public static Task<bool> CheckAccessAsync(this HttpContextBase httpContext, IEnumerable<Claim> actions, IEnumerable<Claim> resources)
{
var cp = httpContext.User as ClaimsPrincipal;
var authorizationContext = new ResourceAuthorizationContext(
cp ?? Principal.Anonymous,
actions,
resources);
return httpContext.CheckAccessAsync(authorizationContext);
}
public void Authenticated_Admin_Can_Edit_Album()
{
var ctx = new ResourceAuthorizationContext(User("test", "Admin"),
ChinookResources.AlbumActions.Edit,
ChinookResources.Album);
Assert.IsTrue(subject.CheckAccessAsync(ctx).Result);
}
public void Authenticated_NonAdmin_Cannot_Edit_Track()
{
var ctx = new ResourceAuthorizationContext(User("test"),
ChinookResources.TrackActions.Edit,
ChinookResources.Track);
Assert.IsFalse(subject.CheckAccessAsync(ctx).Result);
}
public void Anonymous_Cannot_Access_Track()
{
var ctx = new ResourceAuthorizationContext(Anonymous,
ChinookResources.TrackActions.Edit,
ChinookResources.Track);
Assert.IsFalse(subject.CheckAccessAsync(ctx).Result);
}
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
return this.Eval(
this.currentPolicies.ContainsPolicy(
context.Resource.First().Value,
context.Action.First().Value,
context.Principal.Claims.Where(x => x.Type.Equals(ClaimTypes.Role)).Select(x => x.Value).ToList()));
}
Task<bool> AuthorizeValues(ResourceAuthorizationContext context)
{
switch (context.Action.First().Value) {
case "read":
return Eval(context.Principal.HasClaim("role", "api-read"));
default:
return Nok();
}
}
public Task<bool> CheckCartoonAccess(ResourceAuthorizationContext context)
{
if (!context.Principal.Identity.IsAuthenticated)
{
return Nok();
}
return Ok();
}
public static Task<bool> CheckAccessAsync(this HttpRequestMessage request, IEnumerable<Claim> actions, IEnumerable<Claim> resources)
{
var authorizationContext = new ResourceAuthorizationContext(
request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
actions,
resources);
return request.CheckAccessAsync(authorizationContext);
}
public static Task<bool> CheckAccessAsync(this HttpRequestMessage request, string action, params string[] resources)
{
var authorizationContext = new ResourceAuthorizationContext(
request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
action,
resources);
return request.CheckAccessAsync(authorizationContext);
}
public static Task<bool> CheckAccessAsync(this HttpRequestMessage request, string action, params string[] resources)
{
var user = request.GetRequestContext().Principal as ClaimsPrincipal;
user = user ?? Principal.Anonymous;
var ctx = new ResourceAuthorizationContext(user, action, resources);
return request.CheckAccessAsync(ctx);
}
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
switch (context.Resource.First().Value) {
case "claims":
return AuthorizeValues(context);
default:
return Nok();
}
}
private Task<bool> CheckInformationAccess(ResourceAuthorizationContext context)
{
if (context.Principal.IsInRole("admin"))
{
return Ok();
}
return Nok();
}
private Task<bool> CheckAlbumEditAccessByIdAsync(ResourceAuthorizationContext context)
{
var id = context.Resource.Skip(1).Take(1).Single().Value;
if (id == "1")
{
return Eval("bob".Equals(context.Principal.Identity.Name, StringComparison.OrdinalIgnoreCase));
}
return Ok();
}
public static Task<bool> CheckAccessAsync(this HttpContextBase httpContext, string action, params string[] resources)
{
var cp = httpContext.User as ClaimsPrincipal;
var authorizationContext = new ResourceAuthorizationContext(
cp ?? Principal.Anonymous,
action,
resources);
return httpContext.CheckAccessAsync(authorizationContext);
}
private async Task<bool> CheckUserEditAccessByRoleAsync(ResourceAuthorizationContext context)
{
var user = _uow.UserAccountRepository.Get(context.Principal.Identity.Name);
if (user.Claims.Any(x => x.Type == System.Security.Claims.ClaimTypes.Role &&
x.Value == "SystemAdmin"))
{
return await Ok();
}
return await Nok();
}
private Task<bool> CheckCharacterAccess(ResourceAuthorizationContext context)
{
var action = context.Action.First().Value;
