public static async Task IsEventAdminCheck(AuthorizationHandlerContext authContext, PuzzleServerContext dbContext, UserManager <IdentityUser> userManager, IAuthorizationRequirement requirement) { PuzzleUser puzzleUser = await PuzzleUser.GetPuzzleUserForCurrentUser(dbContext, authContext.User, userManager); Event thisEvent = await AuthorizationHelper.GetEventFromContext(authContext); EventRole role = AuthorizationHelper.GetEventRoleFromContext(authContext); if (thisEvent != null && role == EventRole.admin && await puzzleUser.IsAdminForEvent(dbContext, thisEvent)) { authContext.Succeed(requirement); } }
public async Task IsEventAdminCheck(AuthorizationHandlerContext authContext, IAuthorizationRequirement requirement) { EventRole role = GetEventRoleFromRoute(); if (role != EventRole.admin) { return; } PuzzleUser puzzleUser = await PuzzleUser.GetPuzzleUserForCurrentUser(dbContext, authContext.User, userManager); Event thisEvent = await GetEventFromRoute(); if (thisEvent != null && puzzleUser != null && await puzzleUser.IsAdminForEvent(dbContext, thisEvent)) { authContext.Succeed(requirement); } }
/// <summary> /// Returns whether the user is authorized to view the file /// </summary> /// <param name="eventId">The current event</param> /// <param name="puzzle">The puzzle the file belongs to</param> /// <param name="content">The file</param> private async Task <bool> IsAuthorized(int eventId, Puzzle puzzle, ContentFile content) { Event currentEvent = await(from ev in context.Events where ev.ID == eventId select ev).SingleAsync(); PuzzleUser user = await PuzzleUser.GetPuzzleUserForCurrentUser(context, User, userManager); // Admins can see all files if (await user.IsAdminForEvent(context, currentEvent)) { return(true); } // Authors can see all files attached to their puzzles if (await UserEventHelper.IsAuthorOfPuzzle(context, puzzle, user)) { return(true); } Team team = await UserEventHelper.GetTeamForPlayer(context, currentEvent, user); if (team == null) { return(false); } // Once answers are available, so are all other files if (currentEvent.AreAnswersAvailableNow) { return(true); } PuzzleStatePerTeam puzzleState = await PuzzleStateHelper.GetFullReadOnlyQuery(context, currentEvent, puzzle, team).SingleAsync(); switch (content.FileType) { case ContentFileType.Answer: // The positive case is already handled above by checking AreAnswersAvailableNow return(false); case ContentFileType.Puzzle: case ContentFileType.PuzzleMaterial: if (puzzleState.UnlockedTime != null) { return(true); } else { return(false); } case ContentFileType.SolveToken: if (puzzleState.SolvedTime != null) { return(true); } else { return(false); } default: throw new NotImplementedException(); } }