Ejemplo n.º 1
0
        /// <summary>
        /// Ensures that the user is authorized to read a single element and filters out any unauthorized content within the element.
        /// </summary>
        /// <typeparam name="T">The type of the content to be searched.</typeparam>
        /// <param name="content">The content being searched.</param>
        /// <param name="readAuthorizeObject">Executes read authorization methods against this type of object.</param>
        /// <param name="context">The Microsoft.AspNetCore.Mvc.Filters.ActionExecutedContext.</param>
        public static void Filter <T>(T content, IReadAuthorize <T> readAuthorizeObject, ActionExecutedContext context)
        {
            if (context == null)
            {
                throw new ArgumentNullException(nameof(context));
            }

            if (readAuthorizeObject == null)
            {
                throw new ArgumentNullException(nameof(readAuthorizeObject));
            }

            if (!readAuthorizeObject.CanRead(content))
            {
                context.Result = new UnauthorizedResult();
                return;
            }

            readAuthorizeObject.FilterUnauthorizedContent(content);
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Filters out any unauthorized content within the collection of elements.
        /// </summary>
        /// <typeparam name="T">The type of content to be searched.</typeparam>
        /// <param name="objects">The content collection being searched.</param>
        /// <param name="readAuthorizeObject">Executes read authorization methods against this type of object.</param>
        /// <param name="contextResult">The context result object that contains the content collection value to be filtered.</param>
        public static void FilterMany <T>(IEnumerable <T> objects, IReadAuthorize <T> readAuthorizeObject, ObjectResult contextResult)
        {
            if (contextResult == null)
            {
                throw new ArgumentNullException(nameof(contextResult));
            }

            if (readAuthorizeObject == null)
            {
                throw new ArgumentNullException(nameof(readAuthorizeObject));
            }

            var filteredObjects = objects.Where(readAuthorizeObject.CanRead).ToList();

            foreach (var @object in filteredObjects)
            {
                readAuthorizeObject.FilterUnauthorizedContent(@object);
            }

            contextResult.Value = filteredObjects;
        }
Ejemplo n.º 3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="ReadAuthorizeEvent"/> class.
 /// </summary>
 /// <param name="userAccessor">An instance of IUserAccessor to identify user access.</param>
 /// <param name="readAuthorizeMember">An instance of IReadAuthorize to perform deeper authorization against members being viewed within this event.</param>
 public ReadAuthorizeEvent(IUserAccessor userAccessor, IReadAuthorize <TMember> readAuthorizeMember)
 {
     UserAccessor        = userAccessor;
     ReadAuthorizeMember = readAuthorizeMember;
 }