public async Task Create(
AuthorizationPolicyInfo policy,
CancellationToken cancellationToken = default(CancellationToken))
{
if (policy == null)
{
throw new ArgumentException("policy cannot be null");
}
using (var db = _contextFactory.CreateContext())
{
var entity = new AuthorizationPolicyEntity();
policy.CopyTo(entity);
SyncRoles(db, policy.AllowedRoles, entity);
SyncSchemes(db, policy.AuthenticationSchemes, entity);
SyncClaimRequirements(db, policy.RequiredClaims, entity);
db.Policies.Add(entity);
int rowsAffected = await db.SaveChangesAsync(cancellationToken)
.ConfigureAwait(false);
_cache.ClearListCache(policy.TenantId);
}
}
public static AuthorizationPolicyInfo ToAuthorizationPolicyInfo(this AuthorizationPolicyEntity entity)
{
var policy = new AuthorizationPolicyInfo();
policy.Id = entity.Id;
policy.Name = entity.Name;
policy.TenantId = entity.TenantId;
policy.RequireAuthenticatedUser = entity.RequireAuthenticatedUser;
policy.RequiredUserName = entity.RequiredUserName;
policy.Notes = entity.Notes;
foreach (var r in entity.AllowedRoles)
{
policy.AllowedRoles.Add(r.AllowedRole);
}
foreach (var s in entity.AuthenticationSchemes)
{
policy.AuthenticationSchemes.Add(s.AuthenticationScheme);
}
foreach (var c in entity.RequiredClaims)
{
var cr = new ClaimRequirement();
cr.ClaimName = c.ClaimName;
foreach (var r in c.AllowedValues)
{
cr.AllowedValues.Add(r.AllowedValue);
}
policy.RequiredClaims.Add(cr);
}
return(policy);
}
public static void CopyTo(this AuthorizationPolicyInfo policy, AuthorizationPolicyEntity entity)
{
entity.Id = policy.Id;
entity.Name = policy.Name;
entity.TenantId = policy.TenantId;
entity.RequireAuthenticatedUser = policy.RequireAuthenticatedUser;
entity.RequiredUserName = policy.RequiredUserName;
entity.Notes = policy.Notes;
//policy.AllowedRoles.SyncTo(entity.AllowedRoles, entity);
//policy.AuthenticationSchemes.SyncTo(entity.AuthenticationSchemes, entity);
//policy.RequiredClaims.SyncTo(entity.RequiredClaims, entity);
}
private void SyncClaimRequirements(
IDynamicPolicyDbContext db,
List <ClaimRequirement> requiredClaims,
AuthorizationPolicyEntity entity)
{
if (requiredClaims.Count == 0)
{
entity.RequiredClaims.Clear();
}
else
{
if (entity.RequiredClaims.Count > 0)
{
for (int i = 0; i < entity.RequiredClaims.Count; i++)
{
if (!requiredClaims.HasClaim(entity.RequiredClaims[i].ClaimName))
{
db.ClaimRequirements.Remove(entity.RequiredClaims[i]);
entity.RequiredClaims.RemoveAt(i);
}
}
}
foreach (var c in requiredClaims)
{
var found = entity.RequiredClaims.FindClaim(c.ClaimName);
if (found != null)
{
//c.SyncTo(found);
SyncClaimAllowedValues(db, c, found);
}
else
{
var newClaim = new ClaimRequirementEntity();
newClaim.ClaimName = c.ClaimName;
newClaim.Policy = entity;
// c.SyncTo(newClaim);
SyncClaimAllowedValues(db, c, newClaim);
entity.RequiredClaims.Add(newClaim);
db.ClaimRequirements.Add(newClaim);
}
}
}
}
private void SyncRoles(
IDynamicPolicyDbContext db,
List <string> allowedRoleStrings,
//List<AllowedRoleEntity> allowedRoles,
AuthorizationPolicyEntity entity)
{
if (allowedRoleStrings.Count == 0)
{
entity.AllowedRoles.Clear();
}
else
{
if (entity.AllowedRoles.Count > 0)
{
for (int i = 0; i < entity.AllowedRoles.Count; i++)
{
if (!allowedRoleStrings.Contains(entity.AllowedRoles[i].AllowedRole))
{
db.AllowedRoles.Remove(entity.AllowedRoles[i]);
entity.AllowedRoles.RemoveAt(i);
}
}
}
foreach (var s in allowedRoleStrings)
{
if (!entity.AllowedRoles.HasRole(s))
{
var r = new AllowedRoleEntity();
r.AllowedRole = s;
r.Policy = entity;
entity.AllowedRoles.Add(r);
db.AllowedRoles.Add(r);
}
}
}
}
private static void SyncSchemes(
IDynamicPolicyDbContext db,
List <string> authSchemeStrings,
AuthorizationPolicyEntity entity)
{
if (authSchemeStrings.Count == 0)
{
entity.AuthenticationSchemes.Clear();
}
else
{
if (entity.AuthenticationSchemes.Count > 0)
{
for (int i = 0; i < entity.AuthenticationSchemes.Count; i++)
{
if (!authSchemeStrings.Contains(entity.AuthenticationSchemes[i].AuthenticationScheme))
{
db.AuthenticationSchemes.Remove(entity.AuthenticationSchemes[i]);
entity.AuthenticationSchemes.RemoveAt(i);
}
}
}
foreach (var s in authSchemeStrings)
{
if (!entity.AuthenticationSchemes.HasScheme(s))
{
var r = new AuthenticationSchemeEntity();
r.AuthenticationScheme = s;
r.Policy = entity;
entity.AuthenticationSchemes.Add(r);
db.AuthenticationSchemes.Add(r);
}
}
}
}
