protected override void Handle(AuthorizationContext context, StatusRequirement requirement) { if (context.User.IsInRole("supervisor")) { context.Succeed(requirement); return; } if (context.User.HasClaim("department", _department) && context.User.HasClaim("status", _status)) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement operation, Survey resource) { // if the survey is in the same tenant // Add SURVEYADMIN/SURVEYCREATER/SURVEYREADER to permission set // else if survey is in differnt tenant // Add CONTRIBUTOR to permission set if user is contributor on survey // // if user is owner of the survey // Add OWNER to the permission set var permissions = new List <UserPermissionType>(); int surveyTenantId = context.User.GetSurveyTenantIdValue(); int userId = context.User.GetSurveyUserIdValue(); string user = context.User.GetUserName(); if (resource.TenantId == surveyTenantId) { // Admin can do anything, as long as the resource belongs to the admin's tenant. if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin)) { context.Succeed(operation); return; } if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyCreator)) { permissions.Add(UserPermissionType.Creator); } else { permissions.Add(UserPermissionType.Reader); } if (resource.OwnerId == userId) { permissions.Add(UserPermissionType.Owner); } } if (resource.Contributors != null && resource.Contributors.Any(x => x.UserId == userId)) { permissions.Add(UserPermissionType.Contributor); } if (ValidateUserPermissions[operation](permissions)) { _logger.ValidatePermissionsSucceeded(user, context.User.GetTenantIdValue(), operation.Name, permissions.Select(p => p.ToString())); context.Succeed(operation); } }
protected override void Handle(AuthorizationContext context, Over18Requirement requirement) { if (!context.User.HasClaim(c => c.Type == ClaimTypes.DateOfBirth)) { context.Fail(); return; } var dateOfBirth = Convert.ToDateTime(context.User.FindFirst(c => c.Type == ClaimTypes.DateOfBirth).Value); int age = DateTime.Today.Year - dateOfBirth.Year; if (dateOfBirth > DateTime.Today.AddYears(-age)) { age--; } if (age >= 18) { context.Succeed(requirement); } else { context.Fail(); } }
public override void Handle(AuthorizationContext context, MyAuthRequirement requirement) { // grab the identity for the MyAuth authentication var myAuthIdentities = context.User.Identities.Where(x => x.AuthenticationType == "MyAuth").FirstOrDefault(); if (myAuthIdentities == null) { context.Fail(); return; } // grab the authentication header and uri types for our identity var authHeaderClaim = myAuthIdentities.Claims.Where(x => x.Type == ClaimTypes.Authentication).FirstOrDefault(); var uriClaim = context.User.Claims.Where(x => x.Type == ClaimTypes.Uri).FirstOrDefault(); if (uriClaim == null || authHeaderClaim == null) { context.Fail(); return; } // enforce our requirement (evaluate values from the identity/claims) if (/* passes our enforcement test */) { context.Succeed(requirement); } else { context.Fail(); } }
protected override void Handle(AuthorizationContext context, DayRequirement requirement) { if (DateTime.Now.DayOfWeek == DayOfWeek) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Entry resource) { if (resource.IsPublic || context.User.Identity.Name == resource.Author) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, PassThroughRequirement requirement) { if (Succeed) { context.Succeed(requirement); } }
public async Task HandleAsync(AuthorizationContext context) { if (await Handler(context)) { context.Succeed(this); } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource) { if (_allowed.Contains(requirement)) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (requirement == null) { throw new ArgumentNullException(nameof(requirement)); } if (context.User == null) { return; } var identities = context.User.Identities; foreach (var identity in identities) { if (ContainsRequiredName(identity, requirement)) { context.Succeed(requirement); break; } } }
