public PermissionsService(
IMongoDbContext permissionsContext,
ILogger <PermissionsService> logger)
{
_permissionsContext = permissionsContext as PermissionsContext;
_logger = logger;
}
private ExecutionOptions BuildExecutionOptions(string query, PermissionsContext permissionsContext)
{
var services = new ServiceCollection();
services.AddAuthorization();
services.AddLogging();
services.AddOptions();
services.AddScoped <IAuthorizationHandler, PermissionContextAuthorizationHandler>(x =>
{
return(new PermissionContextAuthorizationHandler(permissionsContext));
});
services.AddScoped <IValidationRule, RequiresPermissionValidationRule>();
var serviceProvider = services.BuildServiceProvider();
return(new ExecutionOptions
{
Query = query,
Schema = new ValidationSchema(),
UserContext = new GraphQLContext
{
ServiceProvider = serviceProvider,
User = new ClaimsPrincipal(new StubIdentity())
},
ValidationRules = DocumentValidator.CoreRules().Concat(serviceProvider.GetServices <IValidationRule>())
});
}
/// <summary>
/// Retrieves a specific entity
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="id">Entity unique identifier</param>
/// <returns>
/// <see cref="TEntityDto"/>s object containing the entity.
/// </returns>
public TEntityDto Get(PermissionsContext ctx, TIdentity id)
{
if (!ValidateEntityKey(id))
{
throw new EntityValidationException(id);
}
return(OnGet(ctx, id));
}
public PermissionRepository(
IPermissionsService permissionsService,
IMongoDbContext permissionsContext,
ILogger <PermissionRepository> logger)
{
_permissionsService = permissionsService;
_permissionsContext = permissionsContext as PermissionsContext;
_logger = logger;
}
private void PromptDefaultPermissions(PermissionsContext permissionsContext, string redirectUrl)
{
FacebookClient client = permissionsContext.FacebookContext.Client;
// Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog.
Uri navigationUrl = client.GetLoginUrl(redirectUrl,
_config.AppId,
permissions: null);
permissionsContext.FilterContext.Result = CreateRedirectResult(navigationUrl);
}
public static void ConfigureDatabase(this IHost host)
{
using IServiceScope scope = host.Services.CreateScope();
ILogger logger = scope.ServiceProvider.GetRequiredService <ILogger <PermissionsContext> >();
PermissionsContext permissionsContext = scope.ServiceProvider.GetRequiredService <PermissionsContext>();
CreateDatabase(permissionsContext, logger);
SeedDatabase(permissionsContext, logger);
}
private static void CreateDatabase(PermissionsContext permissionsContext, ILogger logger)
{
try
{
permissionsContext.Database.EnsureCreated();
}
catch (Exception ex)
{
logger.LogCritical(ex, "Unable to create the database");
throw;
}
}
/// <summary>
/// Retrieves list of specific comments associated for the document.
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="args">Document unique identifier</param>
/// <returns>
/// List of <see cref="CommentDto"/>s object containing the results in the
/// sequence specified in the documentId.
/// </returns>
protected override IEnumerable <CommentDto> OnGetAll(PermissionsContext ctx, params object[] args)
{
var isGetCommentsByDocumentId = (args != null &&
args.Length == 1 && args[0] is Guid && !((Guid)args[0]).Equals(Guid.Empty));
if (isGetCommentsByDocumentId)
{
return(GetCommentsByDocumentId(ctx, (Guid)args[0]));
}
else
{
return(null);
}
}
/// <summary>
/// Retrieves list of all specific documents.
/// Or retrieves list of specific documents associated for the user.
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <returns>
/// List of <see cref="DocumentDto"/>s object containing the results.
/// </returns>
protected override IEnumerable <DocumentDto> OnGetAll(PermissionsContext ctx, params object[] args)
{
var isGetDocumentsByUserId = (args != null &&
args.Length == 1 && args[0] is int && (int)args[0] > 0);
if (isGetDocumentsByUserId)
{
return(GetDocumentsByUserId((int)args[0]));
}
else
{
return(GetAllDocuments(ctx));
}
}
/// <summary>
/// Retrieves all users
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="userId">User identifier</param>
/// <returns>
/// List of <see cref="UserDto"/>s object containing the results.
