protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
if (context.HasSucceeded)
{
// This handler is not revoking any pre-existing grants.
return;
}
// If we are not evaluating a ContentItem then return.
if (context.Resource == null)
{
return;
}
var contentItem = context.Resource as ContentItem;
Permission permission = null;
if (contentItem != null)
{
var ownerVariation = GetOwnerVariation(requirement.Permission);
if (OwnerVariationExists(requirement.Permission) && HasOwnership(context.User, contentItem))
{
permission = ownerVariation;
}
}
var contentTypePermission = ContentTypePermissionsHelper.ConvertToDynamicPermission(permission ?? requirement.Permission);
if (contentTypePermission != null)
{
// The resource can be a content type name
var contentType = contentItem != null
? contentItem.ContentType
: context.Resource.ToString()
;
if (!String.IsNullOrEmpty(contentType))
{
permission = ContentTypePermissionsHelper.CreateDynamicPermission(contentTypePermission, contentType);
}
}
if (permission == null)
{
return;
}
// Lazy load to prevent circular dependencies
_authorizationService ??= _serviceProvider.GetService <IAuthorizationService>();
if (await _authorizationService.AuthorizeAsync(context.User, permission))
{
context.Succeed(requirement);
}
}
public Task <IEnumerable <Permission> > GetPermissionsAsync()
{
// manage rights only for Securable types
var securableTypes = _contentDefinitionManager.ListTypeDefinitions()
.Where(ctd => ctd.GetSettings <ContentTypeSettings>().Securable);
var result = new List <Permission>();
foreach (var typeDefinition in securableTypes)
{
foreach (var permissionTemplate in ContentTypePermissionsHelper.PermissionTemplates.Values)
{
result.Add(ContentTypePermissionsHelper.CreateDynamicPermission(permissionTemplate, typeDefinition));
}
}
return(Task.FromResult(result.AsEnumerable()));
}
