Exemplo n.º 1
0
        /// <summary>
        /// Checks the permission for requested action as specified in particular permission .ctor.
        /// The check is performed in the scope of supplied session, or if no session was supplied then
        ///  current execution context session is assumed. An Async version which uses async manager.AuthorizeAsync() call
        /// </summary>
        /// <returns>True when action is authorized, false otherwise</returns>
        public virtual async Task <bool> CheckAsync(ISecurityManager secman, ISession sessionInstance = null)
        {
            secman.NonNull(nameof(secman));
            var session = sessionInstance ?? ExecutionContext.Session ?? NOPSession.Instance;
            var user    = session.User;

            //System user passes all permission checks
            if (user.Status == UserStatus.System)
            {
                return(true);
            }

            var access = await secman.AuthorizeAsync(user, this).ConfigureAwait(false);

            if (!access.IsAssigned)
            {
                return(false);
            }

            return(DoCheckAccessLevel(secman, session, access));
        }