public DataIds ReadRequest(HttpRequest request) { if (request == null) { return(null); } DataIds ids = null; // check posted data if (request.ContentType != null && request.ContentType.Contains("application/json") && request.ContentLength > 0) { request.EnableRewind(); ids = _json.Deserialize <DataIds>(new JsonTextReader(new StreamReader(request.Body))); request.Body.Position = 0; } // check querystring if (ids == null && request.Query.Count > 0) { ids = new DataIds { OrganizationId = request.Query[SecurityConstants.ORG_ID], DivisionId = request.Query[SecurityConstants.DIV_ID] }; } return(ids); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, OrgDivDataRequirement requirement) { _logger.LogDebug($"Attempting to access resource protected with the {requirement.RequirementName} handler."); DataIds ids = _reader.GetDataIds(context.Resource); bool canAccess = CheckData(context.User, requirement.RequiredGroups, ids); if (canAccess) { _logger.LogDebug($"Principal WAS ABLE access resource protected with the {requirement.RequirementName} handler. Principal Summary: {context.User.ForLogging()}"); context.Succeed(requirement); } else { _logger.LogDebug($"Principal IS UNABLE to access resource protected with the {requirement.RequirementName} handler. Principal Summary: {context.User.ForLogging()}"); context.Fail(); } return(Task.CompletedTask); }
public bool CheckData(ClaimsPrincipal principal, List <string> requiredGroups, DataIds ids) { // TODO: when we tie console tokens to users this will have to change if (principal.IsAdmin() || !principal.IsUserIdentiy()) { return(true); } if (ids == null) { return(false); } if (ids.OrgNumber > 0 && principal.IsOrgAdmin(ids.OrgNumber)) { return(true); } for (int i = 0; i < requiredGroups.Count; i++) { bool canAccess = false; if (ids.OrgNumber > 0 && ids.DivNumber > 0) { canAccess = principal.HasGroupWithOrg(requiredGroups[i], ids.OrgNumber) && principal.HasGroupWithDivision(requiredGroups[i], ids.DivNumber); } if (ids.OrgNumber > 0 && ids.DivNumber == 0) { canAccess = principal.HasGroupWithOrg(requiredGroups[i], ids.OrgNumber); } if (ids.OrgNumber == 0 && ids.DivNumber > 0) { canAccess = principal.HasGroupWithDivision(requiredGroups[i], ids.DivNumber); } if (canAccess) { return(true); } } return(false); }