if (context.Principal.HasClaim(action))
{
return Ok();
}
return Nok();
}
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
var claim = context.Principal.Claims.FirstOrDefault(c => c.Type == "role");
if (claim != null)
{
if (claim.Value == "Administrator")
{
return Task.FromResult(true);
}
}
return Task.FromResult(false);
}
private Task<bool> AuthorizeContactDetails(ResourceAuthorizationContext context)
{
switch (context.Action.First().Value)
{
case "Read":
return Eval(context.Principal.HasClaim("role", "Geek"));
case "Write":
return Eval(context.Principal.HasClaim("role", "Operator"));
default:
return Nok();
}
}
Task<bool> AuthorizeMember(ResourceAuthorizationContext context)
{
switch (context.Action.First().Value)
{
case "Read":
return Eval(context.Principal.HasClaim("role", "Member"));
case "Write":
return Eval(context.Principal.HasClaim("role", "PrimaryMember"));
default:
return Nok();
}
}
private Task<bool> AuthorizationExpenseGroup(ResourceAuthorizationContext context)
{
switch (context.Action.First().Value)
{
case "Read":
return Eval(context.Principal.HasClaim("role", "WebReaderUser"));
case "Write":
return Eval(context.Principal.HasClaim("role", "WebWriterUser"));
default:
return Nok();
}
}
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
//switch (context.Resource.First().Value)
//{
// case "PrimaryMember":
// return AuthorizeMember(context);
// case "FamilyMember":
// default:
// return Nok();
//}
return Nok();
}
public override async Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
var resource = context.Resource.First().Value;
if(resource == "User")
{
return await CheckUserAccessAsync(context);
}
return await Nok();
}
public ResourceAuthorizeAttributeControllerAndActionTests()
{
_context = null;
CheckAccessDelegate = c =>
{
_context = c;
return Task.FromResult(true);
};
_response = Client.GetAsync("/api/default").Result;
}
public ResourceAuthorizationAttributeActionParametersTests()
{
_context = null;
CheckAccessDelegate = c =>
{
_context = c;
return Task.FromResult(true);
};
_response = Client.GetAsync("/api/protected/firstvalue/secondvalue").Result;
}
private Task<bool> CheckAlbumEditAccessAsync(ResourceAuthorizationContext context)
{
if (!context.Principal.IsInRole("Admin") && !context.Principal.IsInRole("Manager"))
{
return Nok();
}
if (context.Resource.Count() == 2)
{
return CheckAlbumEditAccessByIdAsync(context);
}
return Ok();
}
public ResourceAuthorizeAttributeTests()
{
_context = null;
CheckAccessDelegate = c =>
{
_context = c;
return Task.FromResult(true);
};
_response = Client.GetAsync("/api/protected").Result;
}
private async Task<bool> CheckUserAccessAsync(ResourceAuthorizationContext context)
{
if (!context.Principal.Identity.IsAuthenticated)
{
return await Nok();
}
if (context.Action.Any(x => x.Value == "Edit"))
{
return await CheckUserEditAccessByRoleAsync(context);
}
return await Ok();
}
private Task<bool> AuthorizeExpenseGroup(ResourceAuthorizationContext context)
{
switch (context.Action.First().Value)
{
case "Read":
// to be able to read an expensegroups from the API, the user must be in the
// WebReadUser role or MobileReadUser role
return
Eval(context.Principal.HasClaim("role", "MobileReadUser")
|| (context.Principal.HasClaim("role", "WebReadUser")));
default:
return Nok();
}
}
private Task<bool> CheckAlbumAccessAsync(ResourceAuthorizationContext context)
{
if (!context.Principal.Identity.IsAuthenticated)
{
return Nok();
}
var action = context.Action.First().Value;
if (action == ChinookResources.AlbumActions.Edit)
{
return CheckAlbumEditAccessAsync(context);
}
return Ok();
}
public override Task<bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
// check access credentials here
if (context.Principal.Identity.IsAuthenticated)
{
var resource = context.Resource.First();
var action = context.Action.First();
if (context.Principal.HasClaim(c => c.Type == resource.Value && c.Value == action.Value))
{
return Ok();
}
}
return Nok();
}
public virtual Task <bool> CheckAccessAsync(ResourceAuthorizationContext context)
{
throw new NotImplementedException();
}
