protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
{
if (context.User != null && _state.LoggedUser == null)
{
var my = await _esquioHttpClient.GetMy();
if (my != null && !String.IsNullOrEmpty(my.ActAs))
{
var loggedUser = new LoggedUserViewModel()
{
UserName = context.User.Identity.Name,
SubjectId = context.User.FindFirst("sub").Value,
ActAs = my.ActAs
};
var policy = _policyBuilder.Build(my);
_state.ClearState();
_state.SetLoggedUser(loggedUser);
_state.SetPolicy(policy);
}
else
{
context.Fail();
return;
}
}
var actAs = ActAs.From(_state.LoggedUser.ActAs);
bool allowed = requirement.Permission switch
{
Policies.Reader => actAs == ActAs.Reader || actAs == ActAs.Contributor || actAs == ActAs.Management,
Policies.Contributor => actAs == ActAs.Contributor || actAs == ActAs.Management,
Policies.Management => actAs == ActAs.Management,
_ => throw new ArgumentNullException("The configured authorization policy is not supported.")
};
if (!allowed)
{
LogAuthorizationFailed(_state.LoggedUser.SubjectId, requirement.Permission);
context.Fail();
}
context.Succeed(requirement);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PolicyRequirement requirement)
{
if (_state.LoggedUser == null)
{
_logger.LogError("Authorization failed because the logged user is not present.");
context.Fail();
return(Task.CompletedTask);
}
if (string.IsNullOrEmpty(_state.LoggedUser.ActAs))
{
LogAuthorizationFailed(_state.LoggedUser.SubjectId, requirement.Permission);
context.Fail();
return(Task.CompletedTask);
}
var actAs = ActAs.From(_state.LoggedUser.ActAs);
bool allowed = requirement.Permission switch
{
Policies.Reader => actAs == ActAs.Reader || actAs == ActAs.Contributor || actAs == ActAs.Management,
Policies.Contributor => actAs == ActAs.Contributor || actAs == ActAs.Management,
Policies.Management => actAs == ActAs.Management,
_ => throw new ArgumentNullException("The configured authorization policy is not supported.")
};
if (!allowed)
{
LogAuthorizationFailed(_state.LoggedUser.SubjectId, requirement.Permission);
context.Fail();
}
context.Succeed(requirement);
return(Task.CompletedTask);
}