EntityIdAuthorizer<TIdMemberReference>

Members

Namespace: ASPSecurityKit.Authorization
Assembly: ASPSecurityKit.dll

Summary

Implements IEntityIdAuthorizer to provide data authorization capabilities on operation parameters, request DTOs etc. in conjunction with IReferencesProvider<TIdMemberReference>.

Generic Types
Name Description
TIdMemberReference The concrete type that implements IIdMemberReference model.
Remarks

At a high level, data authorization is performed as follows:

  • Traverse through the given object/parameters (including their nested properties in case of complex type) and capture the special parameters/properties (having a non-nul value or at least one element in case of collections) that are deemed as identifiers (entityIds).

  • Obtain related references using IReferencesProvider<TIdMemberReference> for each such captured entityId if a loader is available for it; otherwise, just use that entityId value. Related references are usually ancestors, or higher level entityIds in terms of entity relationship hierarchy, which can be used to authorize operations on child or lower level entityIds.

  • Authorize each such entityId using its related references collection via IsAuthorized. Only one permitted reference is enough to authorize an entityId for the current operation.

  • If any of the entityIds couldn’t be authorized, Failed will be returned with Unauthorized, DoNotOwnEntityIds and AuthError collection having unauthorized entityId(s) information.

  • Finally, perform The entity suspension check using IsSuspended and report the failure if any. For detailed information, visit https://ASPSecurityKit.net/docs/article/how-to-perform-activity-based-data-aware-authorization/

Constructors

#ctor(userService,referencesProvider,suspensionService,errorResourceProvider)

Summary

Initializes a new instance of the EntityIdAuthorizer<TIdMemberReference> class.

Parameters
Name Type Description
userService ASPSecurityKit.IUserService The user service.
referencesProvider ASPSecurityKit.Authorization.IReferencesProvider{`0} The references provider.
suspensionService ASPSecurityKit.ISuspensionService The suspension service.
errorResourceProvider ASPSecurityKit.IErrorMessageResourceProvider The error resource provider.

Properties

IdMemberSelectorRegexPattern

Summary

Gets or sets the Regex pattern that is used by the default implementation of IdMemberSelector to match members (properties/parameters) as identifiers (entityIds).

Value

The Regex pattern.

Remarks

The default pattern matches anything that is either id/username/urn/userid/entityid or ends with any of these (Except for the Id, the casing of these terms doesn’t matter; but id requires that ‘I’ be uppercase to match as a suffix).

IdMemberSelector

Summary

Gets or sets the predicate that’s used to determine whether the provided member (property/parameter) represents an identifier (entityId).

Value

A Func`2 instance with MemberInfo as input and Boolean as out generic arguments.

Remarks

The default predicate selects the member if it satisfies following conditions:

Methods

Authorize(permissionCode,method,arguments,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

Authorize(permissionCode,dto,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

TraverseAndCapture(member,idMembers,traversed)

Summary

Traverses the given member and its nested hierarchy recursively, and captures members that are deemed as identifiers (entityIds) into the given members collection.

Parameters
Name Type Description
member ASPSecurityKit.Authorization.MemberInfo The current member instance during the recursion.
idMembers System.Collections.Generic.HashSet{`0} | A collection into which members deemed as entityIds to be added. |
traversed System.Collections.Generic.HashSet<System.Object> A collection to track already traversed members to avoid infinite recursion loop.

IsAuthorized(permissionCode,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorized(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorized(permissionCode,idMembers)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsSuspended(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension

GetReferences(idMembers)

Summary

Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.

Returns

A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.

Parameters
Name Type Description
idMembers System.Collections.Generic.HashSet{`0} | The entityId members. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null.
System.InvalidOperationException When an entityId has no references loader implemented and couldn’t be added as a self reference either.
Remarks

Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection. If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.

ShouldAuthorizeEntityIds(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,result)

Summary

Determines whether the data (entityIds in the request) authorization be performed. See the parameters that control the conditions to be evaluated for this purpose.

