protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CurrentUserRequirement requirement, string userId)
{
// Get the ID from the claim
var claim = context.User.Claims.FirstOrDefault(c => c.Type == CustomClaims.UserId && c.Issuer == _config.GetSection("jwt").GetSection("issuer").Value);
if (claim.Value == userId)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CheckPlaintData requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.SecretaryGrievanceCommittee, RoleNames.ManagerGrievanceCommittee, RoleNames.OffersCheckSecretary, RoleNames.OffersPurchaseSecretary, RoleNames.OffersCheckManager, RoleNames.OffersPurchaseManager, RoleNames.DataEntry, RoleNames.Auditer, RoleNames.OffersOppeningSecretary, RoleNames.OffersOppeningManager, RoleNames.MonafasatAdmin, RoleNames.MonafasatAccountManager
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(
AuthorizationHandlerContext context,
SubjectMustMatchUserRequirement requirement)
{
var subjectFromUri = _httpContextAccessor.HttpContext.GetRouteValue("subject").ToString();
var subjectFromUserObject = context.User.Claims.FirstOrDefault(c => c.Type == "sub")?.Value;
if (subjectFromUri != subjectFromUserObject)
{
context.Fail();
return(Task.CompletedTask);
}
context.Succeed(requirement);
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApproveTenderAwardRequirement requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.ApproveTenderAward, RoleNames.OffersCheckManager
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ProfileConfirmedRequirement requirement)
{
var userId = context.User?.Claims?.FirstOrDefault(p => p.Type == ClaimTypes.NameIdentifier)?.Value;
var profileConfirmation = await _table.GetAsync(Guid.Parse(userId));
if (profileConfirmation == null ||
profileConfirmation.IsDeleted)
{
context.Fail();
}
else
{
context.Succeed(requirement);
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, GetFavouriteSuppliersByListIdRequirement requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.DataEntry, RoleNames.Auditer, RoleNames.MonafasatAdmin, RoleNames.MonafasatAccountManager, RoleNames.OffersOppeningSecretary, RoleNames.CustomerService, RoleNames.OffersOppeningManager, RoleNames.OffersCheckSecretary, RoleNames.OffersCheckManager, RoleNames.PurshaseSpecialist, RoleNames.EtimadOfficer
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ViewMandatoryListRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.MandatoryListOfficer, RoleNames.MandatoryListApprover
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
IExceptRequirement requirement)
{
if (!context.HasFailed)
{
if (context.PendingRequirements.Any(x => x is IExceptRequirement))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, IsAdminOrUserRequirement requirement)
{
var isAdmin = context.User.HasClaim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAdmin);
var isUser = context.User.HasClaim(Helpers.Constants.Strings.JwtClaimIdentifiers.Rol, Helpers.Constants.Strings.JwtClaims.ApiAccess);
if (isAdmin || isUser)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, SupplierEnquiriesOnTenderRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.TechnicalCommitteeUser, RoleNames.supplier, RoleNames.Auditer
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, MonafasatAccountManagerRequirement requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.MonafasatAccountManager, RoleNames.CustomerService
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, WorksForCompanyRequirement requirement)
{
//other logics could come here to restrict user to access the end point at which this handler
// is going to be placed
//Note the below email address is set in the jwttoken claim when creating the token to issue to the user.
var userEmailAddress = context.User?.FindFirstValue(ClaimTypes.Email) ?? string.Empty;
if (userEmailAddress.EndsWith(requirement.DomainName))
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
/// <inheritdoc />
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AnonymousLanAccessRequirement requirement)
{
var ip = _httpContextAccessor.HttpContext?.Connection.RemoteIpAddress;
// Loopback will be on LAN, so we can accept null.
