public async Task <bool> IsResourceAuthorizedAsync(string resourceName)
{
// we need to check if this resource is protected
if (string.IsNullOrEmpty(resourceName))
{
throw new InternalError("Missing resource name");
}
if (IsBackDoorWideOpen())
{
return(true);
}
if (YetaWFManager.IsDemo || Manager.IsDemoUser)
{
return(true);
}
// check if this is the superuser
if (Manager.HasSuperUserRole)
{
return(true);
}
using (AuthorizationDataProvider authDP = new AuthorizationDataProvider()) {
Authorization auth = await authDP.GetItemAsync(resourceName);
if (auth == null)
{
Logging.AddLog("Resource {0} doesn't exist", resourceName);
#if DEBUG
throw new InternalError("Resource {0} doesn't exist", resourceName);
#else
return(false);// not authorized, there is no such resource
#endif
}
RoleComparer roleComp = new RoleComparer();
using (RoleDefinitionDataProvider roleDP = new RoleDefinitionDataProvider()) {
if (!Manager.HaveUser)
{
// check if anonymous user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetAnonymousRoleId()
}, roleComp))
{
return(true);
}
return(false);
}
// authenticated user
// check if any authenticated user allowed
if (auth.AllowedRoles.Contains(new Role {
RoleId = roleDP.GetUserRoleId()
}, roleComp))
{
return(true);
}
}
string userName = Manager.UserName;
UserDefinition user = (UserDefinition)Manager.UserObject;// get the saved user
if (user == null)
{
throw new InternalError("UserObject missing for authenticated user");
}
// check if this user is allowed
if (auth.AllowedUsers.Contains(new User {
UserId = user.UserId
}, new UserComparer()))
{
return(true);
}
// check if this user is in a permitted role
foreach (Role loginRole in user.RolesList)
{
if (auth.AllowedRoles.Contains(new Role {
RoleId = loginRole.RoleId
}, roleComp))
{
return(true);
}
}
} // simply not authorized
return(false);
}
