AnyPolicies

Author: Jakab László

src/AutSoft.Core/AnyPolicies/AnyPoliciesAuthorizationHandler.cs

@@ -0,0 +1,44 @@
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace AutSoft.Common.AnyPolicies;
+
+/// <summary>
+/// Evulate the policies in the <see cref="AnyPoliciesRequirement"/> with OR relationship,
+/// so it is enough for a policy to pass the test
+/// </summary>
+public class AnyPoliciesAuthorizationHandler : AuthorizationHandler<AnyPoliciesRequirement>
+{
+    private readonly IServiceProvider _serviceProvider;
+
+    /// <summary>
+    /// Initialize a new instance of the <see cref="AnyPoliciesAuthorizationHandler"/> class.
+    /// </summary>
+    /// <param name="serviceProvider">An instance of <see cref="IServiceProvider"/></param>
+    /// <remarks>
+    /// Not possible to inject <see cref="IAuthorizationService"/>, because it would be a circular reference
+    /// </remarks>
+    public AnyPoliciesAuthorizationHandler(IServiceProvider serviceProvider)
+    {
+        _serviceProvider = serviceProvider;
+    }
+
+    /// <summary>
+    /// Evulate the policies in the <see cref="AnyPoliciesRequirement"/> with OR relationship,
+    /// with the help of <see cref="IAuthorizationService"/>
+    /// </summary>
+    protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AnyPoliciesRequirement requirement)
+    {
+        var authorizationService = _serviceProvider.GetRequiredService<IAuthorizationService>();
+
+        foreach (var policy in requirement.Policies)
+        {
+            var result = await authorizationService.AuthorizeAsync(context.User, context.Resource, policy);
+            if (result.Succeeded)
+            {
+                context.Succeed(requirement);
+                return;
+            }
+        }
+    }
+}

src/AutSoft.Core/AnyPolicies/AnyPoliciesAuthorizeAttribute.cs

@@ -0,0 +1,39 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace AutSoft.Common.AnyPolicies;
+
+/// <summary>
+/// The policies, which are specified in the constructor or <see cref="Policies"/> property
+/// will be evulated with OR condition with help of <see cref="AnyPoliciesAuthorizationHandler"/>
+/// </summary>
+/// <remarks>
+/// The policies will be evulated in a new dinamically generated policy,
+/// what the <see cref="AnyPoliciesPolicyProvider"/> class generate.
+/// </remarks>
+public class AnyPoliciesAuthorizeAttribute : AuthorizeAttribute
+{
+    private string[] _policies = Array.Empty<string>();
+
+    /// <summary>
+    /// The policies in OR relationship
+    /// </summary>
+    public string[] Policies
+    {
+        get => _policies;
+
+        set
+        {
+            _policies = value;
+            Policy = AnyPoliciesPolicyProvider.GenerateDynamicPolicy(_policies);
+        }
+    }
+
+    /// <summary>
+    /// Initialize a new instance of the <see cref="AnyPoliciesAuthorizeAttribute"/> class.
+    /// </summary>
+    /// <param name="policies">The policies in OR relationship</param>
+    public AnyPoliciesAuthorizeAttribute(params string[] policies)
+    {
+        Policies = policies;
+    }
+}

