public void PermissionEvaluator_ReturnsTrue_IfScopesMatchRequiredPermissions(string method, string endpoint, string userScopes)
{
var path = _parser.Parse(_serviceRoot, endpoint, _serviceProvider);
var scopesList = userScopes.Split(',');
var permissionHandler = _model.ExtractPermissionsForRequest(method, path);
Assert.True(permissionHandler.AllowsScopes(scopesList));
}
/// <summary>
/// Invoke the middleware.
/// </summary>
/// <param name="context">The http context.</param>
/// <returns>A task that can be awaited.</returns>
public Task Invoke(HttpContext context)
{
Contract.Assert(context != null);
var odataFeature = context.ODataFeature();
if (odataFeature == null || odataFeature.Path == null)
{
return(_next(context));
}
IEdmModel model = context.Request.GetModel();
if (model == null)
{
return(_next(context));
}
var permissions = model.ExtractPermissionsForRequest(context.Request.Method, odataFeature.Path);
ApplyRestrictions(permissions, context);
return(_next(context));
}