/// <summary> /// Return a new permission with the union of this and the permission /// provided. /// IsAuthenticated must match. /// Issuer must be an exact match. /// All claims added to a new ClaimSet with the same Issuer. /// </summary> /// <param name="target"></param> /// <returns></returns> public IPermission Union(IPermission target) { if (target == null) { return(null); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(null); } if (perm.IsUnrestricted() || this.IsUnrestricted()) { return(new ClaimsPrincipalPermission(PermissionState.Unrestricted)); } if (this._isAuthenticated != perm.IsAuthenticated) { return(null); } if (!IsExactIssuerMatch(perm.Issuer)) { return(null); } List <Claim> claims = new List <Claim>(); foreach (Claim c in this._requiredClaims) { claims.Add(c); } foreach (Claim c in perm.RequiredClaims) { if (!this._requiredClaims.ContainsClaim(c)) { claims.Add(c); } } // it is assumed that the issuers are identical from the call // to IsExactIssuerMatch() above ClaimsPrincipalPermission newPerm = new ClaimsPrincipalPermission(this._isAuthenticated, new DefaultClaimSet(this._requiredClaims.Issuer, claims)); return(newPerm); }
/// <summary> /// Is the permission provided a subset of this permission? /// Issuer must be an exact match. /// Claims in this permission must all be contained in target. /// </summary> /// <param name="target"></param> /// <returns></returns> public bool IsSubsetOf(IPermission target) { if (target == null) { return(false); } ClaimsPrincipalPermission perm = target as ClaimsPrincipalPermission; if (perm == null) { return(false); } if (perm.IsUnrestricted()) { return(true); } if (this.IsUnrestricted()) { return(false); } if (this._isAuthenticated != perm.IsAuthenticated) { return(false); } if (!IsExactIssuerMatch(perm.Issuer)) { return(false); } bool isSubsetOf = false; foreach (Claim c in this._requiredClaims) { if (!perm.RequiredClaims.ContainsClaim(c)) { isSubsetOf = false; break; } } return(isSubsetOf); }