kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve dynamic policy registration to handle possible race conditions

Browse Source
This commit is contained in:
Shaun Walker 2023-01-05 09:43:59 -05:00
parent 67046e9d36
commit 66aa67581f
1 changed files with 15 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Oqtane.Server/Security/AuthorizationPolicyProvider.cs
View File

@ -1,5 +1,4 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Options;
using Oqtane.Shared;
using System.Threading.Tasks;
@ -17,15 +16,15 @@ namespace Oqtane.Security
public override async Task<AuthorizationPolicy> GetPolicyAsync(string policyName)
{
// check static policies first
// get policy
policyName = GetPolicyName(policyName);
var policy = await base.GetPolicyAsync(policyName);
if (policy == null)
{
// policy names must be in the form of "EntityName:PermissionName:Roles" ie. "Module:Edit:Administrators" (roles are comma delimited)
if (policyName.Contains(':'))
{
// policy names must be in the form of "EntityName:PermissionName:Roles" ie. "Module:Edit:Administrators" (roles are comma delimited)
var policySegments = policyName.Split(':');
if (policySegments.Length >= 3)
{
@ -35,12 +34,21 @@ namespace Oqtane.Security
{
requireEntityId = true;
}
policy = new AuthorizationPolicyBuilder()
.AddRequirements(new PermissionRequirement(policySegments[0], policySegments[1], policySegments[2], requireEntityId))
.Build();
// create policy
var builder = new AuthorizationPolicyBuilder();
builder.AddRequirements(new PermissionRequirement(policySegments[0], policySegments[1], policySegments[2], requireEntityId));
policy = builder.Build();
// add policy to the AuthorizationOptions
_options.AddPolicy(policyName, policy);
try
{
_options.AddPolicy(policyName, policy);
}
catch
{
// race condition - policy already added by another thread
}
}
}
}