public void OnAuthorization(HttpActionContext actionContext) { // allowing super/system admin queries anything if (_authorizationService.CanAccessEverything()) { return; } // default to current user // note: only AgencyAdministrator is allowed so call CanWriteUser var currentUserId = _owinContext.GetCurrentUserId(); var userId = actionContext.GetOrSetQueryString("userId", currentUserId); if (!_authorizationService.CanWriteUser(userId)) { actionContext.SetUnauthorizedResponse(); } // note: only AgencyAdministrator is allowed so call CanWriteBuyerAccount var buyerAccountUuid = actionContext.GetQueryString <Guid?>("buyerAccountUuid"); if (buyerAccountUuid.HasValue && !_authorizationService.CanWriteBuyerAccount(buyerAccountUuid.Value)) { actionContext.SetUnauthorizedResponse(); } }
public void OnAuthorization(HttpActionContext actionContext) { var currentUserId = _owinContext.GetCurrentUserId(); var userId = actionContext.GetOrSetQueryString("userId", currentUserId); if (!_authorizationService.CanReadUser(userId)) { actionContext.SetUnauthorizedResponse(); return; } var queryString = actionContext.Request.RequestUri.ParseQueryString(); Guid buyerAccountUuid; var hasBuyerAccountUuid = Guid.TryParse(queryString["buyerAccountUuid"], out buyerAccountUuid); if (hasBuyerAccountUuid && !_authorizationService.CanReadBuyerAccount(buyerAccountUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid advertiserUuid; var hasAdvertiserUuid = Guid.TryParse(queryString["advertiserUuid"], out advertiserUuid); if (hasAdvertiserUuid && !_authorizationService.CanReadAdvertiser(advertiserUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid brandUuid; var hasBrandUuid = Guid.TryParse(queryString["brandUuid"], out brandUuid); if (hasBrandUuid && !_authorizationService.CanReadBrand(brandUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid campaignUuid; var hasCampaignUuid = Guid.TryParse(queryString["campaignUuid"], out campaignUuid); if (hasCampaignUuid && !_authorizationService.CanReadCampaign(campaignUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid creativeUuid; var hasCreativeUuid = Guid.TryParse(queryString["creativeUuid"], out creativeUuid); if (hasCreativeUuid && !_authorizationService.CanReadCreative(creativeUuid)) { actionContext.SetUnauthorizedResponse(); } }
public void OnAuthorization(HttpActionContext actionContext) { var currentUserId = _owinContext.GetCurrentUserId(); var userId = actionContext.GetOrSetQueryString("userId", currentUserId); if (!_authorizationService.CanReadUser(userId)) { actionContext.SetUnauthorizedResponse(); } }
public void OnAuthorization(HttpActionContext actionContext) { // allowing super/system admin queries anything if (_authorizationService.CanAccessEverything()) { return; } var currentUserId = _owinContext.GetCurrentUserId(); var userId = actionContext.GetOrSetQueryString("userId", currentUserId); if (!_authorizationService.CanReadUser(userId)) { actionContext.SetUnauthorizedResponse(); } }
public void OnAuthorization(HttpActionContext actionContext) { var currentUserId = _owinContext.GetCurrentUserId(); var userId = actionContext.GetOrSetQueryString("userId", currentUserId); if (!_authorizationService.CanReadUser(userId)) { actionContext.SetUnauthorizedResponse(); return; } var queryString = actionContext.Request.RequestUri.ParseQueryString(); Guid buyerAccountUuid; var hasBuyerAccountUuid = Guid.TryParse(queryString["buyerAccountUuid"], out buyerAccountUuid); if (hasBuyerAccountUuid && !_authorizationService.CanReadBuyerAccount(buyerAccountUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid strategyUuidUuid; var hasStrategyUuidUuid = Guid.TryParse(queryString["strategyUuid"], out strategyUuidUuid); if (hasStrategyUuidUuid && !_authorizationService.CanReadStrategy(strategyUuidUuid)) { actionContext.SetUnauthorizedResponse(); return; } Guid campaignUuid; var hasCampaignUuid = Guid.TryParse(queryString["campaignUuid"], out campaignUuid); if (hasCampaignUuid && !_authorizationService.CanReadCampaign(campaignUuid)) { actionContext.SetUnauthorizedResponse(); } }