Ejemplo n.º 1
0
        public static async Task <AuthResult> AuthorizeUserAsync(
            HttpContext httpContext, AppDbContext context, string testUserName, string adminRoleName, string userRoleName, IEnumerable <string> roleNames
            )
        {
            var ret      = new AuthResult();
            var userName = httpContext.BearerUserName(testUserName);

            if (string.IsNullOrEmpty(userName))
            {
                return(ret.SetErrMsg(Role.InvalidAuthorisationToken));
            }
            ret.AdminRole = await context.RoleByNameAsync(adminRoleName);

            if (ret.AdminRole == null)
            {
                return(ret.SetErrMsg(Role.AdministratorNotSetUp));
            }
            ret.UserRole = await context.RoleByNameAsync(userRoleName);

            if (ret.UserRole == null)
            {
                return(ret.SetErrMsg(Role.UserRoleNotSetUp));
            }
            ret.ApiUser = await context.UserByNameAsync(userName);

            if (ret.ApiUser == null)
            {
                return(ret.SetErrMsg($"Invalid User <{userName}> - please contact your administrator"));
            }
            ret.ApiUserRole = await context.RoleByIdAsync(ret.ApiUser.RoleId);

            if (ret.ApiUserRole == null)
            {
                return(ret.SetErrMsg($"Invalid RoleId <{ret.ApiUser.RoleId}> - please contact your administrator"));
            }
            if (!roleNames.Contains(ret.ApiUserRole.Name))
            {
                return(ret.SetErrMsg($"Role <{ret.ApiUserRole.Name}> is not authorized to run this API. Must be one of the following roles : " + string.Join(", ", roleNames)));
            }
            return(ret);
        }