public async Task <IActionResult> OrderMeal(string item, int amount)
{
var requirement = new MealRequirment
{
Amount = amount,
Item = item
};
var result = await _auth.AuthorizeAsync(User, null, requirement);
if (!result.Succeeded)
{
return(Forbid());
}
// or imperatively
var canDiscipline = await _client.HasPermissionAsync(User, "placeorder");
if (!canDiscipline)
{
return(Forbid());
}
return(View("Success"));
}
public async Task <IActionResult> PerformSurgery()
{
// or imperatively
var canPerformSurgery = await _client.HasPermissionAsync(User, "PerformSurgery");
return(View("success"));
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MealRequirment requirement)
{
var user = context.User;
if (await _client.HasPermissionAsync(user, "fillorder"))
{
var allowed = false;
// Limiting the amount of food peole can order.
if (requirement.Amount <= 10)
{
allowed = true;
}
// If the item is soda than the waitress or cook makes it.
else if (await _client.IsInRoleAsync(user, "waitress") && requirement.Item.Equals("soda"))
{
allowed = true;
}
else
{
allowed = await _client.IsInRoleAsync(user, "cook");
}
if (allowed)
{
context.Succeed(requirement);
}
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
TeamMembersRequirement requirement)
{
var user = context.User;
// supervisor has access to perform action over all records
if (await _client.IsInRoleAsync(user, "supervisor"))
{
context.Succeed(requirement);
return;
}
// we can also pass the permission as a parameter
if (await _client.HasPermissionAsync(user, "persons.read.team") == false)
{
return;
}
// here we can fetch the team for the logged user consumming a service
// for demo purposes we are fetching the team from user claims
var team = user.Claims.FirstOrDefault(x => x.Type == "teams")?.Value;
if (team == requirement.TeamName)
{
context.Succeed(requirement);
return;
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
if (await _client.HasPermissionAsync(context.User, requirement.Name))
{
context.Succeed(requirement);
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MealRequirment requirement)
{
var user = context.User;
if (await _client.HasPermissionAsync(user, "placeorder"))
{
var allowed = false;
// Limiting the amount of food peole can order.
if (requirement.Amount <= 10)
{
allowed = true;
}
else
{
allowed = (await _client.IsInRoleAsync(user, "customer") ||
await _client.IsInRoleAsync(user, "waitress") ||
await _client.IsInRoleAsync(user, "cook"));
}
if (allowed)
{
context.Succeed(requirement);
}
}
}
public async Task <IActionResult> Delte(string personId)
{
var canDeleteUser = await _client.HasPermissionAsync(User, "persons.delete");
if (!canDeleteUser)
{
return(Forbid());
}
return(View("success"));
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MedicationRequirement requirement)
{
var user = context.User; var allowed = false;
if (await _client.HasPermissionAsync(user, "PrescribeMedication"))
{
if (requirement.Amount <= 10)
{
allowed = true;
}
else
{
allowed = await _client.IsInRoleAsync(user, "doctor");
}
if (allowed || requirement.MedicationName == "placebo")
{
context.Succeed(requirement);
}
}
}
