public async Task DemandAccessAsync(IAuthorisationContext authorisationContext) { if (!await HasAccessAsync(authorisationContext)) { throw new UnauthorizedAccessException(); } }
public AuthorisationContextCacheKey(IAuthorisationContext authorisationContext) { Resource = authorisationContext.Resource; Action = authorisationContext.Action; ResourceType = authorisationContext.ResourceType; ResourceId = authorisationContext.ResourceId; }
private async Task <bool> CheckPolicyAsync(string restrictionValue, IAuthorisationContext authorisationContext) { IAuthorisationRestriction authorisationRestriction = _authorisationRestrictionProvider.GetByRestriction(restrictionValue); IRestrictionResult restrictionResult = await authorisationRestriction.CheckRestrictionAsync(authorisationContext); return(restrictionResult.Succeeded); }
private async Task <bool> CheckSelfAsync(IAuthorisationContext authorisationContext) { ValidateAuthorisationContext(authorisationContext); IDictionary <Type, Guid> whoAmI = await _selfProvider.WhoAmIAsync(); whoAmI.TryGetValue(authorisationContext.ResourceType, out Guid entityId); return(entityId != Guid.Empty && entityId == authorisationContext.ResourceId); }
public async Task <IRestrictionResult> CheckRestrictionAsync(IAuthorisationContext authorisationContext) { if (_currentUserProvider.IsAuthenticated && _currentUserProvider.Id.HasValue) { User user = await _userQueryRepository.GetByIdAsync(_currentUserProvider.Id.Value); return(user == null || user.Identity.Session.IsRevoked ? RestrictionResult.Fail : RestrictionResult.Succeed); } return(RestrictionResult.Fail); }
private void ValidateAuthorisationContext(IAuthorisationContext authorisationContext) { if (authorisationContext == null) { throw new ArgumentNullException(nameof(authorisationContext)); } if (authorisationContext.ResourceType == null) { throw new ArgumentNullException(nameof(authorisationContext.ResourceType)); } }
public async Task SecureAsync(Func <Task> function, IAuthorisationContext authorisationContext) { try { await _authorisationManager.DemandAccessAsync(authorisationContext); await function(); } catch (UnauthorizedAccessException e) { throw new BusinessApplicationException(ExceptionType.Unauthorized, "You are not authorised to perform this action", e); } }
public async Task <IRestrictionResult> CheckRestrictionAsync(IAuthorisationContext authorisationContext) { using (ITransaction transaction = _transactionManager.Create()) { if (_currentIdentityProvider.IsAuthenticated) { Identity identity = await _identityQueryRepository.GetByIdAsync(_currentIdentityProvider.Id); transaction.Commit(); return(identity == null || identity.IsConfirmed || identity.Session.IsRevoked ? RestrictionResult.Fail : RestrictionResult.Succeed); } return(RestrictionResult.Fail); } }
private async Task <bool> CheckOwnerAsync(IAuthorisationContext authorisationContext) { ValidateAuthorisationContext(authorisationContext); IResourceOwnerProvider resourceOwnerProvider = _resourceOwnerProviderCollection.Get(authorisationContext.ResourceType); if (!authorisationContext.ResourceId.HasValue) { return(false); } IAggregateOwner aggregateOwner = await resourceOwnerProvider.GetOwnerAsync(authorisationContext.ResourceId.Value); IDictionary <Type, Guid> whoAmI = await _selfProvider.WhoAmIAsync(); return(whoAmI.Any(i => i.Key == aggregateOwner.AggregateType && i.Value == aggregateOwner.Id)); }
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext) { ActionPolicy policy = _authorisationPolicyProvider.ResourcePolicies[authorisationContext.Resource][authorisationContext.Action]; string restrictionValue = policy.Restriction; switch (restrictionValue) { case ResourceRestriction.Everyone: return(Task.FromResult(true)); case ResourceRestriction.Self: return(CheckSelfAsync(authorisationContext)); case ResourceRestriction.Owner: return(CheckOwnerAsync(authorisationContext)); default: return(CheckPolicyAsync(restrictionValue, authorisationContext)); } }
public bool HasAccess(IAuthorisationContext authorisationContext) { return(true); }
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext) { return(_authorisationPolicy.HasAccessAsync(authorisationContext)); }
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext) { return(Task.FromResult(true)); }
public Task <bool> HasAccessAsync(IAuthorisationContext authorisationContext) { return(_cacheService.GetOrAddAsync(new AuthorisationContextCacheKey(authorisationContext), () => _authorisationPolicy.HasAccessAsync(authorisationContext))); }