protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, ResourceAuthorizationRequirement requirement, object resource) { var user = await _usersService.GetByPrincipal(context.User); if (requirement.RoleBased) { string roleName = requirement.RoleName; if (requirement.GetType() == typeof(AllowedToManageProductRequirement) || requirement.GetType() == typeof(AllowedToCreateCommentRequirement)) { if (roleName == _configurationService.GetAdminRoleName()) { } } } else { // For creation we have no Resource var policy = requirement.AuthorizationPolicy; if (policy == AuthorizationPolicy.ONLY_ADMIN) { if (context.User.Identity != null && context.User.Identity.Name != null && context.User.IsInRole(_configurationService.GetAdminRoleName())) { context.Succeed(requirement); } else { context.Fail(); } } else if (policy == AuthorizationPolicy.ADMIN_AND_OWNER) { //bool isAdmin = await _userManager.IsInRoleAsync(user, _configurationService.GetAdminRoleName()); bool isAdmin = await _usersService.IsUserInRole(user, _configurationService.GetAdminRoleName()); if (isAdmin || (resource.GetType() == typeof(Comment) && ((Comment)resource).User.Id == user.Id) ) { context.Succeed(requirement); } } else if (policy == AuthorizationPolicy.ONLY_OWNER) { } else if (policy == AuthorizationPolicy.AUTHENTICATED_USER) { if (context.User.Identity != null && context.User.Identity.IsAuthenticated) { context.Succeed(requirement); } } } }
HandleRequirementAsync( AuthorizationHandlerContext context, ResourceAuthorizationRequirement requirement, IOwnable <string> resource) { if (context.User == null || resource == null) { return(Task.CompletedTask); } if (context.User.IsInRole(GlobalConstants.AdministratorRoleName)) { context.Succeed(requirement); return(Task.CompletedTask); } if (resource.AuthorId == this.userManager.GetUserId(context.User)) { context.Succeed(requirement); } return(Task.CompletedTask); }