/// <summary> /// Authorizes current user for given permission or permissions, /// throws <see cref="AbpAuthorizationException" /> if not authorized. /// </summary> /// <typeparam name="TUserId">The type of UserId</typeparam> /// <typeparam name="TTenantId">The type of TenantId</typeparam> /// <param name="permissionChecker">Permission checker</param> /// <param name="abpAuthorizeAttribute">Abp authorization attributes.</param> /// <returns></returns> public static async Task AuthorizeAsync <TTenantId, TUserId>( this IPermissionChecker <TTenantId, TUserId> permissionChecker, IAbpAuthorizeAttribute abpAuthorizeAttribute) where TTenantId : struct where TUserId : struct { var moduleCode = abpAuthorizeAttribute.ModuleCode; var permissions = abpAuthorizeAttribute.Permissions; var requireAll = abpAuthorizeAttribute.RequireAllPermissions; if (permissions.IsNullOrEmpty()) { return; } if (string.IsNullOrEmpty(moduleCode)) { await permissionChecker.AuthorizeAsync(requireAll, permissions); return; } if (requireAll) { foreach (var permissionName in permissions) { if (!(await permissionChecker.IsGrantedAsync(moduleCode, permissionName))) { throw new AbpAuthorizationException( "Required permissions of " + moduleCode + " are not granted. All of these permissions must be granted: " + string.Join(", ", permissions) ); } } } else { foreach (var permissionName in permissions) { if (await permissionChecker.IsGrantedAsync(moduleCode, permissionName)) { return; } } throw new AbpAuthorizationException( "Required permissions of " + moduleCode + " are not granted. At least one of these permissions must be granted: " + string.Join(", ", permissions) ); } }