protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
MarkSpecificMethodologyAsDraftRequirement requirement,
MethodologyVersion methodologyVersion)
{
// If the Methodology is already public, it cannot be marked as draft
if (await _methodologyVersionRepository.IsPubliclyAccessible(methodologyVersion.Id))
{
return;
}
if (SecurityUtils.HasClaim(context.User, MarkAllMethodologiesDraft))
{
context.Succeed(requirement);
return;
}
var owningPublication =
await _methodologyRepository.GetOwningPublication(methodologyVersion.MethodologyId);
// If the user is an Approver of the latest (Live or non-Live) Release for the owning Publication of
// this Methodology, they can mark it as draft.
if (await _userReleaseRoleRepository.IsUserApproverOnLatestRelease(
context.User.GetUserId(),
owningPublication.Id))
{
context.Succeed(requirement);
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
ApproveSpecificMethodologyRequirement requirement,
MethodologyVersion methodologyVersion)
{
// If the Methodology is already public, it cannot be approved
// An approved Methodology that isn't public can be approved to change attributes associated with approval
if (await _methodologyVersionRepository.IsPubliclyAccessible(methodologyVersion.Id))
{
return;
}
if (SecurityUtils.HasClaim(context.User, ApproveAllMethodologies))
{
context.Succeed(requirement);
return;
}
var owningPublication =
await _methodologyRepository.GetOwningPublication(methodologyVersion.MethodologyId);
// If the user is an Approver of the latest (Live or non-Live) Release for the owning Publication of
// this Methodology, they can approve it.
if (await _userReleaseRoleRepository.IsUserApproverOnLatestRelease(
context.User.GetUserId(),
owningPublication.Id))
{
context.Succeed(requirement);
}
}
