public async Task <object> Post(AssignRoles request)
{
if (!Request.IsInProcessRequest())
{
await RequiredRoleAttribute.AssertRequiredRoleAsync(Request, RoleNames.Admin);
}
if (string.IsNullOrEmpty(request.UserName))
{
throw new ArgumentNullException(nameof(request.UserName));
}
var userAuth = await AuthRepositoryAsync.GetUserAuthByUserNameAsync(request.UserName).ConfigAwait();
if (userAuth == null)
{
throw HttpError.NotFound(request.UserName);
}
await AuthRepositoryAsync.AssignRolesAsync(userAuth, request.Roles, request.Permissions).ConfigAwait();
return(new AssignRolesResponse
{
AllRoles = (await AuthRepositoryAsync.GetRolesAsync(userAuth).ConfigAwait()).ToList(),
AllPermissions = (await AuthRepositoryAsync.GetPermissionsAsync(userAuth).ConfigAwait()).ToList(),
});
}
public static async Task AssertAccessRoleAsync(IRequest req, string accessRole = null, string authSecret = null, CancellationToken token = default)
{
if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret)
{
await RequiredRoleAttribute.AssertRequiredRoleAsync(req, accessRole, token);
}
}
public async Task Does_validate_AssertRequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var request = registrationService.Request;
HostContext.Container.Register(userAuth);
await RequiredRoleAttribute.AssertRequiredRoleAsync(request, RoleNames.Admin);
Assert.That(!request.Response.IsClosed);
}
