/// <summary>
/// Provides a filter to only run the asynchronous <paramref name="asyncFunc"/> when the consumer is considered authorized.
/// </summary>
/// <typeparam name="T">The result of the <paramref name="asyncFunc"/>.</typeparam>
/// <param name="asyncFunc">The asynchronous function to run when the consumer is considered authorized.</param>
/// <returns>
/// The result of the <paramref name="asyncFunc"/> or <c>null</c> when the consumer is not considered authorized.
/// </returns>
protected async Task <T> WhenAuthorized <T>(Func <Task <T> > asyncFunc) where T : class
{
Guard.NotNull(asyncFunc, nameof(asyncFunc), "Requires an asynchronous function to run when the consumer is considered authorized");
if (await _authorization.IsAuthorizedAsync(_permittedRole))
{
return(await asyncFunc());
}
throw new AuthorizationException($"Accessing secret is not permitted for role '{_permittedRole}'");
}