protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
ResourceAuthorizationRequirement requirement,
object resource)
{
var user = await _usersService.GetByPrincipal(context.User);
if (requirement.RoleBased)
{
string roleName = requirement.RoleName;
if (requirement.GetType() == typeof(AllowedToManageProductRequirement) ||
requirement.GetType() == typeof(AllowedToCreateCommentRequirement))
{
if (roleName == _configurationService.GetAdminRoleName())
{
}
}
}
else
{
// For creation we have no Resource
var policy = requirement.AuthorizationPolicy;
if (policy == AuthorizationPolicy.ONLY_ADMIN)
{
if (context.User.Identity != null &&
context.User.Identity.Name != null &&
context.User.IsInRole(_configurationService.GetAdminRoleName()))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
else if (policy == AuthorizationPolicy.ADMIN_AND_OWNER)
{
//bool isAdmin = await _userManager.IsInRoleAsync(user, _configurationService.GetAdminRoleName());
bool isAdmin = await _usersService.IsUserInRole(user, _configurationService.GetAdminRoleName());
if (isAdmin ||
(resource.GetType() == typeof(Comment) && ((Comment)resource).User.Id == user.Id)
)
{
context.Succeed(requirement);
}
}
else if (policy == AuthorizationPolicy.ONLY_OWNER)
{
}
else if (policy == AuthorizationPolicy.AUTHENTICATED_USER)
{
if (context.User.Identity != null && context.User.Identity.IsAuthenticated)
{
context.Succeed(requirement);
}
}
}
}
HandleRequirementAsync(
AuthorizationHandlerContext context,
ResourceAuthorizationRequirement requirement,
IOwnable <string> resource)
{
if (context.User == null || resource == null)
{
return(Task.CompletedTask);
}
if (context.User.IsInRole(GlobalConstants.AdministratorRoleName))
{
context.Succeed(requirement);
return(Task.CompletedTask);
}
if (resource.AuthorId == this.userManager.GetUserId(context.User))
{
context.Succeed(requirement);
}
return(Task.CompletedTask);
}
