private bool HasDelegateClaim(string claimType, Models.AnnouncementPost announcementPost)
{
var userContext = _userContextAccessor.GetContext();
// check for claimType with value equal this announcementPost's Id
return(userContext.SecurityClaims.Any(x => x.Type == claimType && x.Value == announcementPost.Id));
}
private bool HasAuthorClaim(string claimType, Models.AnnouncementPost announcementPost)
{
var userContext = _userContextAccessor.GetContext();
if (userContext.UserId == announcementPost.UserId)
{
// not checking value because is irrevant since we're checking the announcementPost.author directly.
return(userContext.SecurityClaims.Any(x => x.Type == claimType));
}
return(false);
}
public bool AuthorizeForRead(Models.AnnouncementPost announcementPost)
{
var userContext = _userContextAccessor.GetContext();
// The user can create announcements and this is their announcement
if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementAuthor, announcementPost))
{
return(true);
}
// The user is a site admin and this is their announcement
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost))
{
return(true);
}
// The user has been granted read access to this announcement by the author
if (HasDelegateClaim(AnnouncementClaimTypes.AnnouncementPostRead, announcementPost))
{
return(true);
}
// Client Level Announcement Content Admin can view all announcements
if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsBrowse))
{
return(true);
}
// Client Level User Content Admin can view all content
if (HasAdminClaim(ClientClaimTypes.UserContentBrowse))
{
return(true);
}
// Client Level Primary Admin can view everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
return(false);
}
public bool AuthorizeForEdit(Models.AnnouncementPost announcementPost)
{
var userContext = _userContextAccessor.GetContext();
// Can author announcements and this is their announcement
if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementAuthor, announcementPost))
{
return(true);
}
// Is a site admin and this is their announcement
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost))
{
return(true);
}
// Has been granted access to edit this announcement by the author
if (HasDelegateClaim(AnnouncementClaimTypes.AnnouncementPostEdit, announcementPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can manage all content
if (HasAdminClaim(ClientClaimTypes.UserContentManage))
{
return(true);
}
// Client Level Announcement Admin can manage all announcements
if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsManage))
{
return(true);
}
return(false);
}
public bool AuthorizeForPublish(Models.AnnouncementPost announcementPost)
{
var userContext = _userContextAccessor.GetContext();
// Can author announcements and this is their announcement
if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementPublish, announcementPost))
{
return(true);
}
// Is a site admin and this is their announcement
if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost))
{
return(true);
}
// Client Level Primary Admin can manage everything
if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin))
{
return(true);
}
// Client Level Content Admin can publish all content
if (HasAdminClaim(ClientClaimTypes.UserContentPublish))
{
return(true);
}
// Client Level Announcement Admin can publish all announcements
if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsPublish))
{
return(true);
}
// no delegate claims to check since "publish" is not allowed to be delegated
return(false);
}
