protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
OperationRequirement requirement, Mod resource)
{
if (CheckSuperUser(context, requirement))
{
return;
}
var methodInfo = GetHandler(requirement);
if (methodInfo == null)
{
return;
}
var userId = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
var membership =
await _dbContext.OrgMembers.SingleOrDefaultAsync(
m => m.OrgId == resource.OwnerId && m.User.Id == userId);
var authorized = (bool)methodInfo.Invoke(null, new object[] { membership });
if (authorized)
{
context.Succeed(requirement);
}
}
protected MethodInfo GetHandler(OperationRequirement requirement)
{
var name = $"{requirement.Operation.ToString()}Op";
var type = GetType();
return(type.GetMethod(name, BindingFlags.Public | BindingFlags.NonPublic | BindingFlags.Static));
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
OperationRequirement requirement,
Org resource)
{
_logger.LogDebug($"Handling OperationRequirement: {requirement.Operation.ToString()}");
if (CheckSuperUser(context, requirement))
{
return(Task.CompletedTask);
}
var userId = context.User.FindFirstValue(ClaimTypes.NameIdentifier);
var membership = _dbContext.OrgMembers.SingleOrDefault(m => m.Org == resource && m.User.Id == userId);
var methodInfo = GetHandler(requirement);
if (methodInfo != null)
{
var authorized = (bool)methodInfo.Invoke(null, new object[] { membership });
if (authorized)
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
protected bool CheckSuperUser(AuthorizationHandlerContext context, OperationRequirement requirement)
{
if (!context.User.IsInRole(UserRoles.Admin.ToString()))
{
return(false);
}
context.Succeed(requirement);
return(true);
}