public async Task HandleAsync(AuthorizationContext context) { var permissionType = typeof(PermissionAuthorizationRequirement <TPermissionEnum>); if (context.Resource != null) { permissionType = typeof(PermissionAuthorizationRequirement <,>).MakeGenericType(typeof(TPermissionEnum), context.Resource.GetType()); } var requirements = context.Policy.Requirements.Where(t => permissionType.IsAssignableFrom(t.GetType())).Cast <PermissionAuthorizationRequirement <TPermissionEnum> >().ToArray(); if (requirements.Length == 0) { return; } var permissions = await _provider.GetPermissions(context); if (permissions == null || !permissions.Any()) { return; } foreach (var req in requirements) { if (permissions.Contains(req.Permission)) { context.Succeed(req); } } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement) { if (context.User.HasClaim("SuperUser", "yes")) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, EditRequirement requirement, Document resource) { if (resource.Author == context.User.FindFirst(ClaimTypes.Name).Value) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, AlbumOwnerRequirement requirement, Album resource) { if (resource.Publisher == context.User.FindFirst(Constants.CompanyClaimType).Value) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, int id) { if (id % 2 == 0) { context.Succeed(requirement); } }
/// <summary> /// Calls <see cref="AssertionRequirement.Handler"/> to see if authorization is allowed. /// </summary> /// <param name="context">The authorization information.</param> /// <param name="ctk">CancellationToken</param> public async Task HandleAsync(AuthorizationContext context, CancellationToken ctk = default) { if (await Handler(context)) { context.Succeed(this); } }
protected override void Handle(AuthorizationContext context, ModifyRequirement requirement, Entry resource) { if (resource.Author == context.User.Identity.Name) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, NoPhpeesRequirement requirement) { if (!context.User.Claims.Any(x => x.Type.Equals("Language") && x.Value.Equals("PHP"))) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (requirement == null) { throw new ArgumentNullException(nameof(requirement)); } if (context.User == null) { return; } Debug.Assert(requirement.AllowedRoles != null, "requirement.AllowedRoles != null"); Debug.Assert(requirement.AllowedRoles.Any(), "requirement.AllowedRoles.Any()"); var found = requirement.AllowedRoles.Any(role => context.User.IsInRole(role)); if (found) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, SurveyCreatorRequirement requirement) { if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin) || context.User.HasClaim(ClaimTypes.Role, Roles.SurveyCreator)) { context.Succeed(requirement); } }
public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement) { if (context.User.HasClaim("Manager", "yes")) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, SurveyAdminRequirement requirement) { //Check user claims for Role if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin)) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, LoginRequirement requirement) { if (!context.User.HasClaim(c => c.Type == "UsernameAndPassword" && c.Issuer == "http://www.cnblogs.com/rohelm")) { return; } context.Succeed(requirement); }
protected override void Handle(AuthorizationContext context, LocalIssuerRequirement requirement) { Claim issuerClaim = context.User.FindFirst(c => c.Type == ClaimType); if (issuerClaim.Value == Issuer) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, Document resource) { var documentPermissionClaim = context.User.FindFirst(c => c.Type == "Documents" && c.Issuer == "urn:idunno.org"); if (MapClaimsToOperations(documentPermissionClaim.Value).Contains(requirement)) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, Document resource) { var claim = context.User.FindFirst(ClaimTypes.Name); if (claim != null && claim.Value.Equals(resource.Owner)) { context.Succeed(requirement); } }
protected override void Handle(AuthorizationContext context, UserRequirement requirement) { if (!context.User.HasClaim(c => c.Type == "UserId")) { context.Fail(); return; } context.Succeed(requirement); }
protected override void Handle(AuthorizationContext context, OfficeEntryRequirement requirement) { if (!context.User.HasClaim(c => c.Type == "BadgeNumber" && c.Issuer == "https://contoso.com")) { return; } context.Succeed(requirement); }
protected override void Handle(AuthorizationContext context, PermissionRequirement resource) { if (context.User == null) { context.Succeed(resource); } if (context.User.IsInRole("Administrator")) { context.Succeed(resource); return; } if (context.User.HasClaim(Permission.ClaimType, _permission.Name)) { context.Succeed(resource); return; } }
protected override void Handle(AuthorizationContext context, OnlyRoleRequirement requirement) { if (context.User.IsInRole(_roleName)) { context.Succeed(requirement); return; } context.Fail(); }