protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
AssignRolesAuthorizationRequirement requirement, Tuple <string[], string[]> newAndCurrentRoles)
{
if (!GetIsRolesChanged(newAndCurrentRoles.Item1, newAndCurrentRoles.Item2))
{
context.Succeed(requirement);
}
else if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.AssignRoles))
{
if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.ViewRoles)
) // If user has ViewRoles permission, then he can assign any roles
{
context.Succeed(requirement);
}
else if (GetIsUserInAllAddedRoles(context.User, newAndCurrentRoles.Item1, newAndCurrentRoles.Item2)
) // Else user can only assign roles they're part of
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AssignRolesAuthorizationRequirement requirement, Tuple <string[], string[]> newAndCurrentRoles)
{
if (!RolesHasChanges(newAndCurrentRoles.Item1, newAndCurrentRoles.Item2))
{
context.Succeed(requirement);
}
else if (context.User.HasClaim(ApplicationClaimType.Authorization, AuthorizationManager.AssignRoles))
{
// If user has ViewRoles authorization, then it can assign any roles
if (context.User.HasClaim(ApplicationClaimType.Authorization, AuthorizationManager.ViewRoles))
{
context.Succeed(requirement);
}
// Else user can only assign roles they're part of
else if (IsUserInAllAddedRoles(context.User, newAndCurrentRoles.Item1, newAndCurrentRoles.Item2))
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