/// </returns>
protected override IEnumerable <UserDto> OnGetAll(PermissionsContext ctx, params object[] args)
{
var isGetUsersByUserLogin = (args != null &&
args.Length == 1 &&
args[0] is string &&
!String.IsNullOrEmpty((string)args[0]));
if (isGetUsersByUserLogin)
{
return(GetUsersByUserLogin((string)args[0]));
}
else
{
return(GetAllUsers());
}
}
private static void SeedDatabase(PermissionsContext permissionsContext, ILogger logger)
{
try
{
if (permissionsContext.Permissions.Any())
{
return; // DB has been seeded
}
//Add any code required to seed the database here
}
catch (Exception ex)
{
logger.LogCritical(ex, "Error while seeding the database");
throw;
}
}
/// <summary>
/// Retrieves a specific user
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="userId">User identifier</param>
/// <returns>
/// <see cref="UserDto"/>s object containing the new comment.
/// </returns>
protected override UserDto OnGet(PermissionsContext ctx, int id)
{
UserDto result = null;
using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>())
{
var user = unitOfWork
.UserRepository
.GetByID(id);
if (user != null && !user.Deleted)
{
result = user
.ToDto();
}
}
return(result);
}
private void PromptMissingPermissions(PermissionsContext permissionsContext, string redirectUrl)
{
AuthorizationContext filterContext = permissionsContext.FilterContext;
HashSet <string> requiredPermissions = permissionsContext.RequiredPermissions;
// If there were no errors it means that we will be prompted with a permission prompt.
// Therefore, invoke the permission prompt hooks and navigate to the prompt.
IEnumerable <string> declinedPermissions = permissionsContext.DeclinedPermissions;
IEnumerable <string> skippedPermissions = permissionsContext.SkippedPermissions;
FacebookContext facebookContext = permissionsContext.FacebookContext;
IEnumerable <string> missingPermissions = permissionsContext.MissingPermissions;
// Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check
// them against the current pages permissions, this will determine if we should invoke the denied permission hook.
bool deniedPermissions = missingPermissions.Where(
permission => declinedPermissions.Contains(permission) ||
skippedPermissions.Contains(permission)).Any();
// The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
// It is attempted PRIOR to the pre hook to allow app creators to handle situations when a user
// skip's or revokes previously prompted permissions. Ex: redirect to a different page.
if (deniedPermissions && InvokeDeniedPermissionPromptHook(permissionsContext))
{
return;
}
else if (InvokePrePermissionPromptHook(permissionsContext))
{
return;
}
// We persist the requested permissions in a cookie to know if a permission was denied in any way.
// The persisted data allows us to detect skipping of permissions.
PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);
FacebookClient client = facebookContext.Client;
Uri navigationUrl = client.GetLoginUrl(redirectUrl,
_config.AppId,
permissions: String.Join(",", requiredPermissions));
filterContext.Result = CreateRedirectResult(navigationUrl);
}
/// <summary>
/// Retrieves list of all specific documents.
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <returns>
/// List of <see cref="DocumentDto"/>s object containing the results.
/// </returns>
protected IEnumerable <DocumentDto> GetAllDocuments(PermissionsContext ctx)
{
List <DocumentDto> result = null;
using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>())
{
var documents = unitOfWork
.DocumentRepository
.GetWithInclude(p => true, "User")
.ToList();
if (documents != null && documents.Any())
{
var userId = ctx != null
? ctx.CurrentUserId : 0;
result = new List <DocumentDto>();
documents.ForEach(d => result.Add(d.ToDto(userId == d.UserId)));
}
}
return(result);
}
/// <summary>
/// Retrieves list of specific comments associated for the document.
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="documentId">Document unique identifier</param>
/// <returns>
/// List of <see cref="CommentDto"/>s object containing the results in the
/// sequence specified in the documentId.
/// </returns>
protected IEnumerable <CommentDto> GetCommentsByDocumentId(PermissionsContext ctx, Guid documentId)
{
List <CommentDto> result = null;
using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>())
{
var comments = unitOfWork
.CommentRepository
.GetWithInclude(p => p.DocumentId == documentId, "User")
.ToList();
if (comments != null && comments.Any())
{
var userId = ctx != null
? ctx.CurrentUserId : 0;
result = new List <CommentDto>();
comments.ForEach(c => result.Add(c.ToDto(userId == c.UserId)));
}
}
return(result);
}
/// <summary>
/// Retrieves a specific document
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="documentId">Document unique identifier</param>
/// <returns></returns>
protected override DocumentDto OnGet(PermissionsContext ctx, Guid id)
{
DocumentDto result = null;
using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>())
{
var document = unitOfWork
.DocumentRepository
.GetWithInclude(p => p.Id.Equals(id), "User")
.FirstOrDefault();
if (document != null)
{
var userId = ctx != null
? ctx.CurrentUserId : 0;
result = document
.ToDto(userId == document.UserId);
}
}
return(result);
}
/// <summary>
/// Retrieves a specific comment
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="id">Commentary unique identifier</param>
/// <returns>
/// <see cref="CommentDto"/>s object containing the new comment.
