private void InitializeInterpreter()
{
Dictionary <String, AbstractFunction> functions = new Dictionary <string, AbstractFunction>();
foreach (var entry in fm.FunctionDict)
{
String key = entry.Key;
var function = entry.Value;
functions.Add(key, function);
}
if (model.Model.ContainsKey("g"))
{
foreach (var entry in model.Model["g"])
{
String key = entry.Key;
Assertion ast = entry.Value;
IRoleManager rm = ast.RM;
functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm));
}
}
_interpreter = new Interpreter();
foreach (var func in functions)
{
_interpreter.SetFunction(func.Key, func.Value);
}
_parsedExpression = null;
}
private Interpreter GetAndInitializeInterpreter()
{
var functions = new Dictionary <string, AbstractFunction>();
foreach (var entry in functionMap.FunctionDict)
{
string key = entry.Key;
var function = entry.Value;
functions.Add(key, function);
}
if (model.Model.ContainsKey(PermConstants.Section.RoleSection))
{
foreach (var entry in model.Model[PermConstants.Section.RoleSection])
{
string key = entry.Key;
var ast = entry.Value;
var rm = ast.RoleManager;
functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm));
}
}
var interpreter = new Interpreter();
foreach (var func in functions)
{
interpreter.SetFunction(func.Key, func.Value);
}
return(interpreter);
}
protected override Delegate GetFunc()
{
Func <string, string, bool> call = (arg1, arg2) =>
{
return(BuiltInFunctions.RegexMatch(arg1, arg2));
};
return(call);
}
/// <summary>
/// enforce decides whether a "subject" can access a "object" with the operation
/// "action", input parameters are usually: (sub, obj, act).
/// </summary>
/// <param name="rvals">the request needs to be mediated, usually an array of strings,
/// can be class instances if ABAC is used.</param>
/// <returns>whether to allow the request.</returns>
public Boolean Enforce(params Object[] rvals)
{
if (!_enabled)
{
return(true);
}
Dictionary <String, AbstractFunction> functions = new Dictionary <string, AbstractFunction>();
foreach (var entry in fm.FunctionDict)
{
String key = entry.Key;
var function = entry.Value;
functions.Add(key, function);
}
if (model.Model.ContainsKey("g"))
{
foreach (var entry in model.Model["g"])
{
String key = entry.Key;
Assertion ast = entry.Value;
IRoleManager rm = ast.RM;
functions.Add(key, BuiltInFunctions.GenerateGFunction(key, rm));
}
}
String expString = model.Model["m"]["m"].Value;
var interpreter = new Interpreter();
foreach (var func in functions)
{
interpreter.SetFunction(func.Key, func.Value);
}
Effect.Effect[] policyEffects;
float[] matcherResults;
int policyLen;
object result = null;
if ((policyLen = model.Model["p"]["p"].Policy.Count) != 0)
{
policyEffects = new Effect.Effect[policyLen];
matcherResults = new float[policyLen];
for (int i = 0; i < model.Model["p"]["p"].Policy.Count; i++)
{
List <String> pvals = model.Model["p"]["p"].Policy[i];
Dictionary <String, Object> parameters = new Dictionary <string, object>();
for (int j = 0; j < model.Model["r"]["r"].Tokens.Length; j++)
{
String token = model.Model["r"]["r"].Tokens[j];
parameters.Add(token, rvals[j]);
}
for (int j = 0; j < model.Model["p"]["p"].Tokens.Length; j++)
{
String token = model.Model["p"]["p"].Tokens[j];
parameters.Add(token, pvals[j]);
}
foreach (var item in parameters)
{
interpreter.SetVariable(item.Key, item.Value);
}
result = interpreter.Eval(expString);
if (result is Boolean)
{
if (!((Boolean)result))
{
policyEffects[i] = Effect.Effect.Indeterminate;
continue;
}
}
else if (result is float)
{
if ((float)result == 0)
{
policyEffects[i] = Effect.Effect.Indeterminate;
continue;
}
else
{
matcherResults[i] = (float)result;
}
}
else
{
throw new Exception("matcher result should be bool, int or float");
}
if (parameters.ContainsKey("p_eft"))
{
String eft = (String)parameters["p_eft"];
if (eft.Equals("allow"))
{
policyEffects[i] = Effect.Effect.Allow;
}
else if (eft.Equals("deny"))
{
policyEffects[i] = Effect.Effect.Deny;
}
else
{
policyEffects[i] = Effect.Effect.Indeterminate;
}
}
else
{
policyEffects[i] = Effect.Effect.Allow;
}
if (model.Model["e"]["e"].Value.Equals("priority(p_eft) || deny"))
{
break;
}
}
}
else
{
policyEffects = new Effect.Effect[1];
matcherResults = new float[1];
Dictionary <String, Object> parameters = new Dictionary <string, Object>();
for (int j = 0; j < model.Model["r"]["r"].Tokens.Length; j++)
{
String token = model.Model["r"]["r"].Tokens[j];
parameters.Add(token, rvals[j]);
}
for (int j = 0; j < model.Model["p"]["p"].Tokens.Length; j++)
{
String token = model.Model["p"]["p"].Tokens[j];
parameters.Add(token, "");
}
foreach (var item in parameters)
{
interpreter.SetVariable(item.Key, item.Value);
}
result = interpreter.Eval(expString, parameters.Select(x => new Parameter(x.Key, x.Value)).ToArray());
if ((Boolean)result)
{
policyEffects[0] = Effect.Effect.Allow;
}
else
{
policyEffects[0] = Effect.Effect.Indeterminate;
}
}
result = eft.MergeEffects(model.Model["e"]["e"].Value, policyEffects, matcherResults);
return((Boolean)result);
}