Returns

true if data authorization is required; otherwise, false.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, data authorization needs not be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, data authorization needs not be performed as the current identity is deemed unauthorized on all records for the associated permission.
result [email protected] An AuthResult instance if return value is false.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.

GetIdMembers(idContainers)

Summary

Extracts entityIds mentioned as properties in the given container objects. Duplicate entityIds (having the same name and value) will be ignored provided that the TIdMemberReference implements the GetHashCode function based on MemberName and ValueString.

Returns

A HashSet`1 with TIdMemberReference as the generic argument, consisting of all the properties found in the given container(s), having a non-nul value (or at least one element in case of collections).

Parameters
Name Type Description
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize.
Exceptions
Type Description
System.ArgumentNullException When idContainers is null.

ToPairsList(o)

Summary

Extracts the properties within the given object into a KeyValuePair`2 collection.

Returns

A KeyValuePair`2 list with each item representing a property in the given object – key as the property name and value as the property value.

Parameters
Name Type Description
o System.Object The object instance whose properties need to be extracted.
Exceptions
Type Description
System.ArgumentNullException When o is null.

AuthorizeAsync(permissionCode,method,arguments,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,method,arguments,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,cancellationToken)

Summary

Performs data authorization on the operation’s parameters. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
method System.Reflection.MethodInfo The method.
arguments System.Collections.Generic.IDictionary{System.String,System.Object} The operation’s arguments.
doNotPerformGeneralPermitCheck System.Threading.CancellationToken Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
cancellationToken System.Boolean The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When method or arguments is null, or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,dto,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

AuthorizeAsync(permissionCode,dto,cancellationToken,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck)

Summary

Performs data authorization on the given request DTO. See IEntityIdAuthorizer remarks to learn about the flow.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
dto System.Object The request DTO object.
cancellationToken System.Threading.CancellationToken The cancellation token.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false (the default) and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false (the default) and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
Exceptions
Type Description
System.ArgumentNullException When dto is null or permissionCode is null/empty/whitespace.

IsAuthorizedAsync(permissionCode,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorizedAsync(permissionCode,cancellationToken,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. See IsAuthorized overload for more details.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
cancellationToken System.Threading.CancellationToken The cancellation token.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

This method invokes its other overload IsAuthorized passing both the bool arguments as false.

IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorizedAsync(permissionCode,doNotPerformGeneralPermitCheck,doNotPerformPossessesPermissionCheck,cancellationToken,idContainers)

Summary

Performs data authorization on the entityIds mentioned as properties in the given container objects. Though all properties are assumed to be entityId properties, yet only properties having a non-nul value (or at least one element in case of collections) will be considered. If you’re looking to select specific properties as entityIds, use Authorize method instead.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure.

Parameters
Name Type Description
permissionCode System.String The permission code.
doNotPerformGeneralPermitCheck System.Boolean Indicates whether or not general permit based authorization is performed. If set to false and the current identity has a general permit with the given permissionCode, no data authorization will be performed as the current identity is deemed authorized on all records for the associated permission already.
doNotPerformPossessesPermissionCheck System.Boolean Indicates whether or not possesses permission check is performed. If set to false and the current identity does not have any permit with the given permissionCode, no data authorization will be performed as the current identity is deemed unauthorized on all records for the associated permission.
cancellationToken System.Threading.CancellationToken The cancellation token.
idContainers System.Object[] One or more container objects (usually anonymous types) each of which just contains entityId properties to authorize. Only properties having a non-nul value (or at least one element in case of collections) will be considered.
Exceptions
Type Description
System.ArgumentNullException When permissionCode is null/empty/whitespace.
System.ArgumentException When idContainers is null/empty.
Remarks

Use this method from authDefinitions, for example, to authorize entityIds using the flow mentioned on IEntityIdAuthorizer. For instance you can call IsAuthorized(permissionCode, false, false, new { UserId = someObj.Id, someObj.ClientId },..). Only properties having a non-nul value (or at least one element in case of collections) will be considered. See IEntityIdAuthorizer remarks for more information.

