Skip to content

SharpGrip/AuthorizationChecker

BranchesTags

Repository files navigation

SharpGrip AuthorizationChecker NuGet

Builds

AuthorizationChecker [Build]

Quality Gate Status
Maintainability Rating
Reliability Rating
Security Rating
Coverage

Introduction

SharpGrip AuthorizationChecker is a security system that provides an easy and effective way to check access on objects.

Installation

Reference NuGet package SharpGrip.AuthorizationChecker (https://www.nuget.org/packages/SharpGrip.AuthorizationChecker).

Add the AuthorizationChecker security system to your service collection via the extension method.

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorizationChecker();
}

Configuration

Properties

Property Default value Description
AccessDecisionStrategy AccessDecisionStrategy.Affirmative The access decision strategy used to determine if a given mode is allowed on a given subject.
UnanimousVoteAllowIfAllAbstain false Configures the access result outcome on AccessDecisionStrategy.Unanimous access decision strategies if all the subject's voters abstain from voting.

Access decision strategies

Strategy Description
AccessDecisionStrategy.Affirmative Grants access as soon as there is one IVoter instance granting access.
AccessDecisionStrategy.Majority Grants access if there are more IVoter instances granting access than denying it.
AccessDecisionStrategy.Unanimous Grants access if there are no IVoter instances denying access.

Via the services.AddAuthorizationChecker() extension method

using SharpGrip.AuthorizationChecker.Extensions;
using SharpGrip.AuthorizationChecker.Options;

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorizationChecker(options =>
    {
        options.AccessDecisionStrategy = AccessDecisionStrategy.Majority;
        options.UnanimousVoteAllowIfAllAbstain = true;
    });
}

Via the services.Configure() method

using SharpGrip.AuthorizationChecker.Extensions;
using SharpGrip.AuthorizationChecker.Options;

public void ConfigureServices(IServiceCollection services)
{
    services.AddAuthorizationChecker();

    services.Configure<AuthorizationCheckerOptions>(options =>
    {
        options.AccessDecisionStrategy = AccessDecisionStrategy.Majority;
        options.UnanimousVoteAllowIfAllAbstain = true;
    });
}

Usage

Adding voters

Create a new class and implement either the IVoter<TSubject> or the IVoter<TSubject, TUser> interface.

IVoter<TSubject>

public class CarVoter : IVoter<Car>
{
    /// <summary>
    /// Determines if this <see cref="IVoter{TSubject}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+will+vote+on+the+mode+and+subject.%0A++++%2F%2F%2F+%26lt%3B%2Fsummary%26gt%3B%0A++++%2F%2F%2F+%26lt%3Bparam+name%3D"mode">The mode.</param>
    /// <param name="subject">The subject.</param>
    /// <returns>True if this <see cref="IVoter{TSubject}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+will+vote%2C+False+otherwise.%26lt%3B%2Freturns%26gt%3B%0A++++public+bool+WillVote%28string+mode%2C+Car+subject%29%0A++++%7B%0A++++++++return+true%3B%0A++++%7D%0A%0A++++%2F%2F%2F+%26lt%3Bsummary%26gt%3B%0A++++%2F%2F%2F+Votes+on+the+mode+and+subject.%0A++++%2F%2F%2F+%26lt%3B%2Fsummary%26gt%3B%0A++++%2F%2F%2F+%26lt%3Bparam+name%3D"mode">The mode.</param>
    /// <param name="subject">The subject.</param>
    /// <returns>True if this <see cref="IVoter{TSubject}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+allows+access%2C+False+otherwise.%26lt%3B%2Freturns%26gt%3B%0A++++public+bool+Vote%28string+mode%2C+Car+subject%29%0A++++%7B%0A++++++++return+mode+switch%0A++++++++%7B"create" => false,
            "read" => true,
            "update" => false,
            "delete" => true,
            _ => false
        };
    }
}

