public async Task <bool> IsAuthorizedAsync(Operation operation, IRequest req, IAuthSession session) { if (HostContext.HasValidAuthSecret(req)) { return(true); } if (operation.RequiresAuthentication && !session.IsAuthenticated) { return(false); } var authRepo = HostContext.AppHost.GetAuthRepositoryAsync(req); #if NET472 || NETCORE await using (authRepo as IAsyncDisposable) #else using (authRepo as IDisposable) #endif { var allRoles = await session.GetRolesAsync(authRepo).ConfigAwait(); if (!operation.RequiredRoles.IsEmpty() && !operation.RequiredRoles.All(allRoles.Contains)) { return(false); } var allPerms = await session.GetPermissionsAsync(authRepo).ConfigAwait(); if (!operation.RequiredPermissions.IsEmpty() && !operation.RequiredPermissions.All(allPerms.Contains)) { return(false); } if (!operation.RequiresAnyRole.IsEmpty() && !operation.RequiresAnyRole.Any(allRoles.Contains)) { return(false); } if (!operation.RequiresAnyPermission.IsEmpty() && !operation.RequiresAnyPermission.Any(allPerms.Contains)) { return(false); } return(true); } }