예제 #1
0
 public async Task <AuthorizationResult> AuthorizeAsync(PingCommand instance, CancellationToken cancellation = default)
 {
     return(instance.PingName == "T" ?
            await Task.FromResult(AuthorizationResult.Succeed())
         :
            await Task.FromResult(AuthorizationResult.Fail(":(")));
 }
예제 #2
0
            public async Task <AuthorizationResult> Handle(AssignedToProjectRequirement requirement, CancellationToken cancellationToken)
            {
                var userId    = requirement.UserId;
                var projectId = requirement.ProjectId;

                if (projectId == null)
                {
                    var step = new Step();

                    if (requirement.StepId != null)
                    {
                        step = await _context.Steps.FindAsync(requirement.StepId);
                    }
                    else if (requirement.TaskId != null)
                    {
                        var task = await _context.Tasks.Include(t => t.Step)
                                   .FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);

                        step = task?.Step;
                    }
                    else if (requirement.SubtaskId != null)
                    {
                        var subTask = await _context.Subtasks.Include(s => s.Task)
                                      .Include(s => s.Task.Step)
                                      .FirstOrDefaultAsync(t => t.Id == requirement.SubtaskId, cancellationToken);

                        step = subTask?.Task.Step;
                    }
                    else
                    {
                        throw new Exception();
                    }

                    if (step == null)
                    {
                        return(AuthorizationResult.Fail("Can not access"));
                    }

                    projectId = step.ProjectId;
                }

                var assignment = await _context.ProjectAssignments
                                 .FirstOrDefaultAsync(a => a.User.ApplicationUserId == userId && a.ProjectId == projectId, cancellationToken);

                if (assignment != null)
                {
                    return(AuthorizationResult.Succeed());
                }

                return(AuthorizationResult.Fail("Can not access"));
            }
예제 #3
0
        public async Task <AuthorizationResult> AuthorizeAsync(TreeOperationCommandBase <TResponse> instance, CancellationToken cancellation = default)
        {
            var          connection = _sqlConnectionFactory.GetOpenConnection();
            const string sql        =
                "SELECT TOP 1 1 FROM [trees].[TreeUserProfile] tup " +
                "JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
                "WHERE tup.[TreeId] = @ownedTree AND up.[UserAuthId] = @treeOwner";
            var owns = await connection.QueryFirstOrDefaultAsync <int?>(sql,
                                                                        new { ownedTree = instance.TreeId.Value, treeOwner = instance.RequesterUserAuthId });

            return(owns.HasValue
                ? AuthorizationResult.Succeed()
                : AuthorizationResult.Fail("User is not owner of this tree"));
        }
        public async Task <AuthorizationResult> Handle(DeleteOrderRequirement request, CancellationToken cancellationToken)
        {
            var userId = request.UserId;

            // logic
            var canDeleteOrder = false;

            if (canDeleteOrder != null)
            {
                return(AuthorizationResult.Succeed());
            }

            return(AuthorizationResult.Fail("You don't have a subscription to this course."));
        }
예제 #5
0
        public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
        {
            if (feature.IsIn("Accounts"))
            {
                return(Task.FromResult(AuthorizationResult.Succeed()));
            }

            if (_userSession.IsAnonymous)
            {
                return(Task.FromResult(AuthorizationResult.Fail("Authentication is required")));
            }

            return(Task.FromResult(AuthorizationResult.Succeed()));
        }
예제 #6
0
            public async Task <AuthorizationResult> Handle(ProjectAuthorRequirement requirement, CancellationToken cancellationToken)
            {
                var userId    = requirement.UserId;
                var projectId = requirement.ProjectId;

                var project = await _context.Projects
                              .FirstOrDefaultAsync(p => p.Id == projectId && p.CreatedBy == userId);

                if (project != null)
                {
                    return(AuthorizationResult.Succeed());
                }

