internal static bool HasAnyRoles(this IAuthSession session, ICollection <string> roles,
IAuthRepository authRepo, IRequest req)
{
var userRoles = session.GetRoles(authRepo);
if (userRoles.Contains(RoleNames.Admin) || roles.Any(userRoles.Contains))
{
return(true);
}
session.UpdateFromUserAuthRepo(req, authRepo);
userRoles = session.GetRoles(authRepo);
if (userRoles.Contains(RoleNames.Admin) || roles.Any(userRoles.Contains))
{
req.SaveSession(session);
return(true);
}
return(false);
}
public bool IsAuthorized(Operation operation, IRequest req, IAuthSession session)
{
if (HostContext.HasValidAuthSecret(req))
{
return(true);
}
if (operation.RequiresAuthentication && !session.IsAuthenticated)
{
return(false);
}
var authRepo = HostContext.AppHost.GetAuthRepository(req);
using (authRepo as IDisposable)
{
var allRoles = session.GetRoles(authRepo);
if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains))
{
return(false);
}
var allPerms = session.GetPermissions(authRepo);
if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains))
{
return(false);
}
if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains))
{
return(false);
}
if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains))
{
return(false);
}
return(true);
}
}