public static void AssertAuthorized(this MockServer server, Controller controller,
Dictionary <string, string> parameters = null,
bool isSudo = false, Func <string, bool> isCreate = null)
{
var urlHelper = controller.Url;
var routeData = controller.RouteData;
var http = controller.HttpContext;
var auth = AuthContext.From(http);
var meth = http.Request.Method.ToUpper();
// Resolve the auth info based on the current token
// extracted from the current request in HttpContext
AuthInfo authInfo = null;
if (!string.IsNullOrEmpty(auth?.Token))
{
try { authInfo = server.GetToken(auth.Token).Result; } catch (Exception) {}
}
if (authInfo == null)
{
throw new System.Security.SecurityException("permission denied");
}
// Resolve the request-specific path, we
// need this first to help resolve cap next
var path = urlHelper.RouteUrl(routeData.Values);
path = PathMap <object> .NormalizePath(path);
// TODO: remove this hard-codedness
if (path.StartsWith("v1/"))
{
path = path.Substring(3);
}
// Resolve the capability
string cap;
if (meth == "DELETE")
{
cap = Capability.Delete;
}
else if (meth == "PUT" || meth == "POST")
{
cap = isCreate == null || !isCreate(path) ? Capability.Update : Capability.Create;
}
else if (meth == "LIST" || (meth == "GET" &&
http.Request.Query.ContainsKey(Util.HttpListAttribute.ListQuery)))
{
cap = Capability.List;
}
else if (meth == "GET")
{
cap = Capability.Read;
}
else
{
throw new InvalidOperationException("cannot decipher capability from method");
}
// Finally, assert the authorization based on all these derived elements
server.AssertAuthorized(cap, path, parameters, isSudo, authInfo.Policies);
}