protected override bool IsAuthorized(HttpActionContext context) { if (context == null) throw new ArgumentException("HttpActionContext does not exist!"); Identity = GetWebApiIdentity(context); if (Identity == null) return false; return Identity.Permissions.Contains(context.Request.Method == HttpMethod.Get ? ReadPermission : WritePermission); }
static WebApiIdentityRepository() { FakeDataStore = new Dictionary<string, WebApiIdentity>(); FakeDataStore["readonly"] = new WebApiIdentity { Token = "readonly", AppIds = new HashSet<int>(new[] { 1, 2, 3 }), Permissions = new HashSet<Permission>(new[] { Permission.UsersRead, Permission.AppsRead }) }; FakeDataStore["writeonly"] = new WebApiIdentity { Token = "writeonly", AppIds = new HashSet<int>(new[] { 1, 2, 3 }), Permissions = new HashSet<Permission>(new[] { Permission.UsersWrite, Permission.AppsWrite }) }; FakeDataStore["admin"] = new WebApiIdentity { Token = "admin", AppIds = new HashSet<int>(new[] { 1, 2, 3 }), Permissions = new HashSet<Permission>(new[] { Permission.UsersWrite, Permission.UsersRead, Permission.AppsRead, Permission.AppsWrite }) }; }