EnforceExAsync(params object[] requestValues)
{
var explains = new List <IEnumerable <string> >();
if (_enabled is false)
{
return(true, explains);
}
if (_enableCache is false)
{
return(await InternalEnforceAsync(requestValues, explains), explains);
}
if (requestValues.Any(requestValue => requestValue is not string))
{
return(await InternalEnforceAsync(requestValues, explains), explains);
}
string key = string.Join("$$", requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
if (EnforceCache.TryGetResult(requestValues, key, out bool cachedResult))
{
Logger?.LogEnforceCachedResult(requestValues, cachedResult);
return(cachedResult, explains);
}
bool result = await InternalEnforceAsync(requestValues, explains);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
await EnforceCache.TrySetResultAsync(requestValues, key, result);
return(result, explains);
}
/// <summary>
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
/// </summary>
/// <param name="requestValues">The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.</param>
/// <returns>Whether to allow the request.</returns>
public bool Enforce(params object[] requestValues)
{
if (_enabled is false)
{
return(true);
}
if (_enableCache is false)
{
return(InternalEnforce(requestValues));
}
if (requestValues.Any(requestValue => requestValue is not string))
{
return(InternalEnforce(requestValues));
}
string key = string.Join("$$", requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
if (EnforceCache.TryGetResult(requestValues, key, out bool cachedResult))
{
#if !NET45
Logger?.LogEnforceCachedResult(requestValues, cachedResult);
#endif
return(cachedResult);
}
bool result = InternalEnforce(requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
EnforceCache.TrySetResult(requestValues, key, result);
return(result);
}
/// <summary>
/// Sets the current model.
/// </summary>
/// <param name="model"></param>
public void SetModel(Model.Model model)
{
this.model = model;
ExpressionHandler = new ExpressionHandler(model);
if (autoCleanEnforceCache)
{
EnforceCache?.Clear();
#if !NET45
Logger?.LogInformation("Enforcer Cache, Cleared all enforce cache.");
#endif
}
}
/// <summary>
/// Clears all policy.
/// </summary>
public void ClearPolicy()
{
model.ClearPolicy();
if (autoCleanEnforceCache)
{
EnforceCache?.Clear();
#if !NET45
Logger?.LogInformation("Enforcer Cache, Cleared all enforce cache.");
#endif
}
#if !NET45
Logger?.LogInformation("Policy Management, Cleared all policy.");
#endif
}
private void NotifyPolicyChanged()
{
if (autoCleanEnforceCache)
{
EnforceCache?.Clear();
#if !NET45
Logger?.LogInformation("Enforcer Cache, Cleared all enforce cache.");
#endif
}
if (autoNotifyWatcher)
{
watcher?.Update();
}
}
/// <summary>
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
/// </summary>
/// <param name="requestValues">The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.</param>
/// <returns>Whether to allow the request.</returns>
public async Task <bool> EnforceWithMatcherAsync(string matcher, params object[] requestValues)
{
if (_enabled is false)
{
return(true);
}
if (string.IsNullOrEmpty(matcher))
{
throw new ArgumentException($"'{nameof(matcher)}' cannot be null or empty.", nameof(matcher));
}
if (requestValues is null)
{
throw new ArgumentNullException(nameof(requestValues));
}
if (_enableCache is false)
{
return(await InternalEnforceAsync(requestValues, matcher));
}
if (requestValues.Any(requestValue => requestValue is not string))
{
return(await InternalEnforceAsync(requestValues, matcher));
}
string key = string.Join("$$", requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
bool?tryGetCachedResult = await EnforceCache.TryGetResultAsync(requestValues, key);
if (tryGetCachedResult.HasValue)
{
bool cachedResult = tryGetCachedResult.Value;
#if !NET45
Logger?.LogEnforceCachedResult(requestValues, cachedResult);
#endif
return(cachedResult);
}
bool result = await InternalEnforceAsync(requestValues, matcher);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
await EnforceCache.TrySetResultAsync(requestValues, key, result);
return(result);
}
private async Task NotifyPolicyChangedAsync()
{
if (autoCleanEnforceCache && EnforceCache is not null)
{
await EnforceCache.ClearAsync();
#if !NET45
Logger?.LogInformation("Enforcer Cache, Cleared all enforce cache.");
#endif
}
if (autoNotifyWatcher && watcher is not null)
{
await watcher.UpdateAsync();
}
}
/// <summary>
/// Decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
/// </summary>
/// <param name="requestValues">The request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.</param>
/// <returns>Whether to allow the request.</returns>
public async Task <bool> EnforceAsync(params object[] requestValues)
{
if (_enabled is false)
{
return(true);
}
if (_enableCache is false)
{
return(await InternalEnforceAsync(requestValues));
}
if (requestValues.Any(requestValue => requestValue is not string))
{
return(await InternalEnforceAsync(requestValues));
}
string key = string.Join("$$", requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
bool?tryGetCachedResult = await EnforceCache.TryGetResultAsync(requestValues, key);
if (tryGetCachedResult.HasValue)
{
bool cachedResult = tryGetCachedResult.Value;
#if !NET45
Logger?.LogEnforceCachedResult(requestValues, cachedResult);
#endif
return(cachedResult);
}
bool result = await InternalEnforceAsync(requestValues);
EnforceCache ??= new ReaderWriterEnforceCache(new ReaderWriterEnforceCacheOptions());
await EnforceCache.TrySetResultAsync(requestValues, key, result);
return(result);
}