public async Task <AuthorizationResult> AuthorizeAsync(PingCommand instance, CancellationToken cancellation = default) { return(instance.PingName == "T" ? await Task.FromResult(AuthorizationResult.Succeed()) : await Task.FromResult(AuthorizationResult.Fail(":("))); }
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously public override async Task <AuthorizationResult> CanCreateAsync(MockEntity entity, IContextInfo ctx) { if (entity.IsValid) { return(AuthorizationResult.Success()); } return(AuthorizationResult.Fail("The entity is not valid :( ", entity)); }
#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously public override async Task <AuthorizationResult> CanModifyAsync(MockEntity originalEntity, MockEntity modifiedEntity, IContextInfo ctx) { if (modifiedEntity.IsValid) { return(AuthorizationResult.Success()); } return(AuthorizationResult.Fail("The entity is not valid :( ", modifiedEntity)); }
public async Task <AuthorizationResult> Handle(AssignedToProjectRequirement requirement, CancellationToken cancellationToken) { var userId = requirement.UserId; var projectId = requirement.ProjectId; if (projectId == null) { var step = new Step(); if (requirement.StepId != null) { step = await _context.Steps.FindAsync(requirement.StepId); } else if (requirement.TaskId != null) { var task = await _context.Tasks.Include(t => t.Step) .FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken); step = task?.Step; } else if (requirement.SubtaskId != null) { var subTask = await _context.Subtasks.Include(s => s.Task) .Include(s => s.Task.Step) .FirstOrDefaultAsync(t => t.Id == requirement.SubtaskId, cancellationToken); step = subTask?.Task.Step; } else { throw new Exception(); } if (step == null) { return(AuthorizationResult.Fail("Can not access")); } projectId = step.ProjectId; } var assignment = await _context.ProjectAssignments .FirstOrDefaultAsync(a => a.User.ApplicationUserId == userId && a.ProjectId == projectId, cancellationToken); if (assignment != null) { return(AuthorizationResult.Succeed()); } return(AuthorizationResult.Fail("Can not access")); }
public async Task <AuthorizationResult> Handle(DeleteOrderRequirement request, CancellationToken cancellationToken) { var userId = request.UserId; // logic var canDeleteOrder = false; if (canDeleteOrder != null) { return(AuthorizationResult.Succeed()); } return(AuthorizationResult.Fail("You don't have a subscription to this course.")); }
public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature) { if (feature.IsIn("Accounts")) { return(Task.FromResult(AuthorizationResult.Succeed())); } if (_userSession.IsAnonymous) { return(Task.FromResult(AuthorizationResult.Fail("Authentication is required"))); } return(Task.FromResult(AuthorizationResult.Succeed())); }
public async Task <AuthorizationResult> AuthorizeAsync(TreeOperationCommandBase <TResponse> instance, CancellationToken cancellation = default) { var connection = _sqlConnectionFactory.GetOpenConnection(); const string sql = "SELECT TOP 1 1 FROM [trees].[TreeUserProfile] tup " + "JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " + "WHERE tup.[TreeId] = @ownedTree AND up.[UserAuthId] = @treeOwner"; var owns = await connection.QueryFirstOrDefaultAsync <int?>(sql, new { ownedTree = instance.TreeId.Value, treeOwner = instance.RequesterUserAuthId }); return(owns.HasValue ? AuthorizationResult.Succeed() : AuthorizationResult.Fail("User is not owner of this tree")); }
public async Task <AuthorizationResult> Handle(AssignedToTaskRequirement requirement, CancellationToken cancellationToken) { var userId = requirement.UserId; var taskId = requirement.TaskId; var assignment = await _context.TaskAssignments .FirstOrDefaultAsync(a => a.Id == taskId && a.User.ApplicationUserId == userId, cancellationToken); if (assignment != null) { return(AuthorizationResult.Succeed()); } return(AuthorizationResult.Fail("Can not access task")); }
public async Task <AuthorizationResult> Handle(ProjectAuthorRequirement requirement, CancellationToken cancellationToken) { var userId = requirement.UserId; var projectId = requirement.ProjectId; var project = await _context.Projects .FirstOrDefaultAsync(p => p.Id == projectId && p.CreatedBy == userId); if (project != null) { return(AuthorizationResult.Succeed()); } return(AuthorizationResult.Fail("Action not allowed")); }
public static AuthorizationResult CreateAggregateResult(this IEnumerable <AuthorizationResult> results) { var resultList = results.ToList(); if (resultList.Any(a => !a.HasSucceed)) { var failResult = AuthorizationResult.Fail <object>("", null); failResult.InnerResult.AddRange(resultList); return(failResult); } var successResult = AuthorizationResult.Success(); successResult.InnerResult.AddRange(resultList); return(successResult); }
