protected override void Handle(AuthorizationContext context, StatusRequirement requirement)
{
if (context.User.IsInRole("supervisor"))
{
context.Succeed(requirement);
return;
}
if (context.User.HasClaim("department", _department) &&
context.User.HasClaim("status", _status))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement operation, Survey resource)
{
// if the survey is in the same tenant
// Add SURVEYADMIN/SURVEYCREATER/SURVEYREADER to permission set
// else if survey is in differnt tenant
// Add CONTRIBUTOR to permission set if user is contributor on survey
//
// if user is owner of the survey
// Add OWNER to the permission set
var permissions = new List <UserPermissionType>();
int surveyTenantId = context.User.GetSurveyTenantIdValue();
int userId = context.User.GetSurveyUserIdValue();
string user = context.User.GetUserName();
if (resource.TenantId == surveyTenantId)
{
// Admin can do anything, as long as the resource belongs to the admin's tenant.
if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin))
{
context.Succeed(operation);
return;
}
if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyCreator))
{
permissions.Add(UserPermissionType.Creator);
}
else
{
permissions.Add(UserPermissionType.Reader);
}
if (resource.OwnerId == userId)
{
permissions.Add(UserPermissionType.Owner);
}
}
if (resource.Contributors != null && resource.Contributors.Any(x => x.UserId == userId))
{
permissions.Add(UserPermissionType.Contributor);
}
if (ValidateUserPermissions[operation](permissions))
{
_logger.ValidatePermissionsSucceeded(user, context.User.GetTenantIdValue(), operation.Name, permissions.Select(p => p.ToString()));
context.Succeed(operation);
}
}
protected override void Handle(AuthorizationContext context, Over18Requirement requirement)
{
if (!context.User.HasClaim(c => c.Type == ClaimTypes.DateOfBirth))
{
context.Fail();
return;
}
var dateOfBirth = Convert.ToDateTime(context.User.FindFirst(c => c.Type == ClaimTypes.DateOfBirth).Value);
int age = DateTime.Today.Year - dateOfBirth.Year;
if (dateOfBirth > DateTime.Today.AddYears(-age))
{
age--;
}
if (age >= 18)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
public override void Handle(AuthorizationContext context, MyAuthRequirement requirement)
{
// grab the identity for the MyAuth authentication
var myAuthIdentities = context.User.Identities.Where(x => x.AuthenticationType == "MyAuth").FirstOrDefault();
if (myAuthIdentities == null)
{
context.Fail();
return;
}
// grab the authentication header and uri types for our identity
var authHeaderClaim = myAuthIdentities.Claims.Where(x => x.Type == ClaimTypes.Authentication).FirstOrDefault();
var uriClaim = context.User.Claims.Where(x => x.Type == ClaimTypes.Uri).FirstOrDefault();
if (uriClaim == null || authHeaderClaim == null)
{
context.Fail();
return;
}
// enforce our requirement (evaluate values from the identity/claims)
if (/* passes our enforcement test */)
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
protected override void Handle(AuthorizationContext context, DayRequirement requirement)
{
if (DateTime.Now.DayOfWeek == DayOfWeek)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Entry resource)
{
if (resource.IsPublic || context.User.Identity.Name == resource.Author)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, PassThroughRequirement requirement)
{
if (Succeed)
{
context.Succeed(requirement);
}
}
public async Task HandleAsync(AuthorizationContext context)
{
if (await Handler(context))
{
context.Succeed(this);
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, ExpenseReport resource)
{
if (_allowed.Contains(requirement))
{
context.Succeed(requirement);
}
}
public async Task HandleAsync(AuthorizationContext context)
{
if (await Handler(context))
{
context.Succeed(this);
}
}
protected override void Handle(AuthorizationContext context, NameAuthorizationRequirement requirement)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
if (requirement == null)
{
throw new ArgumentNullException(nameof(requirement));
}
if (context.User == null)
{
return;
}
var identities = context.User.Identities;
foreach (var identity in identities)
{
if (ContainsRequiredName(identity, requirement))
{
context.Succeed(requirement);
break;
}
}
}
public async Task HandleAsync(AuthorizationContext context)
{
var permissionType = typeof(PermissionAuthorizationRequirement <TPermissionEnum>);
if (context.Resource != null)
{
permissionType = typeof(PermissionAuthorizationRequirement <,>).MakeGenericType(typeof(TPermissionEnum), context.Resource.GetType());
}
var requirements = context.Policy.Requirements.Where(t => permissionType.IsAssignableFrom(t.GetType())).Cast <PermissionAuthorizationRequirement <TPermissionEnum> >().ToArray();
if (requirements.Length == 0)
{
return;
}
var permissions = await _provider.GetPermissions(context);
if (permissions == null || !permissions.Any())
{
return;
}
foreach (var req in requirements)
{
if (permissions.Contains(req.Permission))
{
context.Succeed(req);
}
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
{
if (context.User.HasClaim("SuperUser", "yes"))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, EditRequirement requirement, Document resource)
{
if (resource.Author == context.User.FindFirst(ClaimTypes.Name).Value)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, AlbumOwnerRequirement requirement, Album resource)
{
if (resource.Publisher == context.User.FindFirst(Constants.CompanyClaimType).Value)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, int id)
{
if (id % 2 == 0)
{
context.Succeed(requirement);
}
}
/// <summary>
/// Calls <see cref="AssertionRequirement.Handler"/> to see if authorization is allowed.
