public async Task <AuthorizeDecision> EvaluateAsync(string userId, string orgId, params string[] perms)
{
var parsedPerms = new List <PermissionEnum>();
foreach (string s in perms)
{
if (Enum.TryParse <PermissionEnum>(s, out var p))
{
parsedPerms.Add(p);
}
else
{
return new AuthorizeDecision()
{
Allowed = false,
FailureReason = failureReason.Permissionformat,
FailureMessage = $"Unable to parse {s} to PermissionEnum."
}
};
}
Guid userIdGuid = new Guid(userId);
Guid orgIdGuid = new Guid(orgId);
// Check if Organization exists so a 404 can be returned on request for non-existent org
if (!await _orgManager.ExistsAsync(orgIdGuid))
{
return new AuthorizeDecision()
{
Allowed = false, FailureReason = failureReason.Tenantnotfound
}
}
;
// If no permissions specified, simply check whether the User has access
// If permissions specified, ensure user has all and access in one query
if (parsedPerms.Count == 0 && await _orgManager.UserHasAccessAsync(userIdGuid, orgIdGuid))
{
return(Ok());
}
else if (await _permSvc.UserHasPermissionsAsync(userIdGuid, orgIdGuid, parsedPerms))
{
return(Ok());
}
return(UnAuthorized());
}
