public async Task <bool> IsAuthorizedAsync(Operation operation, IRequest req, IAuthSession session)
{
if (HostContext.HasValidAuthSecret(req))
{
return(true);
}
if (operation.RequiresAuthentication && !session.IsAuthenticated)
{
return(false);
}
var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req);
#if NET472 || NETCORE
await using (authRepo as IAsyncDisposable)
#else
using (authRepo as IDisposable)
#endif
{
var allRoles = await session.GetRolesAsync(authRepo).ConfigAwait();
if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains))
{
return(false);
}
var allPerms = await session.GetPermissionsAsync(authRepo).ConfigAwait();
if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains))
{
return(false);
}
if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains))
{
return(false);
}
if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains))
{
return(false);
}
return(true);
}
}