IVoter<TSubject, TUser>

public class CarVoter : IVoter<Car, User>
{
    /// <summary>
    /// Determines if this <see cref="IVoter{TSubject, TUser}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+will+vote+on+the+mode+and+subject.%0A++++%2F%2F%2F+%26lt%3B%2Fsummary%26gt%3B%0A++++%2F%2F%2F+%26lt%3Bparam+name%3D"mode">The mode.</param>
    /// <param name="subject">The subject.</param>
    /// <param name="user">The user.</param>
    /// <returns>True if this <see cref="IVoter{TSubject, TUser}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+will+vote%2C+False+otherwise.%26lt%3B%2Freturns%26gt%3B%0A++++public+bool+WillVote%28string+mode%2C+Car+subject%2C+User+user%29%0A++++%7B%0A++++++++return+true%3B%0A++++%7D%0A%0A++++%2F%2F%2F+%26lt%3Bsummary%26gt%3B%0A++++%2F%2F%2F+Votes+on+the+mode+and+subject.%0A++++%2F%2F%2F+%26lt%3B%2Fsummary%26gt%3B%0A++++%2F%2F%2F+%26lt%3Bparam+name%3D"mode">The mode.</param>
    /// <param name="subject">The subject.</param>
    /// <param name="user">The user.</param>
    /// <returns>True if this <see cref="IVoter{TSubject, TUser}"?url=https%3A%2F%2Fgithub.com%2F%26gt%3B+instance+allows+access%2C+False+otherwise.%26lt%3B%2Freturns%26gt%3B%0A++++public+bool+Vote%28string+mode%2C+Car+subject%2C+User+user%29%0A++++%7B%0A++++++++return+mode+switch%0A++++++++%7B"create" => true,
            "read" => false,
            "update" => true,
            "delete" => false,
            _ => true
        };
    }
}

Checking access

Inject the IAuthorizationChecker service and call one of the methods below:

Checking access directly

Car car = new Car();
User user = new User();

// Resolves to `IVoter<TSubject>` voter instances using the configured (or default) access decision strategy.
bool result = authorizationChecker.IsAllowed("edit", car);

// Resolves to `IVoter<TSubject, TUser>` voter instances using the configured (or default) access decision strategy.
bool result = authorizationChecker.IsAllowed("edit", car, user);

// Resolves to `IVoter<TSubject>` voter instances using the provided (`AccessDecisionStrategy.Unanimous`) access decision strategy.
bool result = authorizationChecker.IsAllowed("edit", car, AccessDecisionStrategy.Unanimous);

// Resolves to `IVoter<TSubject, TUser>` voter instances using the provided (`AccessDecisionStrategy.Unanimous`) access decision strategy.
bool result = authorizationChecker.IsAllowed("edit", car, user, AccessDecisionStrategy.Unanimous);

Retrieving the authorization result and checking access

Car car = new Car();
User user = new User();

// Resolves to `IVoter<TSubject>` voter instances using the configured (or default) access decision strategy.
IAuthorizationResult<Car> authorizationResult = authorizationChecker.GetAuthorizationResult("edit", car);
bool result = authorizationResult.IsAllowed();

// Resolves to `IVoter<TSubject, TUser>` voter instances using the configured (or default) access decision strategy.
IAuthorizationResult<Car> authorizationResult = authorizationChecker.GetAuthorizationResult("edit", car, user);
bool result = authorizationResult.IsAllowed();

// Resolves to `IVoter<TSubject>` voter instances using the provided (`AccessDecisionStrategy.Unanimous`) access decision strategy.
IAuthorizationResult<Car> authorizationResult = authorizationChecker.GetAuthorizationResult("edit", car, AccessDecisionStrategy.Unanimous);
bool result = authorizationResult.IsAllowed();

// Resolves to `IVoter<TSubject, TUser>` voter instances using the provided (`AccessDecisionStrategy.Unanimous`) access decision strategy.
IAuthorizationResult<Car> authorizationResult = authorizationChecker.GetAuthorizationResult("edit", car, user, AccessDecisionStrategy.Unanimous);
bool result = authorizationResult.IsAllowed();

About

SharpGrip AuthorizationChecker is a security system that provides an easy and effective way to check access on objects.

sharpgrip.net

Topics

csharp dotnet dotnet-core authorization-checker sharpgrip

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 3

v1.0.2 Latest
May 12, 2025
+ 2 releases

Packages

 
 
 

Contributors

Languages