Azure
diff --git a/‎src/Auth/AuthorizationMetadataHelpers.cs‎
Lines changed: 54 additions & 55 deletions b/‎src/Auth/AuthorizationMetadataHelpers.cs‎
Lines changed: 54 additions & 55 deletions
diff --git a/‎src/Auth/IAuthorizationResolver.cs‎
Lines changed: 102 additions & 103 deletions b/‎src/Auth/IAuthorizationResolver.cs‎
Lines changed: 102 additions & 103 deletions
@@ -3,70 +3,69 @@
 
 using Azure.DataApiBuilder.Config.ObjectModel;
 
-namespace Azure.DataApiBuilder.Auth
+namespace Azure.DataApiBuilder.Auth;
+
+/// <summary>
+/// Represents the permission metadata of an entity.
+/// An entity's top-level permission structure is a collection
+/// of roles.
+/// </summary>
+public class EntityMetadata
 {
     /// <summary>
-    /// Represents the permission metadata of an entity.
-    /// An entity's top-level permission structure is a collection
-    /// of roles.
+    /// Given the key (roleName) returns the associated RoleMetadata object.
+    /// To retrieve all roles associated with an entity -> RoleToOperationMap.Keys().
+    /// Since the roleNames are case insensitive, we use IEqualityComparer for ignoring
+    /// the case.
     /// </summary>
-    public class EntityMetadata
-    {
-        /// <summary>
-        /// Given the key (roleName) returns the associated RoleMetadata object.
-        /// To retrieve all roles associated with an entity -> RoleToOperationMap.Keys().
-        /// Since the roleNames are case insensitive, we use IEqualityComparer for ignoring
-        /// the case.
-        /// </summary>
-        public Dictionary<string, RoleMetadata> RoleToOperationMap { get; set; } = new(StringComparer.OrdinalIgnoreCase);
-
-        /// <summary>
-        /// Field to operation to role mapping.
-        /// Given the key (Field aka. column name) returns a key/value collection of operation to Roles
-        /// i.e. ID column
-        /// Key(field): id -> Dictionary(operations)
-        ///     each entry in the dictionary contains operation to role map.
-        ///     Create: permitted in {Role1, Role2, ..., RoleN}
-        ///     Delete: permitted in {Role1, RoleN}
-        /// </summary>
-        public Dictionary<string, Dictionary<EntityActionOperation, List<string>>> FieldToRolesMap { get; set; } = new();
+    public Dictionary<string, RoleMetadata> RoleToOperationMap { get; set; } = new(StringComparer.OrdinalIgnoreCase);
 
-        /// <summary>
-        /// Given the key (operation) returns a collection of roles
-        /// defining config permissions for the operation.
-        /// i.e. Read operation is permitted in {Role1, Role2, ..., RoleN}
-        /// </summary>
-        public Dictionary<EntityActionOperation, List<string>> OperationToRolesMap { get; set; } = new();
+    /// <summary>
+    /// Field to operation to role mapping.
+    /// Given the key (Field aka. column name) returns a key/value collection of operation to Roles
+    /// i.e. ID column
+    /// Key(field): id -> Dictionary(operations)
+    ///     each entry in the dictionary contains operation to role map.
+    ///     Create: permitted in {Role1, Role2, ..., RoleN}
+    ///     Delete: permitted in {Role1, RoleN}
+    /// </summary>
+    public Dictionary<string, Dictionary<EntityActionOperation, List<string>>> FieldToRolesMap { get; set; } = new();
 
-        /// <summary>
-        /// Set of Http verbs enabled for Stored Procedure entities that have their REST endpoint enabled.
-        /// </summary>
-        public HashSet<SupportedHttpVerb> StoredProcedureHttpVerbs { get; set; } = new();
-    }
+    /// <summary>
+    /// Given the key (operation) returns a collection of roles
+    /// defining config permissions for the operation.
+    /// i.e. Read operation is permitted in {Role1, Role2, ..., RoleN}
+    /// </summary>
+    public Dictionary<EntityActionOperation, List<string>> OperationToRolesMap { get; set; } = new();
 
