public async Task <AuthorizationResult> AuthorizeAsync(PingCommand instance, CancellationToken cancellation = default)
{
return(instance.PingName == "T" ?
await Task.FromResult(AuthorizationResult.Succeed())
:
await Task.FromResult(AuthorizationResult.Fail(":(")));
}
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public override async Task <AuthorizationResult> CanCreateAsync(MockEntity entity, IContextInfo ctx)
{
if (entity.IsValid)
{
return(AuthorizationResult.Success());
}
return(AuthorizationResult.Fail("The entity is not valid :( ", entity));
}
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously
public override async Task <AuthorizationResult> CanModifyAsync(MockEntity originalEntity, MockEntity modifiedEntity, IContextInfo ctx)
{
if (modifiedEntity.IsValid)
{
return(AuthorizationResult.Success());
}
return(AuthorizationResult.Fail("The entity is not valid :( ", modifiedEntity));
}
public async Task <AuthorizationResult> Handle(AssignedToProjectRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
if (projectId == null)
{
var step = new Step();
if (requirement.StepId != null)
{
step = await _context.Steps.FindAsync(requirement.StepId);
}
else if (requirement.TaskId != null)
{
var task = await _context.Tasks.Include(t => t.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);
step = task?.Step;
}
else if (requirement.SubtaskId != null)
{
var subTask = await _context.Subtasks.Include(s => s.Task)
.Include(s => s.Task.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.SubtaskId, cancellationToken);
step = subTask?.Task.Step;
}
else
{
throw new Exception();
}
if (step == null)
{
return(AuthorizationResult.Fail("Can not access"));
}
projectId = step.ProjectId;
}
var assignment = await _context.ProjectAssignments
.FirstOrDefaultAsync(a => a.User.ApplicationUserId == userId && a.ProjectId == projectId, cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Can not access"));
}
public async Task <AuthorizationResult> Handle(DeleteOrderRequirement request, CancellationToken cancellationToken)
{
var userId = request.UserId;
// logic
var canDeleteOrder = false;
if (canDeleteOrder != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("You don't have a subscription to this course."));
}
public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
if (feature.IsIn("Accounts"))
{
return(Task.FromResult(AuthorizationResult.Succeed()));
}
if (_userSession.IsAnonymous)
{
return(Task.FromResult(AuthorizationResult.Fail("Authentication is required")));
}
return(Task.FromResult(AuthorizationResult.Succeed()));
}
public async Task <AuthorizationResult> AuthorizeAsync(TreeOperationCommandBase <TResponse> instance, CancellationToken cancellation = default)
{
var connection = _sqlConnectionFactory.GetOpenConnection();
const string sql =
"SELECT TOP 1 1 FROM [trees].[TreeUserProfile] tup " +
"JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
"WHERE tup.[TreeId] = @ownedTree AND up.[UserAuthId] = @treeOwner";
var owns = await connection.QueryFirstOrDefaultAsync <int?>(sql,
new { ownedTree = instance.TreeId.Value, treeOwner = instance.RequesterUserAuthId });
return(owns.HasValue
? AuthorizationResult.Succeed()
: AuthorizationResult.Fail("User is not owner of this tree"));
}
public async Task <AuthorizationResult> Handle(AssignedToTaskRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var taskId = requirement.TaskId;
var assignment = await _context.TaskAssignments
.FirstOrDefaultAsync(a => a.Id == taskId && a.User.ApplicationUserId == userId, cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Can not access task"));
}
public async Task <AuthorizationResult> Handle(ProjectAuthorRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
var project = await _context.Projects
.FirstOrDefaultAsync(p => p.Id == projectId && p.CreatedBy == userId);
if (project != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Action not allowed"));
}
public static AuthorizationResult CreateAggregateResult(this IEnumerable <AuthorizationResult> results)
{
var resultList = results.ToList();
if (resultList.Any(a => !a.HasSucceed))
{
var failResult = AuthorizationResult.Fail <object>("", null);
failResult.InnerResult.AddRange(resultList);
return(failResult);
}
var successResult = AuthorizationResult.Success();
successResult.InnerResult.AddRange(resultList);
return(successResult);
}
public async Task <AuthorizationResult> AuthorizeAsync(MergeTreesCommand instance,
CancellationToken cancellation = default)
{
var connection = _sqlConnectionFactory.GetOpenConnection();
const string sql =
"SELECT TOP 2 1 FROM [trees].[TreeUserProfile] tup " +
"JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