public async Task <AuthorizationResult> AuthorizeAsync(MergeTreesCommand instance, CancellationToken cancellation = default) { var connection = _sqlConnectionFactory.GetOpenConnection(); const string sql = "SELECT TOP 2 1 FROM [trees].[TreeUserProfile] tup " + "JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " + "WHERE (tup.[TreeId] = @firstTree OR tup.[TreeId] = @secondTree) AND up.[UserAuthId] = @treeOwner"; var ownsFirst = await connection.QueryAsync <int>(sql, new { firstTree = instance.First.Value, secondTree = instance.Second.Value, treeOwner = instance.RequesterUserAuthId }); return(ownsFirst?.Count() > 1 ? AuthorizationResult.Succeed() : AuthorizationResult.Fail("User is not owner of this tree")); }
public async Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature) { if (feature.IsIn("Admin")) { if (_userSession.IsAnonymous || (await _userSession.User())?.IsAdmin == false) { return(AuthorizationResult.Fail("Unauthorized access")); } } if (feature.Implements <IMustBeAuthenticated>() && _userSession.IsAnonymous) { return(AuthorizationResult.Fail("Authentication is required")); } return(AuthorizationResult.Succeed()); }
public async Task <AuthorizationResult> AuthorizeEntityChangeAsync(IIdentity user, DbEntityEntry ent) { if (ent.State == EntityState.Unchanged || ent.State == EntityState.Detached) { return(AuthorizationResult.Success()); } if (ent.Entity is T) { var casted = ent.Cast <T>(); switch (ent.State) { case EntityState.Added: var interpreted = Interpret.BeforeCreate(casted.Entity, GetContextInfo(user)); return((await Authorize.CreateAsync(interpreted, GetContextInfo(user))).CreateAggregateResult()); case EntityState.Modified: var original = CreateWithValues(casted.OriginalValues); var modified = CreateWithValues(casted.CurrentValues); var modifiedInterpreted = Interpret.BeforeModify((T)original, (T)modified, GetContextInfo(user)); foreach (var field in ent.CurrentValues.PropertyNames) { ent.CurrentValues[field] = modifiedInterpreted.GetType().GetProperty(field) .GetValue(modifiedInterpreted, null); } return((await Authorize.ModifyAsync((T)original, modifiedInterpreted, GetContextInfo(user))) .CreateAggregateResult()); case EntityState.Deleted: return((await Authorize.RemoveAsync( (T)CreateWithValues(casted.OriginalValues, casted.Entity.GetType()), GetContextInfo(user))) .CreateAggregateResult()); default: return(AuthorizationResult.Fail("The entity state is invalid", casted.Entity)); } } else { return(await GetChildRepositoryFor(ent).AuthorizeEntityChangeAsync(user, ent)); } }
public async Task <AuthorizationResult> Handle(SuperMemberRequirement requirement, CancellationToken cancellationToken) { var userId = requirement.UserId; var projectId = requirement.ProjectId; if (projectId == null) { var step = new Step(); if (requirement.StepId != null) { step = await _context.Steps.FindAsync(requirement.StepId); } else if (requirement.TaskId != null) { var task = await _context.Tasks.Include(t => t.Step) .FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken); step = task?.Step; } else { throw new Exception(); } if (step == null) { return(AuthorizationResult.Fail("Action not allowed")); } projectId = step.ProjectId; } var assignment = await _context.ProjectAssignments .FirstOrDefaultAsync(a => a.ProjectId == projectId && a.User.ApplicationUserId == userId && a.ProjectRole == ProjectRole.SuperMember.ToString(), cancellationToken); if (assignment != null) { return(AuthorizationResult.Succeed()); } return(AuthorizationResult.Fail("Action not allowed")); }
public async Task <AuthorizationResult> Evaluate(ClaimsPrincipal principal, object userContext, IDictionary <string, object> arguments, IEnumerable <string> requiredPolicies) { var cxt = userContext as GraphQLUserContext; ClaimsPrincipal claimsPrincipal = _httpContextAccessor.HttpContext.User.Identity.IsAuthenticated ? _httpContextAccessor.HttpContext.User : null; if (claimsPrincipal == null) { var response = await _httpContextAccessor.HttpContext.AuthenticateAsync(); if (response.Succeeded) { claimsPrincipal = response.Principal; _httpContextAccessor.HttpContext.User = response.Principal; } else { return(AuthorizationResult.Fail(new[] { "request authorization failed" })); } } var context = new AuthorizationContext(); context.User = claimsPrincipal; context.UserContext = userContext; context.InputVariables = arguments; var authPolicies = _authorizationSettings.GetPolicies(requiredPolicies); var tasks = new List <Task>(); authPolicies.Apply(p => { p.Requirements.Apply(r => { var task = r.Authorize(context); tasks.Add(task); }); }); await Task.WhenAll(tasks.ToArray()); return(!context.HasErrors ? AuthorizationResult.Success() : AuthorizationResult.Fail(context.Errors)); }
public override async Task <AuthorizationResult> CanModifyAsync(IMockEntity originalEntity, IMockEntity modifiedEntity, IContextInfo ctx) { return(modifiedEntity.IsValid ? AuthorizationResult.Success() : AuthorizationResult.Fail("Not valid!", modifiedEntity)); }
public override async Task <AuthorizationResult> CanRemoveAsync(IMockEntity entity, IContextInfo ctx) { return(entity.IsValid ? AuthorizationResult.Success() : AuthorizationResult.Fail("Not valid!", entity)); }