if (ip == null || _networkManager.IsInLocalNetwork(ip))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
public Task HandleAsync(AuthorizationHandlerContext context)
{
foreach (var req in context.Requirements)
{
context.Succeed(req);
}
var hasClaim = context.User.HasClaim(o => o.Type == ClaimTypes.NameIdentifier && !string.IsNullOrEmpty(o.Value));
if (!hasClaim)
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, BaseRequirement requirement)
{
await Task.Run(() =>
{
if (context.User.Identity.IsAuthenticated)
{
if (!context.User.HasClaim(x => x.Value.Equals(this.PolicyType.ToString())))
{
context.Fail();
return;
}
context.Succeed(requirement);
}
});
}
protected override Task HandleRequirementAsync(
AuthorizationHandlerContext userContext,
UserRoleRequirement requirement)
{
if (!userContext.User.HasClaim(c => c.Type == "Usesrname") && userContext.User.Identity.IsAuthenticated)
{
userContext.Fail();
return(Task.CompletedTask);
}
else
{
userContext.Succeed(requirement);
}
userContext.Succeed(requirement);
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ManageAdminRolesAndClaimsRequirement requirement)
{
if (context.User == null || !context.User.Identity.IsAuthenticated)
{
context.Fail();
return(Task.CompletedTask);
}
if (context.User.IsInRole("Super Admin"))
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, UnitSpecialistLevel1Requirement requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.UnitSpecialistLevel1
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, WriteAccessRequirement requirement)
{
string scope = context.User.FindFirstValue(requirement.ClaimType);
if (!string.IsNullOrEmpty(scope))
{
string[] scopeArray = scope.Split(' ', StringSplitOptions.RemoveEmptyEntries);
if (scopeArray.Any(c => c.Equals(requirement.ClaimValue, StringComparison.InvariantCultureIgnoreCase)))
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationSchemeRequirement requirement)
{
var mvcContext = context.Resource as
Microsoft.AspNetCore.Mvc.Filters.AuthorizationFilterContext;
if (requirement.IsValid(mvcContext?.HttpContext.Request.Headers))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, WriteAccessRequirement requirement)
{
bool hasClaim = context.User.HasClaim(c => c.Type == requirement.ClaimType);
if (hasClaim)
{
string[] arrayClaims = context.User.FindFirstValue(requirement.ClaimType)?.Split(" ");
if (arrayClaims != null && arrayClaims.Contains(requirement.ClaimValue))
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, GetAnnouncementSupplierTemplateRequirement requirement)
{
var role = context.User.UserRole();
if (role == null || !new List <string> {
RoleNames.DataEntry, RoleNames.Auditer, RoleNames.MonafasatAccountManager, RoleNames.MonafasatAdmin, RoleNames.OffersOppeningSecretary,
RoleNames.OffersOppeningManager, RoleNames.OffersCheckSecretary, RoleNames.OffersCheckManager, RoleNames.PreQualificationCommitteeSecretary, RoleNames.PreQualificationCommitteeManager,
RoleNames.OffersPurchaseSecretary, RoleNames.OffersPurchaseManager, RoleNames.CustomerService, RoleNames.UnitSpecialistLevel1, RoleNames.UnitSpecialistLevel2, RoleNames.UnitManagerUser
}.Contains(role))
{
context.Fail();
return(Task.CompletedTask);
}
context.Succeed(requirement);
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, CancelTenderRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.DataEntry, RoleNames.Auditer, RoleNames.supplier, RoleNames.OffersOpeningAndCheckManager, RoleNames.OffersOpeningAndCheckSecretary, RoleNames.OffersPurchaseManager, RoleNames.OffersPurchaseSecretary, RoleNames.OffersOppeningManager, RoleNames.OffersOppeningSecretary, RoleNames.OffersCheckSecretary, RoleNames.OffersCheckManager, RoleNames.MonafasatAdmin, RoleNames.MonafasatAccountManager, RoleNames.TechnicalCommitteeUser, RoleNames.PreQualificationCommitteeManager, RoleNames.PreQualificationCommitteeSecretary, RoleNames.PurshaseSpecialist, RoleNames.EtimadOfficer
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AdminAndDataEntryRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.MonafasatAdmin, RoleNames.DataEntry
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AccessControlRequirement requirement)
{
var httpContext = _contextAccessor.HttpContext;
var accessKey = _options.AccessKeyResolver?.Invoke(httpContext);
var resourceAccessStrategy = httpContext.RequestServices.GetService <IResourceAccessStrategy>();
if (resourceAccessStrategy.IsCanAccess(accessKey))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, QualificationExtendDateApprovementRequirement requirement)
{
List <string> userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.DataEntry, RoleNames.Auditer, RoleNames.PreQualificationCommitteeManager, RoleNames.PreQualificationCommitteeSecretary
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
/// <summary>
///
/// </summary>
/// <param name="context"></param>
/// <param name="requirement"></param>
/// <returns></returns>
protected override async Task HandleRequirementAsync(
AuthorizationHandlerContext context,
PermissionRequirement requirement)
{
try
{
if (await _permissionChecker.CheckAsync(context.User, requirement.PermissionName))
{
context.Succeed(requirement);
}
}
catch (PermissionNotFondException)
{
context.Fail();
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
BlockUsersRequirement requirement)
{
if (context.User.Identity != null && context.User.Identity.Name != null &&
!requirement.BlockedUsers
.Any(user => user.Equals(context.User.Identity.Name,
StringComparison.OrdinalIgnoreCase)))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ApproveSupplierExtendOfferDatesRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.PurshaseSpecialist, RoleNames.DataEntry, RoleNames.PreQualificationCommitteeSecretary
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, ViewAddedValueRequirement requirement)
{
var userRoles = context.User.UserRoles();
List <string> accessedRoles = new List <string> {
RoleNames.ProductManager, RoleNames.ProductManagerDisplay
};
bool hasAccess = IdentityConfigs.CheckForUserNewRoles(userRoles, accessedRoles);
if (hasAccess)
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
context.Fail();
return(Task.CompletedTask);
}