protected override bool IsAuthorized(HttpActionContext context) { if (context == null) { throw new ArgumentException("HttpActionContext does not exist!"); } Identity = GetWebApiIdentity(context); if (Identity == null) { return(false); } return(Identity.Permissions.Contains(context.Request.Method == HttpMethod.Get ? ReadPermission : WritePermission)); }
static WebApiIdentityRepository() { FakeDataStore = new Dictionary <string, WebApiIdentity>(); FakeDataStore["readonly"] = new WebApiIdentity { Token = "readonly", AppIds = new HashSet <int>(new[] { 1, 2, 3 }), Permissions = new HashSet <Permission>(new[] { Permission.UsersRead, Permission.AppsRead }) }; FakeDataStore["writeonly"] = new WebApiIdentity { Token = "writeonly", AppIds = new HashSet <int>(new[] { 1, 2, 3 }), Permissions = new HashSet <Permission>(new[] { Permission.UsersWrite, Permission.AppsWrite }) }; FakeDataStore["admin"] = new WebApiIdentity { Token = "admin", AppIds = new HashSet <int>(new[] { 1, 2, 3 }), Permissions = new HashSet <Permission>(new[] { Permission.UsersWrite, Permission.UsersRead, Permission.AppsRead, Permission.AppsWrite }) }; }