Exemplo n.º 1
0
            protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                                 MarkSpecificMethodologyAsDraftRequirement requirement,
                                                                 MethodologyVersion methodologyVersion)
            {
                // If the Methodology is already public, it cannot be marked as draft
                if (await _methodologyVersionRepository.IsPubliclyAccessible(methodologyVersion.Id))
                {
                    return;
                }

                if (SecurityUtils.HasClaim(context.User, MarkAllMethodologiesDraft))
                {
                    context.Succeed(requirement);
                    return;
                }

                var owningPublication =
                    await _methodologyRepository.GetOwningPublication(methodologyVersion.MethodologyId);

                // If the user is an Approver of the latest (Live or non-Live) Release for the owning Publication of
                // this Methodology, they can mark it as draft.
                if (await _userReleaseRoleRepository.IsUserApproverOnLatestRelease(
                        context.User.GetUserId(),
                        owningPublication.Id))
                {
                    context.Succeed(requirement);
                }
            }
Exemplo n.º 2
0
            protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context,
                                                                 ApproveSpecificMethodologyRequirement requirement,
                                                                 MethodologyVersion methodologyVersion)
            {
                // If the Methodology is already public, it cannot be approved
                // An approved Methodology that isn't public can be approved to change attributes associated with approval
                if (await _methodologyVersionRepository.IsPubliclyAccessible(methodologyVersion.Id))
                {
                    return;
                }

                if (SecurityUtils.HasClaim(context.User, ApproveAllMethodologies))
                {
                    context.Succeed(requirement);
                    return;
                }

                var owningPublication =
                    await _methodologyRepository.GetOwningPublication(methodologyVersion.MethodologyId);

                // If the user is an Approver of the latest (Live or non-Live) Release for the owning Publication of
                // this Methodology, they can approve it.
                if (await _userReleaseRoleRepository.IsUserApproverOnLatestRelease(
                        context.User.GetUserId(),
                        owningPublication.Id))
                {
                    context.Succeed(requirement);
                }
            }