EntityIdAuthorizer<TIdMemberReference>
Members
Namespace: ASPSecurityKit.Authorization
Assembly: ASPSecurityKit.dll
Summary
Implements IEntityIdAuthorizer to provide data authorization capabilities on operation parameters, request DTOs etc. in conjunction with IReferencesProvider<TIdMemberReference>.
Generic Types
| Name | Description |
|---|---|
| TIdMemberReference | The concrete type that implements IIdMemberReference model. |
Remarks
At a high level, data authorization is performed as follows:
-
Traverse through the given object/parameters (including their nested properties in case of complex type) and capture the special parameters/properties (having a non-nul value or at least one element in case of collections) that are deemed as identifiers (entityIds).
-
Obtain related references using IReferencesProvider<TIdMemberReference> for each such captured entityId if a loader is available for it; otherwise, just use that entityId value. Related references are usually ancestors, or higher level entityIds in terms of entity relationship hierarchy, which can be used to authorize operations on child or lower level entityIds.
-
Authorize each such entityId using its related references collection via IsAuthorized. Only one permitted reference is enough to authorize an entityId for the current operation.
-
If any of the entityIds couldn’t be authorized, Failed will be returned with Unauthorized, DoNotOwnEntityIds and AuthError collection having unauthorized entityId(s) information.
-
Finally, perform The entity suspension check using IsSuspended and report the failure if any. For detailed information, visit https://ASPSecurityKit.net/docs/how-to-perform-activity-based-data-aware-authorization/
Constructors
#ctor(userService,referencesProvider,suspensionService,errorResourceProvider)
Summary
Initializes a new instance of the EntityIdAuthorizer<TIdMemberReference> class.
Parameters
| Name | Type | Description |
|---|---|---|
| userService | ASPSecurityKit.IUserService | The user service. |
| referencesProvider | ASPSecurityKit.Authorization.IReferencesProvider{`0} | The references provider. |
| suspensionService | ASPSecurityKit.ISuspensionService | The suspension service. |
| errorResourceProvider | ASPSecurityKit.IErrorMessageResourceProvider | The error resource provider. |
Properties
IdMemberSelectorRegexPattern
Summary
Gets or sets the Regex pattern that is used by the default implementation of IdMemberSelector to match members (properties/parameters) as identifiers (entityIds).
Value
The Regex pattern.
Remarks
The default pattern matches anything that is either id/username/urn/userid/entityid or ends with any of these (Except for the Id, the casing of these terms doesn’t matter; but id requires that ‘I’ be uppercase to match as a suffix).
IdMemberSelector
Summary
Gets or sets the predicate that’s used to determine whether the provided member (property/parameter) represents an identifier (entityId).
Value
A Func`2 instance with MemberInfo as input and Boolean as out generic arguments.
Remarks
The default predicate selects the member if it satisfies following conditions:
-
Name is matched by the IdMemberSelectorRegexPattern.
-
The Value is either a ValueType, a String or an array/generic collection/dictionary with element/value of type ValueType or String.
Methods
Authorize(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| method | System.Reflection.MethodInfo | The method. |
| arguments | System.Collections.Generic.IDictionary{System.String,System.Object} | The operation’s arguments. |
| entityName | System.String | The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When method or arguments is null, or permissionCode is null/empty/whitespace. |
Authorize(permissionCode,dto,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| dto | System.Object | The request DTO object. |
| entityName | System.String | The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When dto is null or permissionCode is null/empty/whitespace. |
TraverseAndCapture(member,idMembers,traversed)
Summary
Traverses the given member and its nested hierarchy recursively, and captures members that are deemed as identifiers (entityIds) into the given members collection.
Parameters
| Name | Type | Description |
|---|---|---|
| member | ASPSecurityKit.Authorization.MemberInfo | The current member instance during the recursion. |
| idMembers | System.Collections.Generic.HashSet{`0} | A collection into which members deemed as entityIds to be added. | | |
| traversed | System.Collections.Generic.HashSet<System.Object> | A collection to track already traversed members to avoid infinite recursion loop. |
IsAuthorized(permissionCode,idContainers)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idContainers | System.Object[] | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
This method invokes its other overload IsAuthorized passing both the bool arguments as false.
IsAuthorized(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| idContainers | System.Boolean | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
| possessesPermissionCheckIfNoIdParamProvided | System.Object[] | Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.
IsAuthorized(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | | |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
IsSuspended(permissionCode,idMembers)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension
GetReferences(idMembers)
Summary
Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.
Returns
A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.
Parameters
| Name | Type | Description |
|---|---|---|
| idMembers | System.Collections.Generic.HashSet{`0} | The entityId members. | |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null. |
| System.InvalidOperationException | When an entityId has no references loader implemented and couldn’t be added as a self reference either. |
Remarks
Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection.
If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.
ShouldAuthorizeEntityIds(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,result)
Summary
Determines whether the data (entityIds in the request) authorization be performed. See the parameters that control the conditions to be evaluated for this purpose.
Returns
true if data authorization is required; otherwise, false.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, data authorization needs not be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, data authorization needs not be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| result | ASPSecurityKit.AuthProviders.AuthResult@ | An AuthResult instance if return value is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
GetIdMembers(idContainers)
Summary
Extracts entityIds mentioned as properties in the given container objects. Duplicate entityIds (having the same name and value) will be ignored provided that the TIdMemberReference implements the GetHashCode function based on MemberName and ValueString.