/// </returns>
protected override CommentDto OnGet(PermissionsContext ctx, int id)
{
CommentDto result = null;
using (var unitOfWork = ObjectContainer.Resolve <UnitOfWork>())
{
var comment = unitOfWork
.CommentRepository
.GetWithInclude(p => p.Id == id, "User")
.FirstOrDefault();
if (comment != null)
{
var userId = ctx != null
? ctx.CurrentUserId : 0;
result = comment
.ToDto(userId == comment.UserId);
}
}
return(result);
}
public async Task ShouldNotReturnBlogsWithoutViewBlogContentPermission()
{
var permissionContext = new PermissionsContext
{
UsePermissionsContext = true,
AuthorizedPermissions = new[] {
GraphQLApi.Permissions.ExecuteGraphQL
}
};
using (var context = new SiteContext())
{
await context.InitializeAsync(permissionContext);
var result = await context.GraphQLClient.Content
.Query("blog", builder =>
{
builder.WithField("contentItemId");
});
Assert.Equal(GraphQLApi.ValidationRules.RequiresPermissionValidationRule.ErrorCode, result["errors"][0]["extensions"]["code"]);
}
}
public async Task ShouldReturnBlogsWithViewBlogContentPermission()
{
var permissionContext = new PermissionsContext
{
UsePermissionsContext = true,
AuthorizedPermissions = new[] {
GraphQLApi.Permissions.ExecuteGraphQL,
Contents.Permissions.ViewContent
}
};
using (var context = new SiteContext())
{
await context.InitializeAsync(permissionContext);
var result = await context.GraphQLClient.Content
.Query("blog", builder =>
{
builder.WithField("contentItemId");
});
Assert.NotEmpty(result["data"]["blog"]);
}
}
private void PromptMissingPermissions(PermissionsContext permissionsContext, string redirectUrl)
{
AuthorizationContext filterContext = permissionsContext.FilterContext;
HashSet<string> requiredPermissions = permissionsContext.RequiredPermissions;
// If there were no errors it means that we will be prompted with a permission prompt.
// Therefore, invoke the permission prompt hooks and navigate to the prompt.
IEnumerable<string> declinedPermissions = permissionsContext.DeclinedPermissions;
IEnumerable<string> skippedPermissions = permissionsContext.SkippedPermissions;
FacebookContext facebookContext = permissionsContext.FacebookContext;
IEnumerable<string> missingPermissions = permissionsContext.MissingPermissions;
// Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check
// them against the current pages permissions, this will determine if we should invoke the denied permission hook.
bool deniedPermissions = missingPermissions.Where(
permission => declinedPermissions.Contains(permission) ||
skippedPermissions.Contains(permission)).Any();
// The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
// It is attempted PRIOR to the pre hook to allow app creators to handle situations when a user
// skip's or revokes previously prompted permissions. Ex: redirect to a different page.
if (deniedPermissions && InvokeDeniedPermissionPromptHook(permissionsContext))
{
return;
}
else if (InvokePrePermissionPromptHook(permissionsContext))
{
return;
}
// We persist the requested permissions in a cookie to know if a permission was denied in any way.
// The persisted data allows us to detect skipping of permissions.
PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);
FacebookClient client = facebookContext.Client;
Uri navigationUrl = client.GetLoginUrl(redirectUrl,
_config.AppId,
permissions: String.Join(",", requiredPermissions));
filterContext.Result = CreateRedirectResult(navigationUrl);
}
protected override ActionResult OnDeniedPermissionPrompt(PermissionsContext context)
{
DeniedPermissionPromptHookTriggered = true;
return base.OnDeniedPermissionPrompt(context);
}
protected override ActionResult OnPermissionPrompt(PermissionsContext context)
{
return _promptPermissionHookResult;
}
private bool InvokePrePermissionPromptHook(PermissionsContext context)
{
ActionResult preResult = OnPermissionPrompt(context);
return HandleParsedHookResult(context.FilterContext, preResult);
}
protected override ActionResult OnPermissionPrompt(PermissionsContext context)
{
return null;
}
protected override ActionResult OnDeniedPermissionPrompt(PermissionsContext context)
{
return _deniedPermissionPromptHookResult;
}
public PermissionRepository(PermissionsContext context, IDistributedCache cache)
{
_context = context;
_cache = cache;
}
/// <summary>
/// Check is document owner
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="id">Document unique identifier</param>
/// <returns></returns>
public bool CheckIsCommentOwner(PermissionsContext ctx, int id)
{
var comment = Get(ctx, id);
return(comment != null && comment.CanModify);
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
/// <returns>An <see cref="ActionResult"/> for how to handle the coming permission prompt. Defaults to showing the prompt
/// via the <see cref="ShowPrompt"/> result.</returns>
protected virtual ActionResult OnPermissionPrompt(PermissionsContext context)
{
return ShowPrompt();
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
IEnumerable<FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)
.Union(filterContext.ActionDescriptor.ControllerDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true))
.OfType<FacebookAuthorizeAttribute>();
if (!authorizeAttributes.Any())
{
return;
}
FacebookClient client = _config.ClientProvider.CreateClient();
HttpRequestBase request = filterContext.HttpContext.Request;
dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest(
filterContext.HttpContext,
rawSignedRequest =>
{
return client.ParseSignedRequest(rawSignedRequest);
});
string userId = null;
string accessToken = null;
if (signedRequest != null)
{
userId = signedRequest.user_id;
accessToken = signedRequest.oauth_token;
}
NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query);
HashSet<string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes);
bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]);
// This must occur AFTER the handleError calculation because it modifies the parsed queries.
string redirectUrl = GetRedirectUrl(request, parsedQueries);
// Check if there was an error and we should handle it.
if (handleError)
{
Uri errorUrl;
if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath))
{
errorUrl = DefaultAuthorizationRedirectUrl;
}
else
{
errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions);
}
filterContext.Result = CreateRedirectResult(errorUrl);
// There was an error so short circuit
return;
}
FacebookContext facebookContext = new FacebookContext
{
Client = client,
SignedRequest = signedRequest,
AccessToken = accessToken,
UserId = userId,
Configuration = _config
};
PermissionsContext permissionsContext = new PermissionsContext
{
FacebookContext = facebookContext,
FilterContext = filterContext,
RequiredPermissions = requiredPermissions,
};
// Check if we need to prompt for default permissions.
if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken))
{
PromptDefaultPermissions(permissionsContext, redirectUrl);
}
else if (requiredPermissions.Any())
{
PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken);
// Instead of performing another request to gather "granted" permissions just parse the status
IEnumerable<string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus);
IEnumerable<string> missingPermissions = requiredPermissions.Except(currentPermissions);
// If we have missing permissions than we need to present a prompt or redirect to an error
// page if there's an error.
if (missingPermissions.Any())
{
permissionsContext.MissingPermissions = missingPermissions;
permissionsContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus);
permissionsContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions(
filterContext.HttpContext.Request,
missingPermissions,
permissionsContext.DeclinedPermissions);
PromptMissingPermissions(permissionsContext, redirectUrl);
}
}
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that requests permissions that were skipped
/// or revoked. Occurs before the <see cref="OnPermissionPrompt"/> and short circuits the pipeline by default via
/// returning an <see cref="IgnorePrompt"/> result.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
/// <returns>An <see cref="ActionResult"/> for how to handle the denied permissions. Defaults to ignoring the coming prompt
/// via the <see cref="IgnorePrompt"/> result.</returns>
protected virtual ActionResult OnDeniedPermissionPrompt(PermissionsContext context)
{
return(IgnorePrompt());
}
public ServersController(IHttpContextAccessor httpContext, PermissionsContext permissionsContext, IConfiguration configuration)
{
_httpContext = httpContext;
_permissionsContext = permissionsContext;
_zmqUrl = configuration.GetSection("ZeroMQUrl").Value;
}
private bool InvokeDeniedPermissionPromptHook(PermissionsContext context)
{
ActionResult postResult = OnDeniedPermissionPrompt(context);
return HandleParsedHookResult(context.FilterContext, postResult);
}
/// <summary>
/// Retrieves list of specific DTO's entities.