src/AutSoft.Core/AnyPolicies/AnyPoliciesPolicyProvider.cs

@@ -0,0 +1,88 @@
+using Microsoft.AspNetCore.Authentication.JwtBearer;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.Extensions.Options;
+
+namespace AutSoft.Common.AnyPolicies;
+
+/// <summary>
+/// Dynamically generate policies based on <see cref="AnyPoliciesAuthorizeAttribute"/>,
+/// that will contain a <see cref="AnyPoliciesRequirement"/> requirement.
+/// For anything not <see cref="AnyPoliciesAuthorizeAttribute"/>,
+/// the default policy provider (<see cref="DefaultAuthorizationPolicyProvider"/>) will return the policy.
+/// </summary>
+public class AnyPoliciesPolicyProvider : IAuthorizationPolicyProvider
+{
+    /// <summary>
+    /// Prefix of dinamically generated policy's name
+    /// </summary>
+    public const string PolicyPrefix = "AnyPolicies_";
+
+    private readonly DefaultAuthorizationPolicyProvider _fallbackPolicyProvider;
+
+    /// <summary>
+    /// Initialize a new instance of <see cref="AnyPoliciesPolicyProvider"/> class.
+    /// </summary>
+    /// <param name="options">Options of provider</param>
+    public AnyPoliciesPolicyProvider(IOptions<AuthorizationOptions> options)
+    {
+        _fallbackPolicyProvider = new DefaultAuthorizationPolicyProvider(options);
+    }
+
+    /// <summary>
+    /// Return with the name of policies from the name of dynamic policy
+    /// </summary>
+    /// <param name="dynamicPolicyName">The name of dinamic policy</param>
+    /// <returns>The name of policies</returns>
+    public static IEnumerable<string> GetPolicyNamesFromDynamicPolicy(string dynamicPolicyName)
+    {
+        return dynamicPolicyName[PolicyPrefix.Length..].Split(',');
+    }
+
+    /// <summary>
+    /// Generate a dynamic policy with the OR combine of policies
+    /// </summary>
+    /// <param name="policies">The policies to be combine</param>
+    /// <returns>The dynamic policy</returns>
+    public static string GenerateDynamicPolicy(IEnumerable<string> policies)
+    {
+        return PolicyPrefix + string.Join(",", policies);
+    }
+
+    /// <summary>
+    /// Return with the default authorization policy
+    /// </summary>
+    /// <returns>The default authorization policy</returns>
+    public Task<AuthorizationPolicy> GetDefaultPolicyAsync()
+    {
+        return _fallbackPolicyProvider.GetDefaultPolicyAsync();
+    }
+
+    /// <summary>
+    /// Return with the authorization policy with the specified policy name
+    /// </summary>
+    /// <param name="policyName">The specified policy name</param>
+    /// <returns>The authorization policy with the specified name</returns>
+    public Task<AuthorizationPolicy?> GetPolicyAsync(string policyName)
+    {
+        if (policyName.StartsWith(PolicyPrefix, StringComparison.OrdinalIgnoreCase))
+        {
+            var policies = GetPolicyNamesFromDynamicPolicy(policyName).ToArray();
+            var policy = new AuthorizationPolicyBuilder().AddRequirements(new AnyPoliciesRequirement(policies));
+
+            policy.AuthenticationSchemes.Add(JwtBearerDefaults.AuthenticationScheme);
+
+            return Task.FromResult((AuthorizationPolicy?)policy.Build());
+        }
+
+        return _fallbackPolicyProvider.GetPolicyAsync(policyName);
+    }
+
+    /// <summary>
+    /// Return with the fallback policy
+    /// </summary>
+    /// <returns>The fallback policy</returns>
+    public Task<AuthorizationPolicy?> GetFallbackPolicyAsync()
+    {
+        return _fallbackPolicyProvider.GetFallbackPolicyAsync();
+    }
+}

src/AutSoft.Core/AnyPolicies/AnyPoliciesRequirement.cs

@@ -0,0 +1,23 @@
+using Microsoft.AspNetCore.Authorization;
+
+namespace AutSoft.Common.AnyPolicies;
+
+/// <summary>
+/// Requirement of wanted to combine OR authorizations
+/// </summary>
+public class AnyPoliciesRequirement : IAuthorizationRequirement
+{
+    /// <summary>
+    /// Initialize a new instance of <see cref="AnyPoliciesRequirement"/> class.
+    /// </summary>
+    /// <param name="policies">Array of policies to be combined</param>
+    public AnyPoliciesRequirement(params string[] policies)
+    {
+        Policies = policies;
+    }
+
+    /// <summary>
+    /// Policies to be combine OR
+    /// </summary>
+    public IEnumerable<string> Policies { get; }
+}

src/AutSoft.Core/AutSoft.Common.csproj

@@ -7,6 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" />
+    <PackageReference Include="Microsoft.AspNetCore.Authorization" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" />
     <PackageReference Include="Microsoft.EntityFrameworkCore" />
     <PackageReference Include="Stateless" />

src/AutSoft.Core/ServiceCollectionExtensions.cs

@@ -1,5 +1,7 @@
+using AutSoft.Common.AnyPolicies;
 using AutSoft.Common.Time;
 
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.DependencyInjection;
 
 namespace AutSoft.Common;
@@ -15,6 +17,11 @@ public static class ServiceCollectionExtensions
     /// <returns>Expanded service collection</returns>
     public static IServiceCollection AddAutSoftCommon(this IServiceCollection services)
     {
-        return services.AddSingleton<ITimeProvider, TimeProvider>();
+        services.AddSingleton<ITimeProvider, TimeProvider>();
+
+        services.AddSingleton<IAuthorizationPolicyProvider, AnyPoliciesPolicyProvider>();
+        services.AddSingleton<IAuthorizationHandler, AnyPoliciesAuthorizationHandler>();
+
+        return services;
     }
 }

src/Directory.Packages.props

@@ -7,6 +7,8 @@
   <ItemGroup>
     <PackageVersion Include="AutoMapper" Version="11.0.1" />
     <PackageVersion Include="EntityFrameworkCore.Scaffolding.Handlebars" Version="6.0.3" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.8" />
+    <PackageVersion Include="Microsoft.AspNetCore.Authorization" Version="6.0.8" />
     <PackageVersion Include="Microsoft.AspNetCore.Identity.EntityFrameworkCore" Version="6.0.8" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore" Version="6.0.8" />
     <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.8" />