Returns
A HashSet`1 with TIdMemberReference as the generic argument, consisting of all the properties found in the given container(s), having a non-nul value (or at least one element in case of collections).
Parameters
| Name | Type | Description |
|---|---|---|
| idContainers | System.Object[] | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idContainers is null. |
ToPairsList(o)
Summary
Extracts the properties within the given object into a Tuple`3 collection.
Returns
A Tuple`3 list with each item representing a property in the given object – name as the property name, value as the property value and parent name as the type name of the given object.
Parameters
| Name | Type | Description |
|---|---|---|
| o | System.Object | The object instance whose properties need to be extracted. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When o is null. |
AuthorizeAsync(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| method | System.Reflection.MethodInfo | The method. |
| arguments | System.Collections.Generic.IDictionary{System.String,System.Object} | The operation’s arguments. |
| entityName | System.String | The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When method or arguments is null, or permissionCode is null/empty/whitespace. |
AuthorizeAsync(permissionCode,method,arguments,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided,cancellationToken)
Summary
Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| method | System.Reflection.MethodInfo | The method. |
| arguments | System.Collections.Generic.IDictionary{System.String,System.Object} | The operation’s arguments. |
| entityName | System.String | The entity name that can be used to prefix entityId parameter names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| doNotPerformGeneralPermitCheck | System.Threading.CancellationToken | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case arguments has no valid identifier and consider as authorized if the check passes. The default is false. |
| cancellationToken | System.Boolean | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When method or arguments is null, or permissionCode is null/empty/whitespace. |
AuthorizeAsync(permissionCode,dto,entityName,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| dto | System.Object | The request DTO object. |
| entityName | System.String | The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When dto is null or permissionCode is null/empty/whitespace. |
AuthorizeAsync(permissionCode,dto,entityName,cancellationToken,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| dto | System.Object | The request DTO object. |
| entityName | System.String | The entity name that can be used to prefix entityId property names that are incomplete for instance ‘Id’, to locate the right related references provider for them. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Optional. Indicates whether to perform just the PossessesPermission check in case dto has no valid identifier and consider as authorized if the check passes. The default is false. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When dto is null or permissionCode is null/empty/whitespace. |
IsAuthorizedAsync(permissionCode,idContainers)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idContainers | System.Object[] | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
This method invokes its other overload IsAuthorized passing both the bool arguments as false.
IsAuthorizedAsync(permissionCode,cancellationToken,idContainers)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| idContainers | System.Object[] | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
This method invokes its other overload IsAuthorized passing both the bool arguments as false.
IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| idContainers | System.Boolean | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
| possessesPermissionCheckIfNoIdParamProvided | System.Object[] | Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.
IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers,cancellationToken,possessesPermissionCheckIfNoIdParamProvided)
Summary
Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| doNotPerformGeneralPermitCheck | System.Boolean | Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already. |
| doNotPerformPossessesPermissionCheck | System.Boolean | Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission. |
| idContainers | System.Boolean | One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
| possessesPermissionCheckIfNoIdParamProvided | System.Object[] | Indicates whether to perform just the PossessesPermission check in case idContainers has no valid identifier and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When permissionCode is null/empty/whitespace. |
| System.ArgumentException | When idContainers is null/empty. |
Remarks
Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.
IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | | |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided,cancellationToken)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | | |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
IsSuspendedAsync(permissionCode,idMembers)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension
IsSuspendedAsync(permissionCode,idMembers,cancellationToken)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{`0} | The entityIds collection. | | |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension
GetReferencesAsync(idMembers)
Summary
Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.
Returns
A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.
Parameters
| Name | Type | Description |
|---|---|---|
| idMembers | System.Collections.Generic.HashSet{`0} | The entityId members. | |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null. |
| System.InvalidOperationException | When an entityId has no references loader implemented and couldn’t be added as a self reference either. |
Remarks
Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection.
If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.
GetReferencesAsync(idMembers,cancellationToken)
Summary
Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.
Returns
A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.
Parameters
| Name | Type | Description |
|---|---|---|
| idMembers | System.Collections.Generic.HashSet{`0} | The entityId members. | | |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null. |
| System.InvalidOperationException | When an entityId has no references loader implemented and couldn’t be added as a self reference either. |
Remarks
Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection.
If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorized(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspended(permissionCode,idMembers)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorizedAsync(permissionCode,idMembers,possessesPermissionCheckIfNoIdParamProvided,cancellationToken)
Summary
Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.
Returns
AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
| possessesPermissionCheckIfNoIdParamProvided | System.Boolean | Indicates whether to perform just the PossessesPermission check in case idMembers has no item and consider as authorized if the check passes. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspendedAsync(permissionCode,idMembers)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension
ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspendedAsync(permissionCode,idMembers,cancellationToken)
Summary
Performs the entity suspension check based on the given entityIds. See remarks for more details.
Returns
AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.
Parameters
| Name | Type | Description |
|---|---|---|
| permissionCode | System.String | The permission code. |
| idMembers | System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} | The entityIds collection. |
| cancellationToken | System.Threading.CancellationToken | The cancellation token. |
Exceptions
| Type | Description |
|---|---|
| System.ArgumentNullException | When idMembers is null or permissionCode is null/empty/whitespace. |
Remarks
The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/suspension/#entity-suspension