protected override bool OnValidateRequest(string userId, HttpContext context)
{
if (!this.CanUseQueues(userId))
{
context.Response.EndWithDataServiceError(401, "Unauthorized", "You have no permission to use queues.");
}
var queueName = StorageRequestAnalyzer.GetRequestedQueue(context.Request);
if (!this.CanUseQueue(userId, queueName, context.Request))
{
context.Response.EndWithDataServiceError(401, "Unauthorized", "You have no permission to use this queue.");
}
return(true);
}
private bool CanUseTable(string userId, string tableName, HttpRequest request)
{
var publicTablePrivilege = string.Format(CultureInfo.InvariantCulture, "{0}{1}", tableName, PrivilegeConstants.PublicTablePrivilegeSuffix);
if (!this.userPrivilegesRepository.PublicPrivilegeExists(publicTablePrivilege))
{
var accessTablePrivilege = string.Format(CultureInfo.InvariantCulture, "{0}{1}", tableName, PrivilegeConstants.TablePrivilegeSuffix);
if (!this.userPrivilegesRepository.HasUserPrivilege(userId, accessTablePrivilege))
{
// Check if the user is listing the available tables or creating a new table.
return(StorageRequestAnalyzer.IsListingTables(request) || StorageRequestAnalyzer.IsCreatingTable(request, tableName));
}
}
return(true);
}
private bool CanUseQueue(string userId, string queueName, HttpRequest request)
{
if (string.IsNullOrWhiteSpace(queueName))
{
return(true);
}
var publicQueuePrivilege = string.Format(CultureInfo.InvariantCulture, "{0}{1}", queueName, PrivilegeConstants.PublicQueuePrivilegeSuffix);
if (!this.userPrivilegesRepository.PublicPrivilegeExists(publicQueuePrivilege))
{
var accessQueuePrivilege = string.Format(CultureInfo.InvariantCulture, "{0}{1}", queueName, PrivilegeConstants.QueuePrivilegeSuffix);
if (!this.userPrivilegesRepository.HasUserPrivilege(userId, accessQueuePrivilege))
{
// Check if the user is creating a new queue.
return(StorageRequestAnalyzer.IsCreatingQueue(request));
}
}
return(true);
}