public async Task <object> Post(AssignRoles request) { if (!Request.IsInProcessRequest()) { await RequiredRoleAttribute.AssertRequiredRoleAsync(Request, RoleNames.Admin); } if (string.IsNullOrEmpty(request.UserName)) { throw new ArgumentNullException(nameof(request.UserName)); } var userAuth = await AuthRepositoryAsync.GetUserAuthByUserNameAsync(request.UserName).ConfigAwait(); if (userAuth == null) { throw HttpError.NotFound(request.UserName); } await AuthRepositoryAsync.AssignRolesAsync(userAuth, request.Roles, request.Permissions).ConfigAwait(); return(new AssignRolesResponse { AllRoles = (await AuthRepositoryAsync.GetRolesAsync(userAuth).ConfigAwait()).ToList(), AllPermissions = (await AuthRepositoryAsync.GetPermissionsAsync(userAuth).ConfigAwait()).ToList(), }); }
public static async Task AssertAccessRoleAsync(IRequest req, string accessRole = null, string authSecret = null, CancellationToken token = default) { if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret) { await RequiredRoleAttribute.AssertRequiredRoleAsync(req, accessRole, token); } }
public async Task Does_validate_AssertRequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var request = registrationService.Request; HostContext.Container.Register(userAuth); await RequiredRoleAttribute.AssertRequiredRoleAsync(request, RoleNames.Admin); Assert.That(!request.Response.IsClosed); }