protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { if (context.HasSucceeded) { // This handler is not revoking any pre-existing grants. return; } if (requirement.Permission.Name != Permissions.ManageMediaFolder.Name) { return; } if (context.Resource == null) { return; } _pathSeparator = _fileStore.Combine("a", "b").Contains('/') ? '/' : '\\'; // ensure end trailing slash _mediaFieldsFolder = _fileStore.NormalizePath(_attachedMediaFieldFileService.MediaFieldsFolder) .TrimEnd(_pathSeparator) + _pathSeparator; _usersFolder = _fileStore.NormalizePath(_mediaOptions.AssetsUsersFolder) .TrimEnd(_pathSeparator) + _pathSeparator; var path = context.Resource as string; string userOwnFolder = _fileStore.NormalizePath( _fileStore.Combine(_usersFolder, _userAssetFolderNameProvider.GetUserAssetFolderName(context.User))) .TrimEnd(_pathSeparator) + _pathSeparator; Permission permission = Permissions.ManageMedia; // handle attached media field folder if (IsAuthorizedFolder(_mediaFieldsFolder, path) || IsDescendantOfauthorizedFolder(_mediaFieldsFolder, path)) { permission = Permissions.ManageAttachedMediaFieldsFolder; } if (IsAuthorizedFolder(_usersFolder, path) || IsAuthorizedFolder(userOwnFolder, path) || IsDescendantOfauthorizedFolder(userOwnFolder, path)) { permission = Permissions.ManageOwnMedia; } if (IsDescendantOfauthorizedFolder(_usersFolder, path) && !IsAuthorizedFolder(userOwnFolder, path) && !IsDescendantOfauthorizedFolder(userOwnFolder, path)) { permission = Permissions.ManageOthersMedia; } // Lazy load to prevent circular dependencies var authorizationService = _serviceProvider.GetService <IAuthorizationService>(); if (await authorizationService.AuthorizeAsync(context.User, permission)) { context.Succeed(requirement); } }
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { if (context.HasSucceeded) { // This handler is not revoking any pre-existing grants. return; } if (requirement.Permission.Name != Permissions.ManageAttachedMediaFieldsFolder.Name) { return; } if (context.Resource == null) { return; } _pathSeparator = _fileStore.Combine("a", "b").Contains("/") ? "/" : "\\"; // ensure end trailing slash _mediaFieldsFolder = _fileStore.NormalizePath(_attachedMediaFieldFileService.MediaFieldsFolder) .TrimEnd(_pathSeparator.ToCharArray()) + _pathSeparator; var path = context.Resource as string; if (!IsMediaFieldsFolder(path) && !IsDescendantOfMediaFieldsFolder(path)) { context.Succeed(requirement); } // If we get to here, the path is on the media fields folder and the user must have the ManageMediaFieldsFolder permission. // Lazy load to prevent circular dependencies var authorizationService = _serviceProvider.GetService <IAuthorizationService>(); if (await authorizationService.AuthorizeAsync(context.User, Permissions.ManageAttachedMediaFieldsFolder)) { context.Succeed(requirement); } }