public async Task <AuthorizationResult> AuthorizeAsync(PingCommand instance, CancellationToken cancellation = default)
{
return(instance.PingName == "T" ?
await Task.FromResult(AuthorizationResult.Succeed())
:
await Task.FromResult(AuthorizationResult.Fail(":(")));
}
public async Task <AuthorizationResult> Handle(AssignedToProjectRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
if (projectId == null)
{
var step = new Step();
if (requirement.StepId != null)
{
step = await _context.Steps.FindAsync(requirement.StepId);
}
else if (requirement.TaskId != null)
{
var task = await _context.Tasks.Include(t => t.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);
step = task?.Step;
}
else if (requirement.SubtaskId != null)
{
var subTask = await _context.Subtasks.Include(s => s.Task)
.Include(s => s.Task.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.SubtaskId, cancellationToken);
step = subTask?.Task.Step;
}
else
{
throw new Exception();
}
if (step == null)
{
return(AuthorizationResult.Fail("Can not access"));
}
projectId = step.ProjectId;
}
var assignment = await _context.ProjectAssignments
.FirstOrDefaultAsync(a => a.User.ApplicationUserId == userId && a.ProjectId == projectId, cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Can not access"));
}
public async Task <AuthorizationResult> AuthorizeAsync(TreeOperationCommandBase <TResponse> instance, CancellationToken cancellation = default)
{
var connection = _sqlConnectionFactory.GetOpenConnection();
const string sql =
"SELECT TOP 1 1 FROM [trees].[TreeUserProfile] tup " +
"JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
"WHERE tup.[TreeId] = @ownedTree AND up.[UserAuthId] = @treeOwner";
var owns = await connection.QueryFirstOrDefaultAsync <int?>(sql,
new { ownedTree = instance.TreeId.Value, treeOwner = instance.RequesterUserAuthId });
return(owns.HasValue
? AuthorizationResult.Succeed()
: AuthorizationResult.Fail("User is not owner of this tree"));
}
public async Task <AuthorizationResult> Handle(DeleteOrderRequirement request, CancellationToken cancellationToken)
{
var userId = request.UserId;
// logic
var canDeleteOrder = false;
if (canDeleteOrder != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("You don't have a subscription to this course."));
}
public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
if (feature.IsIn("Accounts"))
{
return(Task.FromResult(AuthorizationResult.Succeed()));
}
if (_userSession.IsAnonymous)
{
return(Task.FromResult(AuthorizationResult.Fail("Authentication is required")));
}
return(Task.FromResult(AuthorizationResult.Succeed()));
}
public async Task <AuthorizationResult> Handle(ProjectAuthorRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
var project = await _context.Projects
.FirstOrDefaultAsync(p => p.Id == projectId && p.CreatedBy == userId);
if (project != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Action not allowed"));
}
public async Task <AuthorizationResult> Handle(AssignedToTaskRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var taskId = requirement.TaskId;
var assignment = await _context.TaskAssignments
.FirstOrDefaultAsync(a => a.Id == taskId && a.User.ApplicationUserId == userId, cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Can not access task"));
}
public async Task <AuthorizationResult> AuthorizeAsync(MergeTreesCommand instance,
CancellationToken cancellation = default)
{
var connection = _sqlConnectionFactory.GetOpenConnection();
const string sql =
"SELECT TOP 2 1 FROM [trees].[TreeUserProfile] tup " +
"JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
"WHERE (tup.[TreeId] = @firstTree OR tup.[TreeId] = @secondTree) AND up.[UserAuthId] = @treeOwner";
var ownsFirst = await connection.QueryAsync <int>(sql,
new { firstTree = instance.First.Value, secondTree = instance.Second.Value, treeOwner = instance.RequesterUserAuthId });
return(ownsFirst?.Count() > 1
? AuthorizationResult.Succeed()
: AuthorizationResult.Fail("User is not owner of this tree"));
}
public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
// Examples of rules:
// if (feature.IsIn("Admin") && (await _userSession.User())?.IsAdmin == false)
// {
// return AuthorizationResult.Fail();
// }
// if (feature.Implements<IMustBeAuthenticated>() && _userSession.IsAnonymous)
// {
// return AuthorizationResult.Fail("Authentication is required");
// }
return(Task.FromResult(AuthorizationResult.Succeed()));
}
public async Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
{
if (feature.IsIn("Admin"))
{
if (_userSession.IsAnonymous || (await _userSession.User())?.IsAdmin == false)
{
return(AuthorizationResult.Fail("Unauthorized access"));
}
}
if (feature.Implements <IMustBeAuthenticated>() && _userSession.IsAnonymous)
{
return(AuthorizationResult.Fail("Authentication is required"));
}
return(AuthorizationResult.Succeed());
}
public async Task <AuthorizationResult> Handle(SuperMemberRequirement requirement, CancellationToken cancellationToken)
{
var userId = requirement.UserId;
var projectId = requirement.ProjectId;
if (projectId == null)
{
var step = new Step();
if (requirement.StepId != null)
{
step = await _context.Steps.FindAsync(requirement.StepId);
}
else if (requirement.TaskId != null)
{
var task = await _context.Tasks.Include(t => t.Step)
.FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);
step = task?.Step;
}
else
{
throw new Exception();
}
if (step == null)
{
return(AuthorizationResult.Fail("Action not allowed"));
}
projectId = step.ProjectId;
}
var assignment = await _context.ProjectAssignments
.FirstOrDefaultAsync(a =>
a.ProjectId == projectId && a.User.ApplicationUserId == userId && a.ProjectRole == ProjectRole.SuperMember.ToString(), cancellationToken);
if (assignment != null)
{
return(AuthorizationResult.Succeed());
}
return(AuthorizationResult.Fail("Action not allowed"));
}