     /// <summary>
-    /// Represents the permission metadata of a role
-    /// A role's top-level permission structure is a collection of
-    /// Operations allowed for that role: Create, Read, Update, Delete, All (wildcard operation)
+    /// Set of Http verbs enabled for Stored Procedure entities that have their REST endpoint enabled.
     /// </summary>
-    public class RoleMetadata
-    {
-        /// <summary>
-        /// Given the key (operation) returns the associated OperationMetadata object.
-        /// </summary>
-        public Dictionary<EntityActionOperation, OperationMetadata> OperationToColumnMap { get; set; } = new();
-    }
+    public HashSet<SupportedHttpVerb> StoredProcedureHttpVerbs { get; set; } = new();
+}
 
+/// <summary>
+/// Represents the permission metadata of a role
+/// A role's top-level permission structure is a collection of
+/// Operations allowed for that role: Create, Read, Update, Delete, All (wildcard operation)
+/// </summary>
+public class RoleMetadata
+{
     /// <summary>
-    /// Represents the permission metadata of an operation
-    /// An operation lists both columns that are included and/or excluded
-    /// for that operation.
+    /// Given the key (operation) returns the associated OperationMetadata object.
     /// </summary>
-    public class OperationMetadata
-    {
-        public string? DatabasePolicy { get; set; }
-        public HashSet<string> Included { get; set; } = new();
-        public HashSet<string> Excluded { get; set; } = new();
-        public HashSet<string> AllowedExposedColumns { get; set; } = new();
-    }
+    public Dictionary<EntityActionOperation, OperationMetadata> OperationToColumnMap { get; set; } = new();
+}
+
+/// <summary>
+/// Represents the permission metadata of an operation
+/// An operation lists both columns that are included and/or excluded
+/// for that operation.
+/// </summary>
+public class OperationMetadata
+{
+    public string? DatabasePolicy { get; set; }
+    public HashSet<string> Included { get; set; } = new();
+    public HashSet<string> Excluded { get; set; } = new();
+    public HashSet<string> AllowedExposedColumns { get; set; } = new();
 }
@@ -4,123 +4,122 @@
 using Azure.DataApiBuilder.Config.ObjectModel;
 using Microsoft.AspNetCore.Http;
 
-namespace Azure.DataApiBuilder.Auth
+namespace Azure.DataApiBuilder.Auth;
+
+/// <summary>
+/// Interface for authorization decision-making. Each method performs lookups within a
+/// structure representing permissions defined in the runtime config.
+/// </summary>
+public interface IAuthorizationResolver
 {
     /// <summary>
-    /// Interface for authorization decision-making. Each method performs lookups within a
-    /// structure representing permissions defined in the runtime config.
+    /// Representation of authorization permissions for each entity in the runtime config.
     /// </summary>
-    public interface IAuthorizationResolver
-    {
-        /// <summary>
-        /// Representation of authorization permissions for each entity in the runtime config.
-        /// </summary>
-        public Dictionary<string, EntityMetadata> EntityPermissionsMap { get; }
+    public Dictionary<string, EntityMetadata> EntityPermissionsMap { get; }
 
-        /// <summary>
-        /// Checks for the existence of the client role header in httpContext.Request.Headers
-        /// and evaluates that header against the authenticated (httpContext.User)'s roles
-        /// </summary>
-        /// <param name="httpContext">Contains request headers and metadata of the authenticated user.</param>
-        /// <returns>True, if client role header exists and matches authenticated user's roles.</returns>
-        public bool IsValidRoleContext(HttpContext httpContext);
+    /// <summary>
+    /// Checks for the existence of the client role header in httpContext.Request.Headers
+    /// and evaluates that header against the authenticated (httpContext.User)'s roles
+    /// </summary>
+    /// <param name="httpContext">Contains request headers and metadata of the authenticated user.</param>
+    /// <returns>True, if client role header exists and matches authenticated user's roles.</returns>
+    public bool IsValidRoleContext(HttpContext httpContext);
 
-        /// <summary>
-        /// Checks if the permissions collection of the requested entity
-        /// contains an entry for the role defined in the client role header.
-        /// </summary>
-        /// <param name="entityIdentifier">Entity from request. This could be the name of the entity or it could be the GraphQL type name, depending on the entry point.</param>
-        /// <param name="roleName">Role defined in client role header</param>
-        /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
-        /// <returns>True, if a matching permission entry is found.</returns>
-        public bool AreRoleAndOperationDefinedForEntity(string entityIdentifier, string roleName, EntityActionOperation operation);
+    /// <summary>
+    /// Checks if the permissions collection of the requested entity
+    /// contains an entry for the role defined in the client role header.
+    /// </summary>
+    /// <param name="entityIdentifier">Entity from request. This could be the name of the entity or it could be the GraphQL type name, depending on the entry point.</param>
+    /// <param name="roleName">Role defined in client role header</param>
+    /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
+    /// <returns>True, if a matching permission entry is found.</returns>
+    public bool AreRoleAndOperationDefinedForEntity(string entityIdentifier, string roleName, EntityActionOperation operation);
 
