public async Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
if (feature.IsIn("Admin"))
{
if (_userSession.IsAnonymous || (await _userSession.User())?.IsAdmin == false)
{
return(AuthorizationResult.Fail("Unauthorized access"));
}
}
if (feature.Implements <IMustBeAuthenticated>() && _userSession.IsAnonymous)
{
return(AuthorizationResult.Fail("Authentication is required"));
}
return(AuthorizationResult.Succeed());
}
public async Task <TResponse> Handle(TRequest request, CancellationToken cancellationToken, RequestHandlerDelegate <TResponse> next)
{
var featureInfo = new FeatureInfo(typeof(TRequest));
if (featureInfo.Implements <IMiruJob>())
{
return(await next());
}
var result = await _rules.Evaluate(request, featureInfo);
if (result.IsAuthorized)
{
return(await next());
}
throw new UnauthorizedException(result.FailureMessage);
}
