protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MealRequirment requirement) { var user = context.User; if (await _client.HasPermissionAsync(user, "placeorder")) { var allowed = false; // Limiting the amount of food peole can order. if (requirement.Amount <= 10) { allowed = true; } else { allowed = (await _client.IsInRoleAsync(user, "customer") || await _client.IsInRoleAsync(user, "waitress") || await _client.IsInRoleAsync(user, "cook")); } if (allowed) { context.Succeed(requirement); } } }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MealRequirment requirement) { var user = context.User; if (await _client.HasPermissionAsync(user, "fillorder")) { var allowed = false; // Limiting the amount of food peole can order. if (requirement.Amount <= 10) { allowed = true; } // If the item is soda than the waitress or cook makes it. else if (await _client.IsInRoleAsync(user, "waitress") && requirement.Item.Equals("soda")) { allowed = true; } else { allowed = await _client.IsInRoleAsync(user, "cook"); } if (allowed) { context.Succeed(requirement); } } }
public async Task <IActionResult> CookOnly() { // You can also use the IPolicyServerClient for the current authencated user to see if they // have the role in question. This is the same as doing [Authorize(Roles = "cook")] var isCook = await _client.IsInRoleAsync(User, "cook"); if (!isCook) { return(Forbid()); } return(View("Success")); }
public async Task <IActionResult> NursesOnly() { // can also use the client library imperatively var isNurse = await _client.IsInRoleAsync(User, "nurse"); return(View("success")); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, TeamMembersRequirement requirement) { var user = context.User; // supervisor has access to perform action over all records if (await _client.IsInRoleAsync(user, "supervisor")) { context.Succeed(requirement); return; } // we can also pass the permission as a parameter if (await _client.HasPermissionAsync(user, "persons.read.team") == false) { return; } // here we can fetch the team for the logged user consumming a service // for demo purposes we are fetching the team from user claims var team = user.Claims.FirstOrDefault(x => x.Type == "teams")?.Value; if (team == requirement.TeamName) { context.Succeed(requirement); return; } }
public async Task <IActionResult> Write(string personId) { // check by role if (await _client.IsInRoleAsync(User, "supervisor")) { return(View("success")); } // checks if the requested user is the same than the logged user var currentUserRequirement = new CurrentUserRequirement { UserId = personId }; var currentUserAllowed = await _authz.AuthorizeAsync(User, null, currentUserRequirement); if (currentUserAllowed.Succeeded) { return(View("success")); } var teamRequirement = new TeamMembersRequirement { TeamName = "teamOne" }; var teamAllowed = await _authz.AuthorizeAsync(User, null, teamRequirement); if (!teamAllowed.Succeeded) { return(Forbid()); } return(View("success")); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, SameLocationRequirement requirement) { var user = context.User; // supervisor has access to perform action over all records if (await _client.IsInRoleAsync(user, "supervisor")) { context.Succeed(requirement); return; } //only managers are allowed if (await _client.IsInRoleAsync(user, "manager") == false) { return; } if (user.HasClaim(x => x.Type == "location" && x.Value.Contains(requirement.Location))) { context.Succeed(requirement); return; } }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CurrentUserRequirement requirement) { var user = context.User; // supervisor has access to perform action over all users if (await _client.IsInRoleAsync(user, "supervisor")) { context.Succeed(requirement); return; } var userId = user.Claims.FirstOrDefault(x => x.Type == "sub").Value; // checks if the user is trying to access to his own data if (userId == requirement.UserId) { context.Succeed(requirement); return; } }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, MedicationRequirement requirement) { var user = context.User; var allowed = false; if (await _client.HasPermissionAsync(user, "PrescribeMedication")) { if (requirement.Amount <= 10) { allowed = true; } else { allowed = await _client.IsInRoleAsync(user, "doctor"); } if (allowed || requirement.MedicationName == "placebo") { context.Succeed(requirement); } } }