/// <summary> /// Add a policy to the options that require an organization /// role to be present for the user. This can be used if some application /// provides multi-tenancy and the service must be able to distinguish roles /// from different Zitadel organizations. /// </summary> /// <param name="options">The options object to extend.</param> /// <param name="policyName">Name of the policy (e.g. CaosUser).</param> /// <param name="organizationId">The id of the organization from Zitadel.</param> /// <param name="roles">A list of roles that need to be fulfilled (one of them, at least).</param> public static void AddZitadelOrganizationRolePolicy( this AuthorizationOptions options, string policyName, string organizationId, params string[] roles) => options.AddPolicy( policyName, policy => policy .RequireAuthenticatedUser() .RequireClaim(ZitadelDefaults.OrganizationRoleClaimName(organizationId), roles));
/// <summary> /// Checks a principal if it inherits a specific role in context of an organization. /// </summary> /// <param name="principal">The principal to check.</param> /// <param name="organizationId">Zitadel ID of the organization.</param> /// <param name="role">Role that must be present on the principal.</param> /// <returns>True if the role is on the principal. False otherwise.</returns> public static bool IsInRole(this ClaimsPrincipal principal, string organizationId, string role) => principal.HasClaim(ZitadelDefaults.OrganizationRoleClaimName(organizationId), role);