protected override bool IsAuthorized(HttpActionContext context)
{
if (context == null) throw new ArgumentException("HttpActionContext does not exist!");
Identity = GetWebApiIdentity(context);
if (Identity == null) return false;
return Identity.Permissions.Contains(context.Request.Method == HttpMethod.Get ?
ReadPermission :
WritePermission);
}
static WebApiIdentityRepository()
{
FakeDataStore = new Dictionary<string, WebApiIdentity>();
FakeDataStore["readonly"] = new WebApiIdentity
{
Token = "readonly",
AppIds = new HashSet<int>(new[] { 1, 2, 3 }),
Permissions = new HashSet<Permission>(new[] { Permission.UsersRead, Permission.AppsRead })
};
FakeDataStore["writeonly"] = new WebApiIdentity
{
Token = "writeonly",
AppIds = new HashSet<int>(new[] { 1, 2, 3 }),
Permissions = new HashSet<Permission>(new[] { Permission.UsersWrite, Permission.AppsWrite })
};
FakeDataStore["admin"] = new WebApiIdentity
{
Token = "admin",
AppIds = new HashSet<int>(new[] { 1, 2, 3 }),
Permissions = new HashSet<Permission>(new[] { Permission.UsersWrite, Permission.UsersRead, Permission.AppsRead, Permission.AppsWrite })
};
}
