public async Task <IActionResult> Write(string personId) { // check by role if (await _client.IsInRoleAsync(User, "supervisor")) { return(View("success")); } // checks if the requested user is the same than the logged user var currentUserRequirement = new CurrentUserRequirement { UserId = personId }; var currentUserAllowed = await _authz.AuthorizeAsync(User, null, currentUserRequirement); if (currentUserAllowed.Succeeded) { return(View("success")); } var teamRequirement = new TeamMembersRequirement { TeamName = "teamOne" }; var teamAllowed = await _authz.AuthorizeAsync(User, null, teamRequirement); if (!teamAllowed.Succeeded) { return(Forbid()); } return(View("success")); }
public async Task <IActionResult> Get(string personId) { // checks if the requested user is the same than the logged user var currentUserRequirement = new CurrentUserRequirement { UserId = personId }; var currentUserAllowed = await _authz.AuthorizeAsync(User, null, currentUserRequirement); if (currentUserAllowed.Succeeded) { return(View("success")); } // checks if the loggued user has the same location than the requested user. // here we could fetch the location for the persionId and for logged user. var sameLocationRequirement = new SameLocationRequirement { Location = "desMoines" }; var sameLocationAllowed = await _authz.AuthorizeAsync(User, null, sameLocationRequirement); if (sameLocationAllowed.Succeeded) { return(View("success")); } return(Forbid()); }