private async Task <bool> IsGrantedAsync(IInvocationAuthorizationContext authorizationContext)
{
if (authorizationContext.Permissions.IsNullOrEmpty())
{
return(true);
}
if (authorizationContext.RequireAllPermissions)
{
return(await authorizationContext.Permissions.AllAsync(p => _permissionChecker.CheckAsync(p)));
}
else
{
return(await authorizationContext.Permissions.AnyAsync(p => _permissionChecker.CheckAsync(p)));
}
}
/// <summary>
///
/// </summary>
/// <param name="authorizationContext"></param>
/// <returns></returns>
public async Task CheckAsync(IInvocationAuthorizationContext authorizationContext)
{
if (authorizationContext?.Method?.AttributeExists <AllowAnonymousAttribute>() ?? false)
{
return;
}
if (!(_currentPrincipalAccessor.Principal?.Identity?.IsAuthenticated ?? false))
{
throw new AuthorizationException("Authorization failed! User has not logged in.");
}
else
{
await AuthorizeAsync(authorizationContext);
}
}
private async Task AuthorizeAsync(IInvocationAuthorizationContext authorizationContext)
{
if (await IsGrantedAsync(authorizationContext))
{
return;
}
if (authorizationContext.RequireAllPermissions)
{
throw new AuthorizationException(
$"Required permissions are not granted. All of these permissions must be granted: {authorizationContext.Permissions.ExpandToString(",")}");
}
else
{
throw new AuthorizationException(
$"Required permissions are not granted. At least one of these permissions must be granted: {authorizationContext.Permissions.ExpandToString(",")}");
}
}