-        /// <summary>
-        /// Any columns referenced in a request's headers, URL(filter/orderby/routes), and/or body
-        /// are compared against the include/excluded column permission defined for the entityName->roleName->operation
-        /// </summary>
-        /// <param name="entityIdentifier">Entity from request</param>
-        /// <param name="roleName">Role defined in client role header</param>
-        /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
-        /// <param name="columns">Compiled list of any column referenced in a request</param>
-        /// <returns></returns>
-        public bool AreColumnsAllowedForOperation(string entityIdentifier, string roleName, EntityActionOperation operation, IEnumerable<string> columns);
+    /// <summary>
+    /// Any columns referenced in a request's headers, URL(filter/orderby/routes), and/or body
+    /// are compared against the include/excluded column permission defined for the entityName->roleName->operation
+    /// </summary>
+    /// <param name="entityIdentifier">Entity from request</param>
+    /// <param name="roleName">Role defined in client role header</param>
+    /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
+    /// <param name="columns">Compiled list of any column referenced in a request</param>
+    /// <returns></returns>
+    public bool AreColumnsAllowedForOperation(string entityIdentifier, string roleName, EntityActionOperation operation, IEnumerable<string> columns);
 
-        /// <summary>
-        /// Method to return the list of exposed columns for the given combination of
-        /// entityName, roleName, operation.
-        /// </summary>
-        /// <param name="entityName">Entity from request</param>
-        /// <param name="roleName">Role defined in client role header</param>
-        /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
-        /// <returns></returns>
-        public IEnumerable<string> GetAllowedExposedColumns(string entityName, string roleName, EntityActionOperation operation);
+    /// <summary>
+    /// Method to return the list of exposed columns for the given combination of
+    /// entityName, roleName, operation.
+    /// </summary>
+    /// <param name="entityName">Entity from request</param>
+    /// <param name="roleName">Role defined in client role header</param>
+    /// <param name="operation">Operation type: Create, Read, Update, Delete</param>
+    /// <returns></returns>
+    public IEnumerable<string> GetAllowedExposedColumns(string entityName, string roleName, EntityActionOperation operation);
 
-        /// <summary>
-        /// Retrieves the policy of an operation within an entity's role entry
-        /// within the permissions section of the runtime config, and tries to process
-        /// the policy.
-        /// </summary>
-        /// <param name="entityName">Entity from request.</param>
-        /// <param name="roleName">Role defined in client role header.</param>
-        /// <param name="operation">Operation type: Create, Read, Update, Delete.</param>
-        /// <param name="httpContext">Contains token claims of the authenticated user used in policy evaluation.</param>
-        /// <returns>Returns the parsed policy, if successfully processed, or an exception otherwise.</returns>
-        public string ProcessDBPolicy(string entityName, string roleName, EntityActionOperation operation, HttpContext httpContext);
+    /// <summary>
+    /// Retrieves the policy of an operation within an entity's role entry
+    /// within the permissions section of the runtime config, and tries to process
+    /// the policy.
+    /// </summary>
+    /// <param name="entityName">Entity from request.</param>
+    /// <param name="roleName">Role defined in client role header.</param>
+    /// <param name="operation">Operation type: Create, Read, Update, Delete.</param>
+    /// <param name="httpContext">Contains token claims of the authenticated user used in policy evaluation.</param>
+    /// <returns>Returns the parsed policy, if successfully processed, or an exception otherwise.</returns>
+    public string ProcessDBPolicy(string entityName, string roleName, EntityActionOperation operation, HttpContext httpContext);
 
-        /// <summary>
-        /// Get list of roles defined for entity within runtime configuration.. This is applicable for GraphQL when creating authorization
-        /// directive on Object type.
-        /// </summary>
-        /// <param name="entityName">Name of entity.</param>
-        /// <returns>Collection of role names.</returns>
-        public IEnumerable<string> GetRolesForEntity(string entityName);
+    /// <summary>
+    /// Get list of roles defined for entity within runtime configuration.. This is applicable for GraphQL when creating authorization
+    /// directive on Object type.
+    /// </summary>
+    /// <param name="entityName">Name of entity.</param>
+    /// <returns>Collection of role names.</returns>
+    public IEnumerable<string> GetRolesForEntity(string entityName);
 