/// </summary>
/// <param name="context">The authorization information.</param>
/// <param name="ctk">CancellationToken</param>
public async Task HandleAsync(AuthorizationContext context, CancellationToken ctk = default)
{
if (await Handler(context))
{
context.Succeed(this);
}
}
protected override void Handle(AuthorizationContext context, ModifyRequirement requirement, Entry resource)
{
if (resource.Author == context.User.Identity.Name)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, NoPhpeesRequirement requirement)
{
if (!context.User.Claims.Any(x => x.Type.Equals("Language") && x.Value.Equals("PHP")))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, RolesAuthorizationRequirement requirement)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
if (requirement == null)
{
throw new ArgumentNullException(nameof(requirement));
}
if (context.User == null)
{
return;
}
Debug.Assert(requirement.AllowedRoles != null, "requirement.AllowedRoles != null");
Debug.Assert(requirement.AllowedRoles.Any(), "requirement.AllowedRoles.Any()");
var found = requirement.AllowedRoles.Any(role => context.User.IsInRole(role));
if (found)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, SurveyCreatorRequirement requirement)
{
if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin) || context.User.HasClaim(ClaimTypes.Role, Roles.SurveyCreator))
{
context.Succeed(requirement);
}
}
public override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement)
{
if (context.User.HasClaim("Manager", "yes"))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, SurveyAdminRequirement requirement)
{
//Check user claims for Role
if (context.User.HasClaim(ClaimTypes.Role, Roles.SurveyAdmin))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, LoginRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "UsernameAndPassword" && c.Issuer == "http://www.cnblogs.com/rohelm"))
{
return;
}
context.Succeed(requirement);
}
protected override void Handle(AuthorizationContext context, LocalIssuerRequirement requirement)
{
Claim issuerClaim = context.User.FindFirst(c => c.Type == ClaimType);
if (issuerClaim.Value == Issuer)
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, Document resource)
{
var documentPermissionClaim = context.User.FindFirst(c => c.Type == "Documents" && c.Issuer == "urn:idunno.org");
if (MapClaimsToOperations(documentPermissionClaim.Value).Contains(requirement))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, OperationAuthorizationRequirement requirement, Document resource)
{
var claim = context.User.FindFirst(ClaimTypes.Name);
if (claim != null && claim.Value.Equals(resource.Owner))
{
context.Succeed(requirement);
}
}
protected override void Handle(AuthorizationContext context, UserRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "UserId"))
{
context.Fail();
return;
}
context.Succeed(requirement);
}
protected override void Handle(AuthorizationContext context, OfficeEntryRequirement requirement)
{
if (!context.User.HasClaim(c => c.Type == "BadgeNumber" &&
c.Issuer == "https://contoso.com"))
{
return;
}
context.Succeed(requirement);
}
protected override void Handle(AuthorizationContext context, PermissionRequirement resource)
{
if (context.User == null)
{
context.Succeed(resource);
}
if (context.User.IsInRole("Administrator"))
{
context.Succeed(resource);
return;
}
if (context.User.HasClaim(Permission.ClaimType, _permission.Name))
{
context.Succeed(resource);
return;
}
}
protected override void Handle(AuthorizationContext context, OnlyRoleRequirement requirement)
{
if (context.User.IsInRole(_roleName))
{
context.Succeed(requirement);
return;
}
context.Fail();
}
