public async Task Invoke(CRUDContext <TService> ctx) { IAuthorizer <TService> authorizer = ctx.ServiceContainer.GetAuthorizer(); RunTimeMetadata metadata = ctx.Service.GetMetadata(); foreach (DbSet dbSet in ctx.Request.dbSets) { //methods on domain service which are attempted to be executed by client (SaveChanges triggers their execution) Dictionary <string, MethodInfoData> domainServiceMethods = new Dictionary <string, MethodInfoData>(); DbSetInfo dbInfo = metadata.DbSets[dbSet.dbSetName]; dbSet.rows.Aggregate <RowInfo, Dictionary <string, MethodInfoData> >(domainServiceMethods, (dict, rowInfo) => { MethodInfoData method = rowInfo.GetCRUDMethodInfo(metadata, dbInfo.dbSetName); if (method == null) { throw new DomainServiceException(string.Format(ErrorStrings.ERR_REC_CHANGETYPE_INVALID, dbInfo.GetEntityType().Name, rowInfo.changeType)); } string dicKey = string.Format("{0}:{1}", method.OwnerType.FullName, method.MethodInfo.Name); if (!dict.ContainsKey(dicKey)) { dict.Add(dicKey, method); } return(dict); }); await authorizer.CheckUserRightsToExecute(domainServiceMethods.Values); } await _next(ctx); }
public static bool CanAccessMethod(MethodInfo methInfo, IAuthorizer authorizer) { try { authorizer.CheckUserRightsToExecute(methInfo); return true; } catch(AccessDeniedException) { return false; } }
public static bool CanAccessMethod(MethodInfo methInfo, IAuthorizer authorizer) { try { authorizer.CheckUserRightsToExecute(methInfo); return(true); } catch (AccessDeniedException) { return(false); } }