private async Task <bool> CanUserSeeAllCourseGroupsAsync(ClaimsPrincipal user, string courseId) { var userId = user.GetUserId(); var canViewAllGroupMembersGlobal = await systemAccessesRepo.HasSystemAccessAsync(userId, SystemAccessType.ViewAllGroupMembers).ConfigureAwait(false); var canViewAllGroupMembersInCourse = await coursesRepo.HasCourseAccessAsync(userId, courseId, CourseAccessType.ViewAllGroupMembers).ConfigureAwait(false); return(user.HasAccessFor(courseId, CourseRole.CourseAdmin) || canViewAllGroupMembersGlobal || canViewAllGroupMembersInCourse); }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CourseAccessRequirement requirement) { /* Get MVC context. See https://docs.microsoft.com/en-US/aspnet/core/security/authorization/policies#accessing-mvc-request-context-in-handlers */ if (!(context.Resource is AuthorizationFilterContext mvcContext)) { logger.Error("Can't get MVC context in CourseRoleAuthenticationHandler"); context.Fail(); return; } var routeData = mvcContext.RouteData; if (!(routeData.Values["courseId"] is string courseId)) { logger.Error("Can't find `courseId` parameter in route data for checking course access requirement."); context.Fail(); return; } if (context.User.IsSystemAdministrator()) { context.Succeed(requirement); return; } var userId = context.User.GetUserId(); var isCourseAdmin = await userRolesRepo.HasUserAccessToCourseAsync(userId, courseId, CourseRole.CourseAdmin); if (isCourseAdmin || await coursesRepo.HasCourseAccessAsync(userId, courseId, requirement.CourseAccessType)) { context.Succeed(requirement); } else { context.Fail(); } }