IsAuthorizedAsync(permissionCode,idMembers)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsAuthorizedAsync(permissionCode,idMembers,cancellationToken)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

IsSuspendedAsync(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension

IsSuspendedAsync(permissionCode,idMembers,cancellationToken)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{`0} | The entityIds collection. |
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension

GetReferencesAsync(idMembers)

Summary

Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.

Returns

A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.

Parameters
Name Type Description
idMembers System.Collections.Generic.HashSet{`0} | The entityId members. |
Exceptions
Type Description
System.ArgumentNullException When idMembers is null.
System.InvalidOperationException When an entityId has no references loader implemented and couldn’t be added as a self reference either.
Remarks

Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection. If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.

GetReferencesAsync(idMembers,cancellationToken)

Summary

Obtains all the final collection of entityIds and their related references to be authorized based on the given entityIds using IReferencesProvider<TIdMemberReference>. See remarks for more details.

Returns

A HashSet`1 with TIdMemberReference as the generic argument, comprising entityIds (with their related references) each of which needs to be authorized.

Parameters
Name Type Description
idMembers System.Collections.Generic.HashSet{`0} | The entityId members. |
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null.
System.InvalidOperationException When an entityId has no references loader implemented and couldn’t be added as a self reference either.
Remarks

Typically each entityId in the given collection is returned with its related references filled in by the references provider; however, if an entityId value Value is a collection of entityIds, the references provider may likely return a collection of TIdMemberReference which will be added to the returned collection. If a references loader is not defined for an entityId (as determined by IsDefinedFor), the entityId is added as a self reference using AddSelfAsReference. If that too fails, throws an InvalidOperationException.

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorized(permissionCode,idMembers)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspended(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorizedAsync(permissionCode,idMembers)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsAuthorizedAsync(permissionCode,idMembers,cancellationToken)

Summary

Authorizes the given permission and entityIds against the loaded permit set (using IsAuthorized). To authorize an entityId, its References collection will be used. Only one permitted reference is enough to authorize an entityId.

Returns

AuthResult instance with Code as Success if the current identity has the necessary permit; otherwise, a possible reason of failure (likely Unauthorized).

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation may return one of the following error messages for failure: DoNotOwnEntityIds, DidNotProvideRequiredEntityId, DoNotPossessPermission or Unauthorized depending on the failure reason. Once entityIds are authorized, The entity suspension check is invoked on them using IsSuspended.

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspendedAsync(permissionCode,idMembers)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension

ASPSecurityKit#Authorization#IEntityIdAuthorizer#IsSuspendedAsync(permissionCode,idMembers,cancellationToken)

Summary

Performs the entity suspension check based on the given entityIds. See remarks for more details.

Returns

AuthResult instance with Code as Success if the given entityIds and their related references have no suspension being enforced; otherwise, Suspended) with FailureDescription as EntitiesSuspended and Errors containing list of details about suspended entityIds.

Parameters
Name Type Description
permissionCode System.String The permission code.
idMembers System.Collections.Generic.HashSet{ASPSecurityKit.Authorization.IIdMemberReference} The entityIds collection.
cancellationToken System.Threading.CancellationToken The cancellation token.
Exceptions
Type Description
System.ArgumentNullException When idMembers is null or permissionCode is null/empty/whitespace.
Remarks

The default implementation works as follows: First, a call to GetSuspendedIds is made to get a list of ISuspendedId. Second, for each suspendedId received, a call is made to IsAllowed to determine if suspended id is permitted for the requested operation based on exclusion rules. Last, if there’s any suspended id left, the same is reported as per mentioned in return docs. For detailed information, visit https://ASPSecurityKit.net/docs/article/suspension/#entity-suspension