public async Task <PolicyResult> Authorize(PostAlterCommand action)
{
// Check if user owns Post
if (await postService.IsOwner(action.PostId, action.User.Username))
{
return(PolicyResult.Authorized());
}
// Is the user an admin?
if (await roleService.IsUserAdmin(action.User.Username))
{
return(PolicyResult.Authorized());
}
// Is the user a moderator?
Space?space = await spaceService.FindByPost(action.PostId);
if (space == null)
{
throw new InvalidOperationException();
}
if (await roleService.IsUserModerator(action.User.Username, space.Name))
{
return(PolicyResult.Authorized());
}
return(PolicyResult.Unauthorized());
}