private bool HasDelegateClaim(string claimType, Models.NewsPost newsPost)
{
var userContext = _userContextAccessor.GetContext();
// check for claimType with value equal this NewsPost's Id
return(userContext.SecurityClaims.Any(x => x.Type == claimType && x.Value == newsPost.Id));
}
public bool AuthorizeForDelete(Models.NewsPost newsPost)
{
// Can author News and this is their News
if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost))
{
return(true);
}
// Is a site admin and this is their News
if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can manage all content
if (HasAdminClaim(ClientClaimTypes.UserContentManage))
{
return(true);
}
// Client Level News Admin can manage all News
if (HasAdminClaim(NewsClaimTypes.UserNewsManage))
{
return(true);
}
return(false);
}
public bool AuthorizeForPublish(Models.NewsPost newsPost)
{
// Can author News and this is their News
if (HasAuthorClaim(NewsClaimTypes.PersonalNewsPublish, newsPost))
{
return(true);
}
// Is a site admin and this is their News
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can publish all content
if (HasAdminClaim(ClientClaimTypes.UserContentPublish))
{
return(true);
}
// Client Level News Admin can publish all News
if (HasAdminClaim(NewsClaimTypes.UserNewsPublish))
{
return(true);
}
// no delegate claims to check since "publish" is not allowed to be delegated
return(false);
}
private bool HasAuthorClaim(string claimType, Models.NewsPost newsPost)
{
var userContext = _userContextAccessor.GetContext();
if (userContext.UserId == newsPost.UserId)
{
// not checking value because is irrevant since we're checking the NewsPost.author directly.
return(userContext.SecurityClaims.Any(x => x.Type == claimType));
}
return(false);
}
public bool AuthorizeForRead(Models.NewsPost newsPost)
{
// The user can create News and this is their News
if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost))
{
return(true);
}
// The user is a site admin and this is their News
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost))
{
return(true);
}
// The user has been granted read access to this News by the author
if (HasDelegateClaim(NewsClaimTypes.NewsPostRead, newsPost))
{
return(true);
}
// Client Level News Content Admin can view all News
if (HasAdminClaim(NewsClaimTypes.UserNewsBrowse))
{
return(true);
}
// Client Level User Content Admin can view all content
if (HasAdminClaim(ClientClaimTypes.UserContentBrowse))
{
return(true);
}
// Client Level Primary Admin can view everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
return(false);
}
public bool AuthorizeForEdit(Models.NewsPost newsPost)
{
// Can author News and this is their News
if (HasAuthorClaim(NewsClaimTypes.PersonalNewsAuthor, newsPost))
{
return(true);
}
// Is a site admin and this is their News
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, newsPost))
{
return(true);
}
// Has been granted access to edit this News by the author
if (HasDelegateClaim(NewsClaimTypes.NewsPostEdit, newsPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can manage all content
if (HasAdminClaim(ClientClaimTypes.UserContentManage))
{
return(true);
}
// Client Level News Admin can manage all News
if (HasAdminClaim(NewsClaimTypes.UserNewsManage))
{
return(true);
}
return(false);
}
