internal static Task HandleRequirements(ClaimController _claimDbController, ActorClaimController _actorClaimDbController, AuthorizationHandlerContext context, AuthorizationRequirement requirement, int entityId) { var claim = _claimDbController.Get(requirement.ClaimScope, requirement.Name); if (claim != null) { var claims = _actorClaimDbController.GetActorClaimsForEntity(int.Parse(context.User.Identity.Name), entityId, requirement.ClaimScope).ToList(); if (claims.Any(c => c.Id == claim.Id)) { context.Succeed(requirement); } } return(Task.CompletedTask); }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationRequirement requirement, Tuple <string[], string[]> newAndCurrentRoles) { if (!GetIsRolesChanged(newAndCurrentRoles.Item1, newAndCurrentRoles.Item2)) { context.Succeed(requirement); } else if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.AssignRoles)) { // If user has ViewRoles permission, then he can assign any roles if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.ViewRoles)) { context.Succeed(requirement); } // Else user can only assign roles they're part of else if (GetIsUserInAllAddedRoles(context.User, newAndCurrentRoles.Item1, newAndCurrentRoles.Item2)) { context.Succeed(requirement); } } return(Task.CompletedTask); }