[Blazor][Fixes #22679] Flow the Resource to the authorization service in AuthorizeRouteView

AuthorizeRouteView combines AuthorizeView and RouteView on one abstraction for convenience, but it was missing a Resource parameter to capture and flow the resource to pass on to the AuthorizationService. This PR adds a new Resource parameter and makes sure that the value is passed to the authorization service so that it is available for the authorization handlers in a policy.

[Blazor][Fixes #22679] Flow the Resource to the authorization service in AuthorizeRouteView
ec4b2221 · Stephen Lorello · GitHub · 71327921 · ec4b2221 · ec4b2221
--- a/src/Components/Authorization/ref/Microsoft.AspNetCore.Components.Authorization.netcoreapp.cs
+++ b/src/Components/Authorization/ref/Microsoft.AspNetCore.Components.Authorization.netcoreapp.cs
@@ -23,6 +23,8 @@ namespace Microsoft.AspNetCore.Components.Authorization
        public Microsoft.AspNetCore.Components.RenderFragment Authorizing { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
        [Microsoft.AspNetCore.Components.ParameterAttribute]
        public Microsoft.AspNetCore.Components.RenderFragment<Microsoft.AspNetCore.Components.Authorization.AuthenticationState> NotAuthorized { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
+        [Microsoft.AspNetCore.Components.ParameterAttribute]
+        public object Resource { [System.Runtime.CompilerServices.CompilerGeneratedAttribute] get { throw null; } [System.Runtime.CompilerServices.CompilerGeneratedAttribute] set { } }
        protected override void Render(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder) { }
    }
    public partial class AuthorizeView : Microsoft.AspNetCore.Components.Authorization.AuthorizeViewCore

--- a/src/Components/Authorization/src/AuthorizeRouteView.cs
+++ b/src/Components/Authorization/src/AuthorizeRouteView.cs
@@ -54,6 +54,12 @@ namespace Microsoft.AspNetCore.Components.Authorization
        [Parameter]
        public RenderFragment Authorizing { get; set; }
+        /// <summary>
+        /// The resource to which access is being controlled.
+        /// </summary>
+        [Parameter]
+        public object Resource { get; set; }
        [CascadingParameter]
        private Task<AuthenticationState> ExistingCascadedAuthenticationState { get; set; }
@@ -82,6 +88,7 @@ namespace Microsoft.AspNetCore.Components.Authorization
            builder.AddAttribute(2, nameof(AuthorizeRouteViewCore.Authorized), _renderAuthorizedDelegate);
            builder.AddAttribute(3, nameof(AuthorizeRouteViewCore.Authorizing), _renderAuthorizingDelegate);
            builder.AddAttribute(4, nameof(AuthorizeRouteViewCore.NotAuthorized), _renderNotAuthorizedDelegate);
+            builder.AddAttribute(5, nameof(AuthorizeRouteViewCore.Resource), Resource);
            builder.CloseComponent();
        }

--- a/src/Components/Authorization/test/AuthorizeRouteViewTest.cs
+++ b/src/Components/Authorization/test/AuthorizeRouteViewTest.cs
@@ -76,6 +76,78 @@ namespace Microsoft.AspNetCore.Components.Authorization
                edit => AssertPrependText(batch, edit, "Hello from the page with message: Hello, world!"));
        }
+        [Fact]
+        public void AuthorizesWhenResourceIsSet()
+        {
+            // Arrange
+            var routeData = new RouteData(typeof(TestPageRequiringAuthorization), new Dictionary<string, object>
+            {
+                { nameof(TestPageRequiringAuthorization.Message), "Hello, world!" }
+            });
+            var resource = "foo";
+            _testAuthorizationService.NextResult = AuthorizationResult.Success();
+            // Act
+            _renderer.RenderRootComponent(_authorizeRouteViewComponentId, ParameterView.FromDictionary(new Dictionary<string, object>
+            {
+                { nameof(AuthorizeRouteView.RouteData), routeData },
+                { nameof(AuthorizeRouteView.DefaultLayout), typeof(TestLayout) },
+                { nameof(AuthorizeRouteView.Resource), resource }
+            }));
+            // Assert: renders layout
+            var batch = _renderer.Batches.Single();
+            var layoutDiff = batch.GetComponentDiffs<TestLayout>().Single();
+            Assert.Collection(layoutDiff.Edits,
+                edit => AssertPrependText(batch, edit, "Layout starts here"),
+                edit =>
+                {
+                    Assert.Equal(RenderTreeEditType.PrependFrame, edit.Type);
+                    AssertFrame.Component<TestPageRequiringAuthorization>(batch.ReferenceFrames[edit.ReferenceFrameIndex]);
+                },
+                edit => AssertPrependText(batch, edit, "Layout ends here"));
+            // Assert: renders page
+            var pageDiff = batch.GetComponentDiffs<TestPageRequiringAuthorization>().Single();
+            Assert.Collection(pageDiff.Edits,
+                edit => AssertPrependText(batch, edit, "Hello from the page with message: Hello, world!"));
+            // Assert: Asserts that the Resource is present and set to "foo"
+            Assert.Collection(_testAuthorizationService.AuthorizeCalls, call=>
+            {
+                Assert.Equal(resource, call.resource.ToString());
+            });
+        }
+        [Fact]
+        public void NotAuthorizedWhenResourceMissing()
+        {
+            // Arrange
+            var routeData = new RouteData(typeof(TestPageRequiringAuthorization), EmptyParametersDictionary);
+            _testAuthorizationService.NextResult = AuthorizationResult.Failed();
+            // Act
+            _renderer.RenderRootComponent(_authorizeRouteViewComponentId, ParameterView.FromDictionary(new Dictionary<string, object>
+            {
+                { nameof(AuthorizeRouteView.RouteData), routeData },
+                { nameof(AuthorizeRouteView.DefaultLayout), typeof(TestLayout) },
+            }));
+            // Assert: renders layout containing "not authorized" message
+            var batch = _renderer.Batches.Single();
+            var layoutDiff = batch.GetComponentDiffs<TestLayout>().Single();
+            Assert.Collection(layoutDiff.Edits,
+                edit => AssertPrependText(batch, edit, "Layout starts here"),
+                edit => AssertPrependText(batch, edit, "Not authorized"),
+                edit => AssertPrependText(batch, edit, "Layout ends here"));
+            // Assert: Asserts that the Resource is Null
+            Assert.Collection(_testAuthorizationService.AuthorizeCalls, call=>
+            {
+                Assert.Null(call.resource);
+            });
+        }
        [Fact]
        public void WhenNotAuthorized_RendersDefaultNotAuthorizedContentInsideLayout()
        {