async Task IIamProvider.AddRole(string policyName, string roleName, IIamProviderCache cache)
{
var roles = cache.GetRoles(policyName);
if (roles == null || !roles.Contains(roleName))
{
var policyId = await CreateOrGetPolicy(policyName);
var role = await _roleManager.FindByNameAsync(roleName);
if (role != null)
{
if (!(await _context.IamPolicyRoles.AnyAsync(x => x.PolicyId.Equals(policyId) && x.RoleId.Equals(role.Id))))
{
var policyRole = new Model.PolicyRole <TKey>()
{
PolicyId = policyId,
RoleId = role.Id
};
_context.IamPolicyRoles.Add(policyRole);
await _context.SaveChangesAsync();
cache.AddRole(policyName, roleName);
}
}
}
}
public IamAuthorizationPolicyProvider(IOptions <AuthorizationOptions> options, IIamProvider iamProvider, IIamProviderCache iamProviderCache) : base(options)
{
if (options == null)
{
throw new ArgumentNullException(nameof(options));
}
_options = options.Value;
_iamProvider = iamProvider ?? throw new ArgumentNullException(nameof(iamProvider));
_iamProviderCache = iamProviderCache ?? throw new ArgumentNullException(nameof(iamProviderCache));
}
async Task IIamProvider.RemoveRoles(string policyName, IIamProviderCache cache)
{
var policyId = await CreateOrGetPolicy(policyName);
var iamRoles = await _context.IamPolicyRoles
.Where(x => x.PolicyId.Equals(policyId))
.ToListAsync();
_context.IamPolicyRoles.RemoveRange(iamRoles);
await _context.SaveChangesAsync();
cache.RemoveRoles(policyName);
}
async Task IIamProvider.RemoveClaim(string policyName, IIamProviderCache cache)
{
var policyId = await CreateOrGetPolicy(policyName);
var claim = await _context.IamPolicyClaims.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId));
if (claim != null)
{
_context.IamPolicyClaims.Remove(claim);
await _context.SaveChangesAsync();
}
cache.RemoveClaim(policyName);
}
async Task IIamProvider.RemoveRole(string policyName, string roleName, IIamProviderCache cache)
{
var policyId = await CreateOrGetPolicy(policyName);
var role = await _roleManager.FindByNameAsync(roleName);
if (role != null)
{
var iamRole = await _context.IamPolicyRoles.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId) && x.RoleId.Equals(role.Id));
if (iamRole != null)
{
_context.IamPolicyRoles.Remove(iamRole);
await _context.SaveChangesAsync();
}
cache.RemoveRole(policyName, roleName);
}
}
async Task <string> IIamProvider.GetRequiredClaim(string policyName, IIamProviderCache cache)
{
string ret = cache.GetClaim(policyName);
if (string.IsNullOrEmpty(ret))
{
var policyId = await CreateOrGetPolicy(policyName);
var policy = await _context.IamPolicyClaims
.AsNoTracking()
.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId));
ret = policy?.Claim;
if (policy != null)
{
cache.AddOrUpdateClaim(policyName, ret);
}
}
return(ret);
}
async Task IIamProvider.AddClaim(string policyName, string claimValue, IIamProviderCache cache)
{
if (string.IsNullOrEmpty(cache.GetClaim(policyName)))
{
var policyId = await CreateOrGetPolicy(policyName);
if (!(await _context.IamPolicyClaims.AnyAsync(x => x.PolicyId.Equals(policyId) && x.Claim == claimValue)))
{
var policyClaim = new Model.PolicyClaim <TKey>()
{
PolicyId = policyId,
Claim = claimValue
};
_context.IamPolicyClaims.Add(policyClaim);
await _context.SaveChangesAsync();
cache.AddOrUpdateClaim(policyName, claimValue);
}
}
}
public async Task <bool> IsResourceIdAccessRequired(string policyName, IIamProviderCache cache)
{
bool?ret = cache.IsResourceIdAccessRequired(policyName);
if (!ret.HasValue)
{
var policyId = await CreateOrGetPolicy(policyName);
var policy = await _context.IamPolicyResourceIds
