Пример #1
0
        public async Task <PolicyResult> Authorize(PostAlterCommand action)
        {
            // Check if user owns Post
            if (await postService.IsOwner(action.PostId, action.User.Username))
            {
                return(PolicyResult.Authorized());
            }

            // Is the user an admin?
            if (await roleService.IsUserAdmin(action.User.Username))
            {
                return(PolicyResult.Authorized());
            }

            // Is the user a moderator?
            Space?space = await spaceService.FindByPost(action.PostId);

            if (space == null)
            {
                throw new InvalidOperationException();
            }

            if (await roleService.IsUserModerator(action.User.Username, space.Name))
            {
                return(PolicyResult.Authorized());
            }

            return(PolicyResult.Unauthorized());
        }