public async Task <PolicyResult> Authorize(CommentAlterCommand action)
{
// Check if user owns comment
if (await commentService.IsOwner(action.CommentId, action.User.Username))
{
return(PolicyResult.Authorized());
}
// Is the user an admin?
if (await roleService.IsUserAdmin(action.User.Username))
{
return(PolicyResult.Authorized());
}
// Is the user a moderator?
Space?space = await spaceService.FindByComment(action.CommentId);
if (space == null)
{
throw new InvalidOperationException();
}
if (await roleService.IsUserModerator(action.User.Username, space.Name))
{
return(PolicyResult.Authorized());
}
return(PolicyResult.Unauthorized());
}
