/// <summary> /// Checks Policy property. /// If it's not empty and validation fails, return false. /// Otherwise returns true. /// </summary> private bool CheckPolicy(TwinoMvc mvc, ActionDescriptor descriptor, FilterContext context) { if (string.IsNullOrEmpty(Policy)) { return(true); } Policy policy = mvc.Policies.Get(Policy); if (policy != null) { if (!policy.Validate(descriptor, context)) { context.Result = StatusCodeResult.Unauthorized(); return(false); } } return(true); }
/// <summary> /// Verifies authority of action execution. /// If authorization fails, context.Result will be set to 403 or 401 /// </summary> public void VerifyAuthority(TwinoMvc mvc, ActionDescriptor descriptor, FilterContext context) { if (context.User == null) { context.Result = StatusCodeResult.Unauthorized(); return; } if (!CheckPolicy(mvc, descriptor, context)) { return; } if (!CheckRoles(descriptor, context)) { return; } CheckClaims(descriptor, context); }