private async ValueTask <bool> CheckStreamAccessAsync(ValueTask <string> pending, ClaimsPrincipal cp,
                                                              Operation operation, PolicyInformation policy, EvaluationContext result)
        {
            var streamId = await pending.ConfigureAwait(false);

            return(await CheckStreamAccess(cp, operation, policy, result, streamId).ConfigureAwait(false));
        }
示例#2
0
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            var matches = new List <Claim>(_claims.Count);

            foreach (var claim in _claims)
            {
                if (cp.FindFirst(x =>
                                 string.Equals(x.Type, claim.Type, StringComparison.Ordinal) &&
                                 string.Equals(x.Value, claim.Value, StringComparison.Ordinal)) is Claim matched)
                {
                    matches.Add(matched);
                    if (_mode != MultipleMatchMode.All)
                    {
                        break;
                    }
                }
            }

            var matchFound = false;

            switch (_mode)
            {
            case MultipleMatchMode.All:
                if (matches.Count == _claims.Count)
                {
                    context.Add(new AssertionMatch(policy, Information, matches));
                    matchFound = true;
                }

                break;

            case MultipleMatchMode.Any:
                if (matches.Count > 0)
                {
                    context.Add(new AssertionMatch(policy, Information, matches));
                    matchFound = true;
                }

                break;

            case MultipleMatchMode.None:
                if (matches.Count == 0)
                {
                    context.Add(new AssertionMatch(policy, Information, matches));
                    matchFound = true;
                }

                break;

            default:
                throw new ArgumentOutOfRangeException();
            }


            return(new ValueTask <bool>(matchFound));
        }
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            var streamId = FindStreamId(operation.Parameters.Span, context.CancellationToken);

            if (streamId.IsCompleted)
            {
                return(CheckStreamAccess(cp, operation, policy, context, streamId.Result));
            }
            return(CheckStreamAccessAsync(streamId, cp, operation, policy, context));
        }
示例#4
0
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            if (cp.FindFirst(_claimType) is Claim matchedClaim &&
                operation.Parameters.Span.Contains(new Parameter(_parameterName, matchedClaim.Value)))
            {
                context.Add(new AssertionMatch(policy, Information, matchedClaim));
                return(new ValueTask <bool>(true));
            }

            return(new ValueTask <bool>(false));
        }
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            if (operation == Operations.Subscriptions.ProcessMessages ||
                operation == Operations.Subscriptions.ReplayParked)
            {
                var stream = FindStreamId(operation.Parameters.Span);
                return(_streamAssertion.Evaluate(cp,
                                                 StreamRead.WithParameter(Operations.Streams.Parameters.StreamId(stream)), policy, context));
            }

            return(new ValueTask <bool>(false));
        }
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            // ReSharper disable once PatternAlwaysOfType
            if (cp.FindFirst(x =>
                             string.Equals(x.Type, _claim.Type, StringComparison.Ordinal) &&
                             string.Equals(x.Value, _claim.Value, StringComparison.Ordinal)) is Claim matched)
            {
                context.Add(new AssertionMatch(policy, Information, matched));
                return(new ValueTask <bool>(true));
            }

            return(new ValueTask <bool>(false));
        }
 public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                  EvaluationContext context)
 {
     if (!cp.Claims.Any() ||
         cp.Claims.Any(x => string.Equals(x.Type, ClaimTypes.Anonymous, StringComparison.Ordinal)))
     {
         context.Add(new AssertionMatch(policy, new AssertionInformation("match", "authenticated", Grant.Deny)));
     }
     else
     {
         context.Add(new AssertionMatch(policy,
                                        new AssertionInformation("match", "authenticated", Grant.Allow)));
     }
     return(new ValueTask <bool>(true));
 }
示例#8
0
        public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                         EvaluationContext context)
        {
            var remaining = _assertions;

            while (!remaining.IsEmpty && context.Grant != Grant.Deny)
            {
                var pending = remaining.Span[0].Evaluate(cp, operation, policy, context);
                remaining = remaining.Slice(1);
                if (!pending.IsCompleted)
                {
                    return(EvaluateAsync(pending, remaining, cp, operation, policy, context));
                }
                if (pending.Result)
                {
                    return(new ValueTask <bool>(true));
                }
            }

            return(new ValueTask <bool>(false));
        }
        private ValueTask <bool> CheckStreamAccess(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                                   EvaluationContext context, string streamId)
        {
            if (streamId == null)
            {
                context.Add(new AssertionMatch(policy,
                                               new AssertionInformation("streamId", "streamId is null", Grant.Deny)));
                return(new ValueTask <bool>(true));
            }

            if (streamId == "")
            {
                streamId = SystemStreams.AllStream;
            }
            if (streamId == SystemStreams.AllStream &&
                (operation == Operations.Streams.Delete || operation == Operations.Streams.Write))
            {
                context.Add(new AssertionMatch(policy,
                                               new AssertionInformation("streamId", $"{operation.Action} denied on $all", Grant.Deny)));
                return(new ValueTask <bool>(true));
            }

            var action = operation.Action;

            if (SystemStreams.IsMetastream(streamId))
            {
                action = operation.Action switch {
                    "read" => "metadataRead",
                    "write" => "metadataWrite",
                    _ => null
                };
                streamId = SystemStreams.OriginalStreamOf(streamId);
            }

            return(action switch {
                "read" => Check(cp, operation, action, streamId, policy, context),
                "write" => Check(cp, operation, action, streamId, policy, context),
                "delete" => Check(cp, operation, action, streamId, policy, context),
                "metadataWrite" => Check(cp, operation, action, streamId, policy, context),
                "metadataRead" => Check(cp, operation, action, streamId, policy, context),
                null => InvalidMetadataOperation(operation, policy, context),
                _ => throw new ArgumentOutOfRangeException(nameof(operation.Action), action)
            });
示例#10
0
        private async ValueTask <bool> EvaluateAsync(ValueTask <bool> pending, ReadOnlyMemory <IAssertion> remaining,
                                                     ClaimsPrincipal cp, Operation operation, PolicyInformation policy, EvaluationContext result)
        {
            bool evaluated;

            while ((evaluated = await pending.ConfigureAwait(false)) && !remaining.IsEmpty)
            {
                pending   = remaining.Span[0].Evaluate(cp, operation, policy, result);
                remaining = remaining.Slice(1);
            }

            if (!evaluated)
            {
                result.Add(new AssertionMatch(policy, _failedToMatchAllSubAssertions));
            }
            return(evaluated);
        }
示例#11
0
 public PolicyEvaluator(ReadOnlyPolicy policy)
 {
     _policy     = policy;
     _policyInfo = policy.Information;
 }
 public ValueTask <bool> Evaluate(ClaimsPrincipal cp, Operation operation, PolicyInformation policy,
                                  EvaluationContext context)
 {
     context.Add(new AssertionMatch(policy, new AssertionInformation("match", "allow anonymous", Grant.Allow)));
     return(new ValueTask <bool>(true));
 }
示例#13
0
 public AssertionMatch(PolicyInformation policy, AssertionInformation assertion, IReadOnlyList <Claim> matches)
 {
     Policy    = policy;
     Assertion = assertion;
     Matches   = matches;
 }
示例#14
0
 public AssertionMatch(PolicyInformation policy, AssertionInformation assertion, params Claim[] matches) : this(
         policy, assertion, (IReadOnlyList <Claim>)matches)
 {
 }