public async Task <IActionResult> Write(string personId)
{
// check by role
if (await _client.IsInRoleAsync(User, "supervisor"))
{
return(View("success"));
}
// checks if the requested user is the same than the logged user
var currentUserRequirement = new CurrentUserRequirement {
UserId = personId
};
var currentUserAllowed = await _authz.AuthorizeAsync(User, null, currentUserRequirement);
if (currentUserAllowed.Succeeded)
{
return(View("success"));
}
var teamRequirement = new TeamMembersRequirement {
TeamName = "teamOne"
};
var teamAllowed = await _authz.AuthorizeAsync(User, null, teamRequirement);
if (!teamAllowed.Succeeded)
{
return(Forbid());
}
return(View("success"));
}
public async Task <IActionResult> Get(string personId)
{
// checks if the requested user is the same than the logged user
var currentUserRequirement = new CurrentUserRequirement {
UserId = personId
};
var currentUserAllowed = await _authz.AuthorizeAsync(User, null, currentUserRequirement);
if (currentUserAllowed.Succeeded)
{
return(View("success"));
}
// checks if the loggued user has the same location than the requested user.
// here we could fetch the location for the persionId and for logged user.
var sameLocationRequirement = new SameLocationRequirement {
Location = "desMoines"
};
var sameLocationAllowed = await _authz.AuthorizeAsync(User, null, sameLocationRequirement);
if (sameLocationAllowed.Succeeded)
{
return(View("success"));
}
return(Forbid());
}