                return(AuthorizationResult.Fail("Action not allowed"));
            }
            public async Task <AuthorizationResult> Handle(AssignedToTaskRequirement requirement, CancellationToken cancellationToken)
            {
                var userId = requirement.UserId;
                var taskId = requirement.TaskId;

                var assignment = await _context.TaskAssignments
                                 .FirstOrDefaultAsync(a => a.Id == taskId && a.User.ApplicationUserId == userId, cancellationToken);

                if (assignment != null)
                {
                    return(AuthorizationResult.Succeed());
                }

                return(AuthorizationResult.Fail("Can not access task"));
            }
        public async Task <AuthorizationResult> AuthorizeAsync(MergeTreesCommand instance,
                                                               CancellationToken cancellation = default)
        {
            var          connection = _sqlConnectionFactory.GetOpenConnection();
            const string sql        =
                "SELECT TOP 2 1 FROM [trees].[TreeUserProfile] tup " +
                "JOIN [trees].UserProfiles up ON up.[Id] = tup.[UserId] " +
                "WHERE (tup.[TreeId] = @firstTree OR tup.[TreeId] = @secondTree) AND up.[UserAuthId] = @treeOwner";
            var ownsFirst = await connection.QueryAsync <int>(sql,
                                                              new { firstTree = instance.First.Value, secondTree = instance.Second.Value, treeOwner = instance.RequesterUserAuthId });


            return(ownsFirst?.Count() > 1
                ? AuthorizationResult.Succeed()
                : AuthorizationResult.Fail("User is not owner of this tree"));
        }
예제 #9
0
        public Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
        {
            // Examples of rules:

            // if (feature.IsIn("Admin") && (await _userSession.User())?.IsAdmin == false)
            // {
            //     return AuthorizationResult.Fail();
            // }

            // if (feature.Implements<IMustBeAuthenticated>() && _userSession.IsAnonymous)
            // {
            //     return AuthorizationResult.Fail("Authentication is required");
            // }

            return(Task.FromResult(AuthorizationResult.Succeed()));
        }
예제 #10
0
        public async Task <AuthorizationResult> Evaluate <TRequest>(TRequest request, FeatureInfo feature)
        {
            if (feature.IsIn("Admin"))
            {
                if (_userSession.IsAnonymous || (await _userSession.User())?.IsAdmin == false)
                {
                    return(AuthorizationResult.Fail("Unauthorized access"));
                }
            }

            if (feature.Implements <IMustBeAuthenticated>() && _userSession.IsAnonymous)
            {
                return(AuthorizationResult.Fail("Authentication is required"));
            }

            return(AuthorizationResult.Succeed());
        }
            public async Task <AuthorizationResult> Handle(SuperMemberRequirement requirement, CancellationToken cancellationToken)
            {
                var userId    = requirement.UserId;
                var projectId = requirement.ProjectId;

                if (projectId == null)
                {
                    var step = new Step();

                    if (requirement.StepId != null)
                    {
                        step = await _context.Steps.FindAsync(requirement.StepId);
                    }
                    else if (requirement.TaskId != null)
                    {
                        var task = await _context.Tasks.Include(t => t.Step)
                                   .FirstOrDefaultAsync(t => t.Id == requirement.TaskId, cancellationToken);

                        step = task?.Step;
                    }
                    else
                    {
                        throw new Exception();
                    }

                    if (step == null)
                    {
                        return(AuthorizationResult.Fail("Action not allowed"));
                    }

                    projectId = step.ProjectId;
                }

                var assignment = await _context.ProjectAssignments
                                 .FirstOrDefaultAsync(a =>
                                                      a.ProjectId == projectId && a.User.ApplicationUserId == userId && a.ProjectRole == ProjectRole.SuperMember.ToString(), cancellationToken);

                if (assignment != null)
                {
                    return(AuthorizationResult.Succeed());
                }

                return(AuthorizationResult.Fail("Action not allowed"));
            }