-        /// <summary>
-        /// Returns the collection of roles which can perform {operation} the provided field.
-        /// Applicable to GraphQL field directive @authorize on ObjectType fields.
-        /// </summary>
-        /// <param name="entityName">EntityName whose operationMetadata will be searched.</param>
-        /// <param name="field">Field to lookup operation permissions</param>
-        /// <param name="operation">Specific operation to get collection of roles</param>
-        /// <returns>Collection of role names allowed to perform operation on Entity's field.</returns>
-        public IEnumerable<string> GetRolesForField(string entityName, string field, EntityActionOperation operation);
+    /// <summary>
+    /// Returns the collection of roles which can perform {operation} the provided field.
+    /// Applicable to GraphQL field directive @authorize on ObjectType fields.
+    /// </summary>
+    /// <param name="entityName">EntityName whose operationMetadata will be searched.</param>
+    /// <param name="field">Field to lookup operation permissions</param>
+    /// <param name="operation">Specific operation to get collection of roles</param>
+    /// <returns>Collection of role names allowed to perform operation on Entity's field.</returns>
+    public IEnumerable<string> GetRolesForField(string entityName, string field, EntityActionOperation operation);
 
-        /// <summary>
-        /// Returns whether the httpVerb (GET, POST, PUT, PATCH, DELETE) is allowed to be performed
-        /// on the stored procedure (represented by entityName) for the role: roleName.
-        /// </summary>
-        /// <param name="entityName"></param>
-        /// <param name="roleName"></param>
-        /// <param name="httpVerb"></param>
-        /// <returns>True if the execution of the stored procedure is permitted. Otherwise, false.</returns>
-        public bool IsStoredProcedureExecutionPermitted(string entityName, string roleName, SupportedHttpVerb httpVerb);
+    /// <summary>
+    /// Returns whether the httpVerb (GET, POST, PUT, PATCH, DELETE) is allowed to be performed
+    /// on the stored procedure (represented by entityName) for the role: roleName.
+    /// </summary>
+    /// <param name="entityName"></param>
+    /// <param name="roleName"></param>
+    /// <param name="httpVerb"></param>
+    /// <returns>True if the execution of the stored procedure is permitted. Otherwise, false.</returns>
+    public bool IsStoredProcedureExecutionPermitted(string entityName, string roleName, SupportedHttpVerb httpVerb);
 
-        /// <summary>
-        /// Returns a list of roles which define permissions for the provided operation.
-        /// i.e. list of roles which allow the operation 'Read' on entityName.
-        /// </summary>
-        /// <param name="entityName">Entity to lookup permissions</param>
-        /// <param name="operation">Operation to lookup applicable roles</param>
-        /// <returns>Collection of roles. Empty list if entityPermissionsMap is null.</returns>
-        public static IEnumerable<string> GetRolesForOperation(
-            string entityName,
-            EntityActionOperation operation,
-            Dictionary<string, EntityMetadata>? entityPermissionsMap)
+    /// <summary>
+    /// Returns a list of roles which define permissions for the provided operation.
+    /// i.e. list of roles which allow the operation 'Read' on entityName.
+    /// </summary>
+    /// <param name="entityName">Entity to lookup permissions</param>
+    /// <param name="operation">Operation to lookup applicable roles</param>
+    /// <returns>Collection of roles. Empty list if entityPermissionsMap is null.</returns>
+    public static IEnumerable<string> GetRolesForOperation(
+        string entityName,
+        EntityActionOperation operation,
+        Dictionary<string, EntityMetadata>? entityPermissionsMap)
+    {
+        if (entityName is null)
         {
-            if (entityName is null)
-            {
-                throw new ArgumentNullException(paramName: nameof(entityName));
-            }
-
-            if (entityPermissionsMap is not null &&
-                entityPermissionsMap[entityName].OperationToRolesMap.TryGetValue(operation, out List<string>? roleList) &&
-                roleList is not null)
-            {
-                return roleList;
-            }
+            throw new ArgumentNullException(paramName: nameof(entityName));
+        }
 
-            return new List<string>();
+        if (entityPermissionsMap is not null &&
+            entityPermissionsMap[entityName].OperationToRolesMap.TryGetValue(operation, out List<string>? roleList) &&
+            roleList is not null)
+        {
+            return roleList;
         }
+
+        return new List<string>();
     }
 }