| | | 1 | | namespace Kestrun.Claims; |
| | | 2 | | |
| | | 3 | | |
| | | 4 | | /// <summary>Represents one claim must equal rule.</summary> |
| | | 5 | | /// <remarks> |
| | | 6 | | /// This is used to define authorization policies that require a specific claim type |
| | | 7 | | /// with specific allowed values. |
| | | 8 | | /// It is typically used in conjunction with <see cref="ClaimPolicyConfig"/> to define |
| | | 9 | | /// multiple policies. |
| | | 10 | | /// </remarks> |
| | | 11 | | public sealed record ClaimRule |
| | | 12 | | { |
| | | 13 | | /// <summary>The claim type required by this rule.</summary> |
| | 17 | 14 | | public string ClaimType { get; } |
| | | 15 | | |
| | | 16 | | /// <summary>Allowed values for the claim. Exposed as a read-only sequence.</summary> |
| | 17 | 17 | | public IReadOnlyList<string> AllowedValues { get; } |
| | | 18 | | |
| | | 19 | | /// <summary>Constructs a rule from a claim type and one or more allowed values.</summary> |
| | 21 | 20 | | public ClaimRule(string claimType, params string[] allowedValues) |
| | | 21 | | { |
| | 21 | 22 | | ClaimType = claimType ?? throw new ArgumentNullException(nameof(claimType)); |
| | | 23 | | // Make a defensive copy to avoid exposing caller-owned mutable arrays. |
| | 21 | 24 | | AllowedValues = (allowedValues is null) ? Array.Empty<string>() : Array.AsReadOnly((string[])allowedValues.Clone |
| | 21 | 25 | | } |
| | | 26 | | |
| | | 27 | | /// <summary>Constructs a rule from a claim type and an explicit read-only list of values.</summary> |
| | 0 | 28 | | public ClaimRule(string claimType, IReadOnlyList<string> allowedValues) |
| | | 29 | | { |
| | 0 | 30 | | ClaimType = claimType ?? throw new ArgumentNullException(nameof(claimType)); |
| | 0 | 31 | | AllowedValues = allowedValues ?? []; |
| | 0 | 32 | | } |
| | | 33 | | } |