Added security override

Ed-Fi-Alliance-OSS · Nov 8, 2023 · e2b316d · e2b316d
1 parent 07fc725
commit e2b316d
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 0 deletions.
diff --git a/...tandard/Container/Modules/RelationshipsAuthorizationContextDataProviderOverridesModule.cs b/...tandard/Container/Modules/RelationshipsAuthorizationContextDataProviderOverridesModule.cs
@@ -31,6 +31,12 @@ protected override void Load(ContainerBuilder builder)
             builder.RegisterType<StudentAssessmentRelationshipsAuthorizationContextDataProvider<RelationshipsAuthorizationContextData>>()
                 .As<IRelationshipsAuthorizationContextDataProvider<IStudentAssessment, RelationshipsAuthorizationContextData>>()
                 .SingleInstance();
+
+            // Establish authorization context for EducationOrganizationNetworkAssociation using the MemberEducationOrganizationId rather than
+            // using the default behavior (EducationOrganizationNetworkId)
+            builder.RegisterType<EducationOrganizationNetworkAssociationRelationshipsAuthorizationContextDataProvider<RelationshipsAuthorizationContextData>>()
+                .As<IRelationshipsAuthorizationContextDataProvider<IEducationOrganizationNetworkAssociation, RelationshipsAuthorizationContextData>>()
+                .SingleInstance();
         }
     }
 }
diff --git a/...s/EducationOrganizationNetworkAssociationRelationshipsAuthorizationContextDataProvider.cs b/...s/EducationOrganizationNetworkAssociationRelationshipsAuthorizationContextDataProvider.cs
@@ -0,0 +1,59 @@
+// SPDX-License-Identifier: Apache-2.0
+// Licensed to the Ed-Fi Alliance under one or more agreements.
+// The Ed-Fi Alliance licenses this file to you under the Apache License, Version 2.0.
+// See the LICENSE and NOTICES files in the project root for more information.
+
+using System;
+using System.Diagnostics.CodeAnalysis;
+using EdFi.Ods.Api.Security.AuthorizationStrategies.Relationships;
+using EdFi.Ods.Entities.Common.EdFi;
+using EdFi.Ods.Entities.NHibernate.EducationOrganizationNetworkAssociationAggregate.EdFi;
+
+namespace EdFi.Ods.Standard.Security.Authorization.Overrides
+{
+    /// <summary>
+    /// Creates and returns an <see cref="RelationshipsAuthorizationContextData"/> instance for making authorization decisions for access to the edfi.EducationOrganizationNetworkAssociation table of the EducationOrganizationNetworkAssociation aggregate in the Ods Database.
+    /// </summary>
+    [ExcludeFromCodeCoverage]
+    public class EducationOrganizationNetworkAssociationRelationshipsAuthorizationContextDataProvider<TContextData> : IRelationshipsAuthorizationContextDataProvider<IEducationOrganizationNetworkAssociation, TContextData>
+        where TContextData : RelationshipsAuthorizationContextData, new()
+    {
+        /// <summary>
+        /// Creates and returns an <see cref="TContextData"/> instance based on the supplied resource.
+        /// </summary>
+        public TContextData GetContextData(IEducationOrganizationNetworkAssociation resource)
+        {
+            if (resource == null)
+                throw new ArgumentNullException("resource", "The 'educationOrganizationNetworkAssociation' resource for obtaining authorization context data cannot be null.");
+
+            var entity = resource as EducationOrganizationNetworkAssociation;
+
+            var contextData = new TContextData();
+            // contextData.EducationOrganizationNetworkId = entity.EducationOrganizationNetworkId == default(long) ? null as long? : entity.EducationOrganizationNetworkId; // Primary key property, Only Education Organization Id present
+            contextData.EducationOrganizationId = entity.MemberEducationOrganizationId; // Primary key property, Role name applied
+            return contextData;
+        }
+
+        /// <summary>
+        ///  Creates and returns a signature key based on the resource, which can then be used to get and instance of IEdFiSignatureAuthorizationProvider
+        /// </summary>
+        public string[] GetAuthorizationContextPropertyNames()
+        {
+            var properties = new string[]
+                 {
+                    // "EducationOrganizationNetworkId",
+                    "MemberEducationOrganizationId",
+                 };
+
+            return properties;
+        }
+
+        /// <summary>
+        /// Creates and returns an <see cref="RelationshipsAuthorizationContextData"/> instance based on the supplied resource.
+        /// </summary>
+        public TContextData GetContextData(object resource)
+        {
+            return GetContextData((EducationOrganizationNetworkAssociation)resource);
+        }
+    }
+}