Beispiel #1
0
        /// <summary>
        /// Invokes authorization of the request using the resource currently in context but wit
        /// an override action (e.g. for converting the "Upsert" action to either "Create" or "Update").
        /// </summary>
        /// <param name="entity">The request/entity being authorized.</param>
        /// <param name="actionUri">The action being performed with the request/entity.</param>
        protected async Task AuthorizeSingleItemAsync(T entity, string actionUri, CancellationToken cancellationToken)
        {
            // Make sure Authorization context is present before proceeding
            _authorizationContextProvider.VerifyAuthorizationContextExists();

            // Build the AuthorizationContext
            EdFiAuthorizationContext authorizationContext = new EdFiAuthorizationContext(
                ClaimsPrincipal.Current,
                _authorizationContextProvider.GetResourceUris(),
                actionUri,
                entity);

            // Authorize the call
            await _authorizationProvider.AuthorizeSingleItemAsync(authorizationContext, cancellationToken);
        }
Beispiel #2
0
        public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync(
            HttpActionContext actionContext,
            CancellationToken cancellationToken,
            Func <Task <HttpResponseMessage> > continuation)
        {
            var actionAttribute = actionContext.ActionDescriptor.GetCustomAttributes <EdFiAuthorizationAttribute>()
                                  .SingleOrDefault();

            var controllerAttribute = actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <EdFiAuthorizationAttribute>()
                                      .SingleOrDefault();

            var authorizationAttribute = actionAttribute ?? controllerAttribute;

            if (authorizationAttribute == null)
            {
                return(await continuation());
            }

            try
            {
                await _authorizationProvider.AuthorizeSingleItemAsync(
                    CreateAuthorizationContext(actionContext, authorizationAttribute),
                    cancellationToken);
            }
            catch (Exception ex)
            {
                var restError = _restErrorProvider.GetRestErrorFromException(ex);

                var result = string.IsNullOrWhiteSpace(restError.Message)
                    ? new StatusCodeResult((HttpStatusCode)restError.Code, actionContext.Request)
                    : new StatusCodeResult((HttpStatusCode)restError.Code, actionContext.Request).WithError(restError.Message);

                return(await result.ExecuteAsync(cancellationToken));
            }

            return(await continuation());
        }