private bool HasDelegateClaim(string claimType, Models.NewsPost newsPost) { var userContext = _userContextAccessor.GetContext(); // check for claimType with value equal this NewsPost's Id return(userContext.SecurityClaims.Any(x => x.Type == claimType && x.Value == newsPost.Id)); }
public bool AuthorizeForDelete(Models.NewsPost newsPost) { // Can author News and this is their News if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost)) { return(true); } // Is a site admin and this is their News if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost)) { return(true); } // Client Level Primary Admin can manage everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } // Client Level Content Admin can manage all content if (HasAdminClaim(ClientClaimTypes.UserContentManage)) { return(true); } // Client Level News Admin can manage all News if (HasAdminClaim(NewsClaimTypes.UserNewsManage)) { return(true); } return(false); }
public bool AuthorizeForPublish(Models.NewsPost newsPost) { // Can author News and this is their News if (HasAuthorClaim(NewsClaimTypes.PersonalNewsPublish, newsPost)) { return(true); } // Is a site admin and this is their News if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost)) { return(true); } // Client Level Primary Admin can manage everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } // Client Level Content Admin can publish all content if (HasAdminClaim(ClientClaimTypes.UserContentPublish)) { return(true); } // Client Level News Admin can publish all News if (HasAdminClaim(NewsClaimTypes.UserNewsPublish)) { return(true); } // no delegate claims to check since "publish" is not allowed to be delegated return(false); }
private bool HasAuthorClaim(string claimType, Models.NewsPost newsPost) { var userContext = _userContextAccessor.GetContext(); if (userContext.UserId == newsPost.UserId) { // not checking value because is irrevant since we're checking the NewsPost.author directly. return(userContext.SecurityClaims.Any(x => x.Type == claimType)); } return(false); }
public bool AuthorizeForRead(Models.NewsPost newsPost) { // The user can create News and this is their News if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost)) { return(true); } // The user is a site admin and this is their News if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost)) { return(true); } // The user has been granted read access to this News by the author if (HasDelegateClaim(NewsClaimTypes.NewsPostRead, newsPost)) { return(true); } // Client Level News Content Admin can view all News if (HasAdminClaim(NewsClaimTypes.UserNewsBrowse)) { return(true); } // Client Level User Content Admin can view all content if (HasAdminClaim(ClientClaimTypes.UserContentBrowse)) { return(true); } // Client Level Primary Admin can view everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } return(false); }
public bool AuthorizeForEdit(Models.NewsPost newsPost) { // Can author News and this is their News if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost)) { return(true); } // Is a site admin and this is their News if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost)) { return(true); } // Has been granted access to edit this News by the author if (HasDelegateClaim(NewsClaimTypes.NewsPostEdit, newsPost)) { return(true); } // Client Level Primary Admin can manage everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } // Client Level Content Admin can manage all content if (HasAdminClaim(ClientClaimTypes.UserContentManage)) { return(true); } // Client Level News Admin can manage all News if (HasAdminClaim(NewsClaimTypes.UserNewsManage)) { return(true); } return(false); }