internal static bool CanAccessResourceCore(PermissionContext permissionContext)
{
var user = permissionContext.User;
var controller = permissionContext.ControllerContext.Controller;
if (controller is PracticeController)
{
var practiceController = controller as PracticeController;
var isSelf = practiceController.IsSelfUser(user);
return isSelf;
}
return false;
}
protected override void OnDeniedPermissionPrompt(PermissionContext context)
{
context.Result = _deniedPermissionPromptHookResult;
}
protected override void OnPermissionPrompt(PermissionContext context)
{
context.Result = _promptPermissionHookResult;
}
protected override void OnCannotCreateCookies(PermissionContext context)
{
context.Result = _cannotCreateCookieResult;
}
protected override void OnDeniedPermissionPrompt(PermissionContext context)
{
DeniedPermissionPromptHookTriggered = true;
base.OnDeniedPermissionPrompt(context);
}
protected override void OnCannotCreateCookies(PermissionContext context)
{
CannotCreateCookiesHookTriggered = true;
base.OnCannotCreateCookies(context);
}
protected override void OnDeniedPermissionPrompt(PermissionContext context)
{
context.Result = null;
}
private void PromptMissingPermissions(PermissionContext permissionContext, string redirectUrl)
{
AuthorizationContext filterContext = permissionContext.FilterContext;
HashSet<string> requiredPermissions = permissionContext.RequiredPermissions;
// If there were no errors it means that we will be prompted with a permission prompt.
// Therefore, invoke the permission prompt hooks and navigate to the prompt.
IEnumerable<string> declinedPermissions = permissionContext.DeclinedPermissions;
IEnumerable<string> skippedPermissions = permissionContext.SkippedPermissions;
IEnumerable<string> missingPermissions = permissionContext.MissingPermissions;
// Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check
// them against the current pages permissions, this will determine if we should invoke the denied permission hook.
bool deniedPermissions = missingPermissions.Where(
permission => declinedPermissions.Contains(permission) ||
skippedPermissions.Contains(permission)).Any();
permissionContext.RedirectUrl = redirectUrl;
// See if our persisted permissions cookie doesn't exist and if we've had missing permissions before.
// Essentially this checks to see if we've tried to persist permissions before and were unsuccessful due to an
// inability to create cookies.
if (!PermissionHelper.RequestedPermissionsCookieExists(filterContext.HttpContext.Request) &&
filterContext.HttpContext.Request.QueryString.Get(MissingPermissionsQueryName) != null)
{
OnCannotCreateCookies(permissionContext);
}
else
{
// The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
// It is attempted instead of the permission hook to allow app creators to handle situations when a user
// skip's or revokes previously prompted permissions. Ex: redirect to a different page.
if (deniedPermissions)
{
OnDeniedPermissionPrompt(permissionContext);
}
else
{
OnPermissionPrompt(permissionContext);
}
// We persist the requested permissions in a cookie to know if a permission was denied in any way.
// The persisted data allows us to detect skipping of permissions.
PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);
}
filterContext.Result = permissionContext.Result;
}
public virtual void OnAuthorization(AuthorizationContext filterContext)
{
if (filterContext == null)
{
throw new ArgumentNullException("filterContext");
}
IEnumerable<FacebookAuthorizeAttribute> authorizeAttributes = filterContext.ActionDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true)
.Union(filterContext.ActionDescriptor.ControllerDescriptor
.GetCustomAttributes(typeof(FacebookAuthorizeAttribute), inherit: true))
.OfType<FacebookAuthorizeAttribute>();
if (!authorizeAttributes.Any())
{
return;
}
FacebookClient client = _config.ClientProvider.CreateClient();
HttpRequestBase request = filterContext.HttpContext.Request;
dynamic signedRequest = FacebookRequestHelpers.GetSignedRequest(
filterContext.HttpContext,
rawSignedRequest =>
{
return client.ParseSignedRequest(rawSignedRequest);
});
string userId = null;
string accessToken = null;
if (signedRequest != null)
{
userId = signedRequest.user_id;
accessToken = signedRequest.oauth_token;
}
NameValueCollection parsedQueries = HttpUtility.ParseQueryString(request.Url.Query);
HashSet<string> requiredPermissions = PermissionHelper.GetRequiredPermissions(authorizeAttributes);
bool handleError = !String.IsNullOrEmpty(parsedQueries["error"]);
// This must occur AFTER the handleError calculation because it modifies the parsed queries.
string redirectUrl = GetRedirectUrl(request, parsedQueries);
// Check if there was an error and we should handle it.
if (handleError)
{
Uri errorUrl;
if (String.IsNullOrEmpty(_config.AuthorizationRedirectPath))
{
errorUrl = DefaultAuthorizationRedirectUrl;
}
else
{
errorUrl = GetErroredAuthorizeUri(redirectUrl, requiredPermissions);
}
filterContext.Result = CreateRedirectResult(errorUrl);
// There was an error so short circuit
return;
}
FacebookContext facebookContext = new FacebookContext
{
Client = client,
SignedRequest = signedRequest,
AccessToken = accessToken,
UserId = userId,
Configuration = _config
};
PermissionContext permissionContext = new PermissionContext
{
FacebookContext = facebookContext,
FilterContext = filterContext,
RequiredPermissions = requiredPermissions,
};
// Check if we need to prompt for default permissions.