/// </summary>
/// <param name="ctx">Contains information of current user</param>
/// <param name="args"></param>
/// <returns></returns>
public IEnumerable <TEntityDto> GetAll(PermissionsContext ctx, params object[] args)
{
return(OnGetAll(ctx, args));
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
IEnumerable <FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)
.Union(filterContext.ActionDescriptor.ControllerDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true))
.OfType <FacebookAuthorizeAttribute>();
if (!authorizeAttributes.Any())
{
return;
}
FacebookClient client = _config.ClientProvider.CreateClient();
HttpRequestBase request = filterContext.HttpContext.Request;
dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest(
filterContext.HttpContext,
rawSignedRequest =>
{
return(client.ParseSignedRequest(rawSignedRequest));
});
string userId = null;
string accessToken = null;
if (signedRequest != null)
{
userId = signedRequest.user_id;
accessToken = signedRequest.oauth_token;
}
NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query);
HashSet <string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes);
bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]);
// This must occur AFTER the handleError calculation because it modifies the parsed queries.
string redirectUrl = GetRedirectUrl(request, parsedQueries);
// Check if there was an error and we should handle it.
if (handleError)
{
Uri errorUrl;
if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath))
{
errorUrl = DefaultAuthorizationRedirectUrl;
}
else
{
errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions);
}
filterContext.Result = CreateRedirectResult(errorUrl);
// There was an error so short circuit
return;
}
FacebookContext facebookContext = new FacebookContext
{
Client = client,
SignedRequest = signedRequest,
AccessToken = accessToken,
UserId = userId,
Configuration = _config
};
PermissionsContext permissionsContext = new PermissionsContext
{
FacebookContext = facebookContext,
FilterContext = filterContext,
RequiredPermissions = requiredPermissions,
};
// Check if we need to prompt for default permissions.
if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken))
{
PromptDefaultPermissions(permissionsContext, redirectUrl);
}
else if (requiredPermissions.Any())
{
PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken);
// Instead of performing another request to gather "granted" permissions just parse the status
IEnumerable <string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus);
IEnumerable <string> missingPermissions = requiredPermissions.Except(currentPermissions);
// If we have missing permissions than we need to present a prompt or redirect to an error
// page if there's an error.
if (missingPermissions.Any())
{
permissionsContext.MissingPermissions = missingPermissions;
permissionsContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus);
permissionsContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions(
filterContext.HttpContext.Request,
missingPermissions,
permissionsContext.DeclinedPermissions);
PromptMissingPermissions(permissionsContext, redirectUrl);
}
}
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
/// <returns>An <see cref="ActionResult"/> for how to handle the coming permission prompt. Defaults to showing the prompt
/// via the <see cref="ShowPrompt"/> result.</returns>
protected virtual ActionResult OnPermissionPrompt(PermissionsContext context)
{
return(ShowPrompt());
}
private void PromptDefaultPermissions(PermissionsContext permissionsContext, string redirectUrl)
{
FacebookClient client = permissionsContext.FacebookContext.Client;
// Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog.
Uri navigationUrl = client.GetLoginUrl(redirectUrl,
_config.AppId,
permissions: null);
permissionsContext.FilterContext.Result = CreateRedirectResult(navigationUrl);
}
protected abstract TEntityDto OnGet(PermissionsContext ctx, TIdentity id);
private bool InvokeDeniedPermissionPromptHook(PermissionsContext context)
{
ActionResult postResult = OnDeniedPermissionPrompt(context);
return(HandleParsedHookResult(context.FilterContext, postResult));
}
protected abstract IEnumerable <TEntityDto> OnGetAll(PermissionsContext ctx, params object[] args);
private bool InvokePrePermissionPromptHook(PermissionsContext context)
{
ActionResult preResult = OnPermissionPrompt(context);
return(HandleParsedHookResult(context.FilterContext, preResult));
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that requests permissions that were skipped
/// or revoked. Occurs before the <see cref="OnPermissionPrompt"/> and short circuits the pipeline by default via
/// returning an <see cref="IgnorePrompt"/> result.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
/// <returns>An <see cref="ActionResult"/> for how to handle the denied permissions. Defaults to ignoring the coming prompt
/// via the <see cref="IgnorePrompt"/> result.</returns>
protected virtual ActionResult OnDeniedPermissionPrompt(PermissionsContext context)
{
return IgnorePrompt();
}
