private async Task <bool> CanUserSeeAllCourseGroupsAsync(ClaimsPrincipal user, string courseId)
{
var userId = user.GetUserId();
var canViewAllGroupMembersGlobal = await systemAccessesRepo.HasSystemAccessAsync(userId, SystemAccessType.ViewAllGroupMembers).ConfigureAwait(false);
var canViewAllGroupMembersInCourse = await coursesRepo.HasCourseAccessAsync(userId, courseId, CourseAccessType.ViewAllGroupMembers).ConfigureAwait(false);
return(user.HasAccessFor(courseId, CourseRole.CourseAdmin) || canViewAllGroupMembersGlobal || canViewAllGroupMembersInCourse);
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CourseAccessRequirement requirement)
{
/* Get MVC context. See https://docs.microsoft.com/en-US/aspnet/core/security/authorization/policies#accessing-mvc-request-context-in-handlers */
if (!(context.Resource is AuthorizationFilterContext mvcContext))
{
logger.Error("Can't get MVC context in CourseRoleAuthenticationHandler");
context.Fail();
return;
}
var routeData = mvcContext.RouteData;
if (!(routeData.Values["courseId"] is string courseId))
{
logger.Error("Can't find `courseId` parameter in route data for checking course access requirement.");
context.Fail();
return;
}
if (context.User.IsSystemAdministrator())
{
context.Succeed(requirement);
return;
}
var userId = context.User.GetUserId();
var isCourseAdmin = await userRolesRepo.HasUserAccessToCourseAsync(userId, courseId, CourseRole.CourseAdmin);
if (isCourseAdmin || await coursesRepo.HasCourseAccessAsync(userId, courseId, requirement.CourseAccessType))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}