public void OnAuthorization(HttpActionContext actionContext)
{
// allowing super/system admin queries anything
if (_authorizationService.CanAccessEverything())
{
return;
}
// default to current user
// note: only AgencyAdministrator is allowed so call CanWriteUser
var currentUserId = _owinContext.GetCurrentUserId();
var userId = actionContext.GetOrSetQueryString("userId", currentUserId);
if (!_authorizationService.CanWriteUser(userId))
{
actionContext.SetUnauthorizedResponse();
}
// note: only AgencyAdministrator is allowed so call CanWriteBuyerAccount
var buyerAccountUuid = actionContext.GetQueryString <Guid?>("buyerAccountUuid");
if (buyerAccountUuid.HasValue && !_authorizationService.CanWriteBuyerAccount(buyerAccountUuid.Value))
{
actionContext.SetUnauthorizedResponse();
}
}
public void OnAuthorization(HttpActionContext actionContext)
{
var currentUserId = _owinContext.GetCurrentUserId();
var userId = actionContext.GetOrSetQueryString("userId", currentUserId);
if (!_authorizationService.CanReadUser(userId))
{
actionContext.SetUnauthorizedResponse();
return;
}
var queryString = actionContext.Request.RequestUri.ParseQueryString();
Guid buyerAccountUuid;
var hasBuyerAccountUuid = Guid.TryParse(queryString["buyerAccountUuid"], out buyerAccountUuid);
if (hasBuyerAccountUuid && !_authorizationService.CanReadBuyerAccount(buyerAccountUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid advertiserUuid;
var hasAdvertiserUuid = Guid.TryParse(queryString["advertiserUuid"], out advertiserUuid);
if (hasAdvertiserUuid && !_authorizationService.CanReadAdvertiser(advertiserUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid brandUuid;
var hasBrandUuid = Guid.TryParse(queryString["brandUuid"], out brandUuid);
if (hasBrandUuid && !_authorizationService.CanReadBrand(brandUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid campaignUuid;
var hasCampaignUuid = Guid.TryParse(queryString["campaignUuid"], out campaignUuid);
if (hasCampaignUuid && !_authorizationService.CanReadCampaign(campaignUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid creativeUuid;
var hasCreativeUuid = Guid.TryParse(queryString["creativeUuid"], out creativeUuid);
if (hasCreativeUuid && !_authorizationService.CanReadCreative(creativeUuid))
{
actionContext.SetUnauthorizedResponse();
}
}
public void OnAuthorization(HttpActionContext actionContext)
{
var currentUserId = _owinContext.GetCurrentUserId();
var userId = actionContext.GetOrSetQueryString("userId", currentUserId);
if (!_authorizationService.CanReadUser(userId))
{
actionContext.SetUnauthorizedResponse();
}
}
public void OnAuthorization(HttpActionContext actionContext)
{
// allowing super/system admin queries anything
if (_authorizationService.CanAccessEverything())
{
return;
}
var currentUserId = _owinContext.GetCurrentUserId();
var userId = actionContext.GetOrSetQueryString("userId", currentUserId);
if (!_authorizationService.CanReadUser(userId))
{
actionContext.SetUnauthorizedResponse();
}
}
public void OnAuthorization(HttpActionContext actionContext)
{
var currentUserId = _owinContext.GetCurrentUserId();
var userId = actionContext.GetOrSetQueryString("userId", currentUserId);
if (!_authorizationService.CanReadUser(userId))
{
actionContext.SetUnauthorizedResponse();
return;
}
var queryString = actionContext.Request.RequestUri.ParseQueryString();
Guid buyerAccountUuid;
var hasBuyerAccountUuid = Guid.TryParse(queryString["buyerAccountUuid"], out buyerAccountUuid);
if (hasBuyerAccountUuid && !_authorizationService.CanReadBuyerAccount(buyerAccountUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid strategyUuidUuid;
var hasStrategyUuidUuid = Guid.TryParse(queryString["strategyUuid"], out strategyUuidUuid);
if (hasStrategyUuidUuid && !_authorizationService.CanReadStrategy(strategyUuidUuid))
{
actionContext.SetUnauthorizedResponse();
return;
}
Guid campaignUuid;
var hasCampaignUuid = Guid.TryParse(queryString["campaignUuid"], out campaignUuid);
if (hasCampaignUuid && !_authorizationService.CanReadCampaign(campaignUuid))
{
actionContext.SetUnauthorizedResponse();
}
}