"WHERE (tup.[TreeId] = @firstTree OR tup.[TreeId] = @secondTree) AND up.[UserAuthId] = @treeOwner";
var ownsFirst = await connection.QueryAsync <int>(sql,
new { firstTree = instance.First.Value, secondTree = instance.Second.Value, treeOwner = instance.RequesterUserAuthId });
return(ownsFirst?.Count() > 1
? AuthorizationResult.Succeed()
: AuthorizationResult.Fail("User is not owner of this tree"));
}
public async Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
if (feature.IsIn("Admin"))
{
if (_userSession.IsAnonymous || (await _userSession.User())?.IsAdmin == false)
{
return(AuthorizationResult.Fail("Unauthorized access"));
}
}
if (feature.Implements <IMustBeAuthenticated>() && _userSession.IsAnonymous)
{
return(AuthorizationResult.Fail("Authentication is required"));
}
return(AuthorizationResult.Succeed());
}
public async Task <AuthorizationResult> AuthorizeEntityChangeAsync(IIdentity user, DbEntityEntry ent)
{
if (ent.State == EntityState.Unchanged || ent.State == EntityState.Detached)
{
return(AuthorizationResult.Success());
}
if (ent.Entity is T)
{
var casted = ent.Cast <T>();
switch (ent.State)
{
case EntityState.Added:
var interpreted = Interpret.BeforeCreate(casted.Entity, GetContextInfo(user));
return((await Authorize.CreateAsync(interpreted, GetContextInfo(user))).CreateAggregateResult());
case EntityState.Modified:
var original = CreateWithValues(casted.OriginalValues);
var modified = CreateWithValues(casted.CurrentValues);
var modifiedInterpreted =
Interpret.BeforeModify((T)original, (T)modified, GetContextInfo(user));
foreach (var field in ent.CurrentValues.PropertyNames)
{
ent.CurrentValues[field] = modifiedInterpreted.GetType().GetProperty(field)
.GetValue(modifiedInterpreted, null);
}
return((await Authorize.ModifyAsync((T)original, modifiedInterpreted, GetContextInfo(user)))
.CreateAggregateResult());
case EntityState.Deleted:
return((await Authorize.RemoveAsync(
(T)CreateWithValues(casted.OriginalValues, casted.Entity.GetType()),
GetContextInfo(user)))
.CreateAggregateResult());
default:
return(AuthorizationResult.Fail("The entity state is invalid", casted.Entity));
}
}
else
{
return(await GetChildRepositoryFor(ent).AuthorizeEntityChangeAsync(user, ent));
}
}
public async Task <AuthorizationResult> Handle(SuperMemberRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
if (projectId == null)
{
var step = new Step();
if (requirement.StepId != null)
{
step = await _context.Steps.FindAsync(requirement.StepId);
}
else if (requirement.TaskId != null)
{
var task = await _context.Tasks.Include(t => t.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);
step = task?.Step;
}
else
{
throw new Exception();
}
if (step == null)
{
return(AuthorizationResult.Fail("Action not allowed"));
}
projectId = step.ProjectId;
}
var assignment = await _context.ProjectAssignments
.FirstOrDefaultAsync(a =>
a.ProjectId == projectId && a.User.ApplicationUserId == userId && a.ProjectRole == ProjectRole.SuperMember.ToString(), cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Action not allowed"));
}
public async Task <AuthorizationResult> Evaluate(ClaimsPrincipal principal, object userContext, IDictionary <string, object> arguments, IEnumerable <string> requiredPolicies)
{
var cxt = userContext as GraphQLUserContext;
ClaimsPrincipal claimsPrincipal = _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? _httpContextAccessor.HttpContext.User : null;
if (claimsPrincipal == null)
{
var response = await _httpContextAccessor.HttpContext.AuthenticateAsync();
if (response.Succeeded)
{
claimsPrincipal = response.Principal;
_httpContextAccessor.HttpContext.User = response.Principal;
}
else
{
return(AuthorizationResult.Fail(new[] { "request authorization failed" }));
}
}
var context = new AuthorizationContext();
context.User = claimsPrincipal;
context.UserContext = userContext;
context.InputVariables = arguments;
var authPolicies = _authorizationSettings.GetPolicies(requiredPolicies);
var tasks = new List <Task>();
authPolicies.Apply(p =>
{
p.Requirements.Apply(r =>
{
var task = r.Authorize(context);
tasks.Add(task);
});
});
await Task.WhenAll(tasks.ToArray());
return(!context.HasErrors
? AuthorizationResult.Success()
: AuthorizationResult.Fail(context.Errors));
}
public override async Task <AuthorizationResult> CanModifyAsync(IMockEntity originalEntity, IMockEntity modifiedEntity, IContextInfo ctx)
{
return(modifiedEntity.IsValid ? AuthorizationResult.Success() : AuthorizationResult.Fail("Not valid!", modifiedEntity));
}
public override async Task <AuthorizationResult> CanRemoveAsync(IMockEntity entity, IContextInfo ctx)
{
return(entity.IsValid ? AuthorizationResult.Success() : AuthorizationResult.Fail("Not valid!", entity));
}
