private bool FilterByPolicies(OperationInspector inspector, ODataOperationMethodDescriptor action, Content content)
{
if (action.OperationInfo.Policies.Length == 0)
{
return(true);
}
//TODO:~ set HttpContext in OperationCallingContext
var context = new OperationCallingContext(content, action.OperationInfo);
switch (inspector.CheckPolicies(action.OperationInfo.Policies, context))
{
case OperationMethodVisibility.Invisible:
return(false);
case OperationMethodVisibility.Disabled:
// according to the policy this action is visible to the user but cannot be executed
action.Forbidden = true;
break;
case OperationMethodVisibility.Enabled:
break;
default:
throw new ArgumentOutOfRangeException();
}
return(true);
}
private bool FilterByPermissions(OperationInspector inspector, ODataOperationMethodDescriptor action, Content content)
{
action.Forbidden |= !IsPermitted(inspector, content, action.OperationInfo.Permissions);
return(true);
}