if (signedRequest == null || String.IsNullOrEmpty(userId) || String.IsNullOrEmpty(accessToken))
{
PromptDefaultPermissions(permissionContext, redirectUrl);
}
else if (requiredPermissions.Any())
{
PermissionsStatus currentPermissionsStatus = _config.PermissionService.GetUserPermissionsStatus(userId, accessToken);
// Instead of performing another request to gather "granted" permissions just parse the status
IEnumerable<string> currentPermissions = PermissionHelper.GetGrantedPermissions(currentPermissionsStatus);
IEnumerable<string> missingPermissions = requiredPermissions.Except(currentPermissions);
// If we have missing permissions than we need to present a prompt or redirect to an error
// page if there's an error.
if (missingPermissions.Any())
{
permissionContext.MissingPermissions = missingPermissions;
permissionContext.DeclinedPermissions = PermissionHelper.GetDeclinedPermissions(currentPermissionsStatus);
permissionContext.SkippedPermissions = PermissionHelper.GetSkippedPermissions(
filterContext.HttpContext.Request,
missingPermissions,
permissionContext.DeclinedPermissions);
PromptMissingPermissions(permissionContext, redirectUrl);
}
}
}
private void PromptMissingPermissions(PermissionContext permissionContext, string redirectUrl)
{
AuthorizationContext filterContext = permissionContext.FilterContext;
HashSet<string> requiredPermissions = permissionContext.RequiredPermissions;
// If there were no errors it means that we will be prompted with a permission prompt.
// Therefore, invoke the permission prompt hooks and navigate to the prompt.
IEnumerable<string> declinedPermissions = permissionContext.DeclinedPermissions;
IEnumerable<string> skippedPermissions = permissionContext.SkippedPermissions;
IEnumerable<string> missingPermissions = permissionContext.MissingPermissions;
// Declined permissions and skipped permissions can persist through multiple pages. So we need to cross check
// them against the current pages permissions, this will determine if we should invoke the denied permission hook.
bool deniedPermissions = missingPermissions.Where(
permission => declinedPermissions.Contains(permission) ||
skippedPermissions.Contains(permission)).Any();
permissionContext.RedirectUrl = redirectUrl;
// The DeniedPermissionPromptHook will only be invoked if we detect there are denied permissions.
// It is attempted instead of the permission hook to allow app creators to handle situations when a user
// skip's or revokes previously prompted permissions. Ex: redirect to a different page.
if (deniedPermissions)
{
OnDeniedPermissionPrompt(permissionContext);
}
else
{
OnPermissionPrompt(permissionContext);
}
// We persist the requested permissions in a cookie to know if a permission was denied in any way.
// The persisted data allows us to detect skipping of permissions.
PermissionHelper.PersistRequestedPermissions(filterContext, requiredPermissions);
filterContext.Result = permissionContext.Result;
}
private void PromptDefaultPermissions(PermissionContext permissionContext, string redirectUrl)
{
FacebookClient client = permissionContext.FacebookContext.Client;
// Cannot obtain user information from signed_request, redirect to Facebook OAuth dialog.
Uri navigationUrl = client.GetLoginUrl(redirectUrl,
_config.AppId,
permissions: null);
permissionContext.FilterContext.Result = CreateRedirectResult(navigationUrl);
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> prior to a permission prompt that is requesting permissions that have
/// not been requested before. Set the <paramref name="context"/>'s Result property to modify login flow.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
protected virtual void OnPermissionPrompt(PermissionContext context)
{
context.Result = ShowPrompt(context);
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> when a prompt requests permissions that were skipped or revoked.
/// Set the <paramref name="context"/>'s Result property to modify login flow.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
protected virtual void OnDeniedPermissionPrompt(PermissionContext context)
{
}
/// <summary>
/// Returns an <see cref="ActionResult"/> that indicates we want to show a permission prompt. Should only be used as a
/// return value within the <see cref="OnPermissionPrompt"/> and <see cref="OnDeniedPermissionPrompt"/> methods.
/// </summary>
/// <returns>An <see cref="ActionResult"/> that indicates that we want to show a permission prompt.</returns>
protected ShowPromptResult ShowPrompt(PermissionContext context)
{
FacebookClient client = context.FacebookContext.Client;
Uri navigationUrl = client.GetLoginUrl(context.RedirectUrl,
_config.AppId,
permissions: String.Join(",", context.RequiredPermissions));
return new ShowPromptResult(navigationUrl);
}
public override bool CanAccessResource(PermissionContext permissionContext)
{
return SelfPermissionAttribute.CanAccessResourceCore(permissionContext)
|| base.CanAccessResource(permissionContext);
}
public override bool CanAccessResource(PermissionContext permissionContext)
{
var user = permissionContext.User;
return user.IsOwner;
}
public override bool CanAccessResource(PermissionContext permissionContext)
{
return CanAccessResourceCore(permissionContext);
}
/// <summary>
/// Invoked during <see cref="OnAuthorization"/> after determining that cookies cannot be created. Default behavior
/// redirects to a no cookies error page.
/// </summary>
/// <param name="context">Provides access to permission information associated with the user.</param>
protected virtual void OnCannotCreateCookies(PermissionContext context)
{
Uri redirectPath;
if (String.IsNullOrEmpty(_config.CannotCreateCookieRedirectPath))
{
redirectPath = DefaultCannotCreateCookiesRedirectPath;
}
else
{
redirectPath = GetCannotCreateCookiesUri();
}
context.Result = CreateRedirectResult(redirectPath);
}
