private static void ApplyRestrictions(IScopesEvaluator handler, HttpContext context)
{
var requirement = new ODataAuthorizationScopesRequirement(handler);
var policy = new AuthorizationPolicyBuilder().AddRequirements(requirement).Build();
// We use the AuthorizeFilter instead of relying on the built-in authorization middleware
// because we cannot add new metadata to the endpoint in the middle of a request
// and OData's current implementation of endpoint routing does not allow for
// adding metadata to individual routes ahead of time
var authFilter = new AuthorizeFilter(policy);
context.ODataFeature().ActionDescriptor?.FilterDescriptors?.Add(new FilterDescriptor(authFilter, 0));
}
public void Add(IScopesEvaluator evaluator)
{
Evaluators.Add(evaluator);
}
/// <summary>
/// Creates an instance of <see cref="ODataAuthorizationScopesRequirement"/>.
/// </summary>
/// <param name="allowedScopes">The scopes required to authorize a request where this requirement is applied.</param>
public ODataAuthorizationScopesRequirement(IScopesEvaluator permissionHandler)
{
PermissionHandler = permissionHandler;
}
