private void AddStrategiesForResourceClaimLineage(List <ResourceClaimAuthorizationMetadata> strategies, string resourceClaimUri, string action) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); //check for exact match on resource and action var claimAndStrategy = instanceSecurityRepoCacheObject.ResourceClaimAuthorizationMetadata .SingleOrDefault( rcas => rcas.ResourceClaim.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase) && rcas.Action.ActionUri.Equals(action, StringComparison.InvariantCultureIgnoreCase)); // Add the claim/strategy if it was found if (claimAndStrategy != null) { strategies.Add(claimAndStrategy); } var resourceClaim = instanceSecurityRepoCacheObject.ResourceClaims.FirstOrDefault(rc => rc.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase)); // if there's a parent resource, recurse if (resourceClaim != null && resourceClaim.ParentResourceClaim != null) { AddStrategiesForResourceClaimLineage(strategies, resourceClaim.ParentResourceClaim.ClaimName, action); } }
private void AddResourceClaimsInLineage(List <ResourceClaimAction> resourceClaimActions, string resourceClaimUri, string action) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); //check for exact match on resource and action var resourceClaimAction = instanceSecurityRepoCacheObject.ResourceClaimActions .SingleOrDefault( rca => rca.ResourceClaim.ClaimName.EqualsIgnoreCase(resourceClaimUri) && rca.Action.ActionUri.EqualsIgnoreCase(action)); // Add the resource claim (with strategies) if it was found if (resourceClaimAction != null) { resourceClaimActions.Add(resourceClaimAction); } var resourceClaim = instanceSecurityRepoCacheObject.ResourceClaims .FirstOrDefault(rc => rc.ClaimName.EqualsIgnoreCase(resourceClaimUri)); // if there's a parent resource, recurse up the hierarchy if (resourceClaim != null && resourceClaim.ParentResourceClaim != null) { AddResourceClaimsInLineage(resourceClaimActions, resourceClaim.ParentResourceClaim.ClaimName, action); } }
private IInstanceSecurityRepositoryCache MockInstanceSecurityRepositoryCallsAndInitializeCache(ISecurityContextFactory securityContextFactory) { InstanceSecurityRepositoryCacheObject values = new InstanceSecurityRepositoryCacheObject ( new Application { ApplicationId = 20, ApplicationName = "Ed-Fi ODS API" }, null, null, null, null, null, null ); var memoryCacheOption = A.Fake <IOptions <MemoryCacheOptions> >(); MemoryCache memoryCache = new MemoryCache(memoryCacheOption); CacheProvider = new MemoryCacheProvider(memoryCache); CacheProvider.SetCachedObject(TestInstanceId, values); CacheProvider.SetCachedObject(GetLastSynchedKey(TestInstanceId), SystemClock.Now()); CacheProvider.SetCachedObject(GetCurrentCacheInitializedKey(TestInstanceId), true); InstanceSecurityRepositoryCache = new InstanceSecurityRepositoryCache(securityContextFactory, CacheProvider); return(InstanceSecurityRepositoryCache); }
public virtual IEnumerable <ClaimSetResourceClaim> GetClaimsForClaimSet(string claimSetName) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); return(instanceSecurityRepoCacheObject.ClaimSetResourceClaims.Where(c => c.ClaimSet.ClaimSetName.Equals(claimSetName, StringComparison.InvariantCultureIgnoreCase))); }
public virtual Action GetActionByName(string actionName) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); return(instanceSecurityRepoCacheObject.Actions.First(a => a.ActionName.Equals(actionName, StringComparison.InvariantCultureIgnoreCase))); }
public virtual ResourceClaim GetResourceByResourceName(string resourceName) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); return(instanceSecurityRepoCacheObject.ResourceClaims.FirstOrDefault(rc => rc.ResourceName.Equals(resourceName, StringComparison.InvariantCultureIgnoreCase))); }
public virtual AuthorizationStrategy GetAuthorizationStrategyByName(string authorizationStrategyName) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); return(instanceSecurityRepoCacheObject.AuthorizationStrategies .First(a => a.AuthorizationStrategyName.EqualsIgnoreCase(authorizationStrategyName))); }
private IEnumerable <ResourceClaim> GetResourceClaimLineageForResourceClaim(string resourceClaimUri) { var instanceId = _instanceIdContextProvider.GetInstanceId(); if (string.IsNullOrEmpty(instanceId)) { throw new InvalidOperationException("Expected instanceId is null or empty."); } var instanceSecurityRepoCacheObject = InstanceSecurityRepositoryCache.GetCache() .GetSecurityRepository(instanceId); var resourceClaimLineage = new List <ResourceClaim>(); ResourceClaim resourceClaim; try { resourceClaim = instanceSecurityRepoCacheObject.ResourceClaims .SingleOrDefault(rc => rc.ClaimName.Equals(resourceClaimUri, StringComparison.InvariantCultureIgnoreCase)); } catch (InvalidOperationException ex) { // Use InvalidOperationException wrapper with custom message over InvalidOperationException // thrown by Linq to communicate back to caller the problem with the configuration. throw new InvalidOperationException($"Multiple resource claims with a claim name of '{resourceClaimUri}' were found in the Ed-Fi API's security configuration. Authorization cannot be performed.", ex); } if (resourceClaim != null) { resourceClaimLineage.Add(resourceClaim); if (resourceClaim.ParentResourceClaim != null) { resourceClaimLineage.AddRange(GetResourceClaimLineageForResourceClaim(resourceClaim.ParentResourceClaim.ClaimName)); } } return(resourceClaimLineage); }