> GetPolicyAsync(string policyName)
{
if (policyName.StartsWith(MyIdentityData.Policy_NotBanned))
{
var topic = policyName.Substring(MyIdentityData.Policy_NotBanned.Length);
var policy = new AuthorizationPolicyBuilder();
policy.AddRequirements(new NotBannedRequirement(topic));
return(Task.FromResult(policy.Build()));
}
else
{
return(_parent.GetPolicyAsync(policyName));
}
}
protected virtual async Task <ApplicationAuthConfigurationDto> GetAuthConfigAsync()
{
var authConfig = new ApplicationAuthConfigurationDto();
var policyNames = await _abpAuthorizationPolicyProvider.GetPoliciesNamesAsync();
var abpPolicyNames = new List <string>();
var otherPolicyNames = new List <string>();
foreach (var policyName in policyNames)
{
if (await _defaultAuthorizationPolicyProvider.GetPolicyAsync(policyName) == null && _permissionDefinitionManager.GetOrNull(policyName) != null)
{
abpPolicyNames.Add(policyName);
}
else
{
otherPolicyNames.Add(policyName);
}
}
foreach (var policyName in otherPolicyNames)
{
authConfig.Policies[policyName] = true;
if (await _authorizationService.IsGrantedAsync(policyName))
{
authConfig.GrantedPolicies[policyName] = true;
}
}
var result = await _permissionChecker.IsGrantedAsync(abpPolicyNames.ToArray());
foreach (var(key, value) in result.Result)
{
authConfig.Policies[key] = true;
if (value == PermissionGrantResult.Granted)
{
authConfig.GrantedPolicies[key] = true;
}
}
return(authConfig);
}
public Task <AuthorizationPolicy> GetPolicyAsync(string policyName) => BuildAuthorizationPolicy(() => fallbackPolicyProvider.GetPolicyAsync(policyName));
