public async Task <bool> HasUserAccessToCourseAsync(string userId, string courseId, CourseRoleType minCourseRoleType)
{
var user = await usersRepo.FindUserByIdAsync(userId).ConfigureAwait(false);
if (usersRepo.IsSystemAdministrator(user))
{
return(true);
}
return(await db.CourseRoles.Where(r => r.UserId == userId && r.CourseId == courseId && r.Role <= minCourseRoleType).AnyAsync().ConfigureAwait(false));
}
public async Task <bool> HasUserAccessToCourseAsync(string userId, string courseId, CourseRoleType minCourseRoleType)
{
var user = await usersRepo.FindUserByIdAsync(userId).ConfigureAwait(false);
if (usersRepo.IsSystemAdministrator(user))
{
return(true);
}
return((await Internal_GetActualUserRoles(userId)).Any(r => string.Equals(r.CourseId, courseId, StringComparison.OrdinalIgnoreCase) && r.Role <= minCourseRoleType));
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CourseAccessRequirement requirement)
{
/* Get MVC context. See https://docs.microsoft.com/en-US/aspnet/core/security/authorization/policies#accessing-mvc-request-context-in-handlers */
if (!(context.Resource is AuthorizationFilterContext mvcContext))
{
logger.Error("Can't get MVC context in CourseRoleAuthenticationHandler");
context.Fail();
return;
}
var routeData = mvcContext.RouteData;
if (!(routeData.Values["courseId"] is string courseId))
{
logger.Error("Can't find `courseId` parameter in route data for checking course access requirement.");
context.Fail();
return;
}
if (!context.User.Identity.IsAuthenticated)
{
context.Fail();
return;
}
var userId = context.User.GetUserId();
var user = await usersRepo.FindUserByIdAsync(userId).ConfigureAwait(false);
if (user == null)
{
context.Fail();
return;
}
if (usersRepo.IsSystemAdministrator(user))
{
context.Succeed(requirement);
return;
}
var isCourseAdmin = await courseRolesRepo.HasUserAccessToCourseAsync(userId, courseId, CourseRoleType.CourseAdmin).ConfigureAwait(false);
if (isCourseAdmin || await coursesRepo.HasCourseAccessAsync(userId, courseId, requirement.CourseAccessType).ConfigureAwait(false))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, CourseRoleRequirement requirement)
{
/* Get MVC context. See https://docs.microsoft.com/en-US/aspnet/core/security/authorization/policies#accessing-mvc-request-context-in-handlers */
if (!(context.Resource is AuthorizationFilterContext mvcContext))
{
log.Error("Can't get MVC context in CourseRoleAuthenticationHandler");
context.Fail();
return;
}
var courseId = GetCourseIdFromRequestAsync(mvcContext);
if (string.IsNullOrEmpty(courseId))
{
context.Fail();
return;
}
if (!context.User.Identity.IsAuthenticated)
{
context.Fail();
return;
}
var userId = context.User.GetUserId();
var user = await usersRepo.FindUserByIdAsync(userId).ConfigureAwait(false);
if (user == null)
{
context.Fail();
return;
}
if (usersRepo.IsSystemAdministrator(user))
{
context.Succeed(requirement);
return;
}
if (await courseRolesRepo.HasUserAccessToCourseAsync(userId, courseId, requirement.minCourseRoleType).ConfigureAwait(false))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
protected async Task <bool> IsSystemAdministratorAsync()
{
var user = await usersRepo.FindUserByIdAsync(UserId).ConfigureAwait(false);
return(usersRepo.IsSystemAdministrator(user));
}
