/// <summary>
/// Function to authorize the currently logged in user
/// </summary>
/// <returns></returns>
public bool Authorize()
{
try
{
var userId = User.Claims.First().Value;
UserData ud = Auth0APIClient.GetUserData(userId);
List <UserPermission> permissions = Auth0APIClient.GetPermissions(ud.user_id);
bool authorized = false;
foreach (UserPermission perm in permissions)
{
if (perm.permission_name == ModelUtility.AccessLevel1 || perm.permission_name == ModelUtility.AccessLevel2)
{
authorized = true;
break;
}
}
if (authorized == false)
{
throw new HttpResponseException(HttpStatusCode.Unauthorized);
}
return(authorized);
}
catch (Exception e)
{
throw new HttpResponseException(Utility.CreateResponseMessage(e));
}
}
/// <summary>
/// Endpoint to return all the permissions associated with a given user
/// </summary>
/// <returns>JSON containing permissions</returns>
public async Task <JsonResult> Permissions()
{
try
{
Authorize();
}
catch (HttpResponseException e)
{
return(Json(new
{
newUrl = Url.Action("Error", Utility.CreateHttpErrorView(e, "401 Unauthorized"))
}));
}
try
{
var userId = User.Claims.First().Value;
UserData ud = Auth0APIClient.GetUserData(userId);
List <UserPermission> permissions = Auth0APIClient.GetPermissions(ud.user_id);
return(Json(new
{
permissions = permissions
}));
}
catch (HttpResponseException e)
{
string guid = ExceptionReporter.DumpException(e);
ServerErrorViewModel error = await Utility.CreateServerErrorView(e);
return(Json(new
{
newUrl = Url.Action("ServerError", error)
}));
}
catch (Exception e)
{
string guid = ExceptionReporter.DumpException(e);
return(Json(new
{
newUrl = Url.Action("Error", Utility.CreateBasicExceptionView(e, guid))
}));
}
}
public void GetPermissionsTest()
{
var users = Auth0APIClient.GetAllUsers();
Assert.IsNotNull(Auth0APIClient.GetPermissions(users[0].user_id));
}