/// <summary>
/// Add a policy to the options that require an organization
/// role to be present for the user. This can be used if some application
/// provides multi-tenancy and the service must be able to distinguish roles
/// from different Zitadel organizations.
/// </summary>
/// <param name="options">The options object to extend.</param>
/// <param name="policyName">Name of the policy (e.g. CaosUser).</param>
/// <param name="organizationId">The id of the organization from Zitadel.</param>
/// <param name="roles">A list of roles that need to be fulfilled (one of them, at least).</param>
public static void AddZitadelOrganizationRolePolicy(
this AuthorizationOptions options,
string policyName,
string organizationId,
params string[] roles) =>
options.AddPolicy(
policyName,
policy => policy
.RequireAuthenticatedUser()
.RequireClaim(ZitadelDefaults.OrganizationRoleClaimName(organizationId), roles));
/// <summary> /// Checks a principal if it inherits a specific role in context of an organization. /// </summary> /// <param name="principal">The principal to check.</param> /// <param name="organizationId">Zitadel ID of the organization.</param> /// <param name="role">Role that must be present on the principal.</param> /// <returns>True if the role is on the principal. False otherwise.</returns> public static bool IsInRole(this ClaimsPrincipal principal, string organizationId, string role) => principal.HasClaim(ZitadelDefaults.OrganizationRoleClaimName(organizationId), role);
