public static async Task IsEventAdminCheck(AuthorizationHandlerContext authContext, PuzzleServerContext dbContext, UserManager <IdentityUser> userManager, IAuthorizationRequirement requirement)
{
PuzzleUser puzzleUser = await PuzzleUser.GetPuzzleUserForCurrentUser(dbContext, authContext.User, userManager);
Event thisEvent = await AuthorizationHelper.GetEventFromContext(authContext);
EventRole role = AuthorizationHelper.GetEventRoleFromContext(authContext);
if (thisEvent != null && role == EventRole.admin && await puzzleUser.IsAdminForEvent(dbContext, thisEvent))
{
authContext.Succeed(requirement);
}
}
public async Task IsEventAdminCheck(AuthorizationHandlerContext authContext, IAuthorizationRequirement requirement)
{
EventRole role = GetEventRoleFromRoute();
if (role != EventRole.admin)
{
return;
}
PuzzleUser puzzleUser = await PuzzleUser.GetPuzzleUserForCurrentUser(dbContext, authContext.User, userManager);
Event thisEvent = await GetEventFromRoute();
if (thisEvent != null && puzzleUser != null && await puzzleUser.IsAdminForEvent(dbContext, thisEvent))
{
authContext.Succeed(requirement);
}
}
/// <summary>
/// Returns whether the user is authorized to view the file
/// </summary>
/// <param name="eventId">The current event</param>
/// <param name="puzzle">The puzzle the file belongs to</param>
/// <param name="content">The file</param>
private async Task <bool> IsAuthorized(int eventId, Puzzle puzzle, ContentFile content)
{
Event currentEvent = await(from ev in context.Events
where ev.ID == eventId
select ev).SingleAsync();
PuzzleUser user = await PuzzleUser.GetPuzzleUserForCurrentUser(context, User, userManager);
// Admins can see all files
if (await user.IsAdminForEvent(context, currentEvent))
{
return(true);
}
// Authors can see all files attached to their puzzles
if (await UserEventHelper.IsAuthorOfPuzzle(context, puzzle, user))
{
return(true);
}
Team team = await UserEventHelper.GetTeamForPlayer(context, currentEvent, user);
if (team == null)
{
return(false);
}
// Once answers are available, so are all other files
if (currentEvent.AreAnswersAvailableNow)
{
return(true);
}
PuzzleStatePerTeam puzzleState = await PuzzleStateHelper.GetFullReadOnlyQuery(context, currentEvent, puzzle, team).SingleAsync();
switch (content.FileType)
{
case ContentFileType.Answer:
// The positive case is already handled above by checking AreAnswersAvailableNow
return(false);
case ContentFileType.Puzzle:
case ContentFileType.PuzzleMaterial:
if (puzzleState.UnlockedTime != null)
{
return(true);
}
else
{
return(false);
}
case ContentFileType.SolveToken:
if (puzzleState.SolvedTime != null)
{
return(true);
}
else
{
return(false);
}
default:
throw new NotImplementedException();
}
}