.AsNoTracking()
.FirstOrDefaultAsync(x => x.PolicyId.Equals(policyId));
ret = policy?.RequiresResourceIdAccess;
if (ret != null)
{
cache.ToggleResourceIdAccess(policyName, policy.RequiresResourceIdAccess);
}
}
return(ret.GetValueOrDefault(false));
}
public async Task ToggleResourceIdAccess(string policyName, bool isRequired, IIamProviderCache cache)
{
var policyId = await CreateOrGetPolicy(policyName);
var policy = await _context.IamPolicyResourceIds
.FirstOrDefaultAsync(x => x.Id.Equals(policyId));
if (policy == null)
{
_context.IamPolicyResourceIds.Add(new Model.PolicyResourceId <TKey>()
{
PolicyId = policyId,
RequiresResourceIdAccess = isRequired
});
}
else
{
policy.RequiresResourceIdAccess = isRequired;
}
await _context.SaveChangesAsync();
cache.ToggleResourceIdAccess(policyName, isRequired);
}
Task <ICollection <string> > IIamProvider.GetRequiredRoles(string policyName, IIamProviderCache cache)
{
var ret = cache.GetRoles(policyName);
return(Task.FromResult(ret));
}
Task <bool> IIamProvider.NeedsUpdate(string policyName, IIamProviderCache cache)
{
var ret = cache.NeedsUpdate(policyName);
return(Task.FromResult(ret));
}
Task IIamProvider.AddRole(string policyName, string roleName, IIamProviderCache cache)
{
cache.AddRole(policyName, roleName);
return(Task.CompletedTask);
}
Task <string> IIamProvider.GetRequiredClaim(string policyName, IIamProviderCache cache)
{
var ret = cache.GetClaim(policyName);
return(Task.FromResult(ret));
}
public Task ToggleResourceIdAccess(string policyName, bool isRequired, IIamProviderCache cache)
{
cache.ToggleResourceIdAccess(policyName, isRequired);
return(Task.CompletedTask);
}
Task IIamProvider.AddClaim(string policyName, string claimValue, IIamProviderCache cache)
{
cache.AddOrUpdateClaim(policyName, claimValue);
return(Task.CompletedTask);
}
private static void TogglePolicyResourceIdAccess(string[] policies, IIamProvider iamProvider, IIamProviderCache iamProviderCache)
{
foreach (var policy in policies)
{
iamProvider.ToggleResourceIdAccess(policy, true, iamProviderCache).Wait();
}
}
public void Initialize()
{
cache = new DefaultIamProviderCache();
}
private static void AddPoliciesToClaims(string[] policies, IIamProvider iamProvider, IIamProviderCache iamProviderCache)
{
foreach (var policy in policies)
{
iamProvider.AddClaim(policy, policy, iamProviderCache).Wait();
}
}
Task IIamProvider.RemoveRoles(string policyName, IIamProviderCache cache)
{
cache.RemoveRoles(policyName);
return(Task.CompletedTask);
}
async Task <ICollection <string> > IIamProvider.GetRequiredRoles(string policyName, IIamProviderCache cache)
{
ICollection <string> ret = cache.GetRoles(policyName);
if (ret == null || ret.Count == 0)
{
var policyId = await CreateOrGetPolicy(policyName);
var roles = await _context.IamPolicyRoles
.AsNoTracking()
.Where(x => x.PolicyId.Equals(policyId))
.Select(x => x.RoleId)
.ToListAsync();
ret = await _context.Roles
.AsNoTracking()
.Where(x => roles.Contains(x.Id))
.Select(x => x.Name)
.ToListAsync();
foreach (var role in ret)
{
cache.AddRole(policyName, role);
}
}
return(ret);
}
public Task <bool> IsResourceIdAccessRequired(string policyName, IIamProviderCache cache)
{
var ret = cache.IsResourceIdAccessRequired(policyName);
return(Task.FromResult(ret.GetValueOrDefault(false)));
}
private static void AddPoliciesToRoles(string[] policies, string[] roles, IIamProvider iamProvider, IIamProviderCache iamProviderCache)
{
foreach (var policy in policies)
{
foreach (var role in roles)
{
iamProvider.AddRole(policy, role, iamProviderCache).Wait();
}
}
}