private bool HasDelegateClaim(string claimType, Models.AnnouncementPost announcementPost) { var userContext = _userContextAccessor.GetContext(); // check for claimType with value equal this announcementPost's Id return(userContext.SecurityClaims.Any(x => x.Type == claimType && x.Value == announcementPost.Id)); }
private bool HasAuthorClaim(string claimType, Models.AnnouncementPost announcementPost) { var userContext = _userContextAccessor.GetContext(); if (userContext.UserId == announcementPost.UserId) { // not checking value because is irrevant since we're checking the announcementPost.author directly. return(userContext.SecurityClaims.Any(x => x.Type == claimType)); } return(false); }
public bool AuthorizeForRead(Models.AnnouncementPost announcementPost) { var userContext = _userContextAccessor.GetContext(); // The user can create announcements and this is their announcement if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementAuthor, announcementPost)) { return(true); } // The user is a site admin and this is their announcement if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost)) { return(true); } // The user has been granted read access to this announcement by the author if (HasDelegateClaim(AnnouncementClaimTypes.AnnouncementPostRead, announcementPost)) { return(true); } // Client Level Announcement Content Admin can view all announcements if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsBrowse)) { return(true); } // Client Level User Content Admin can view all content if (HasAdminClaim(ClientClaimTypes.UserContentBrowse)) { return(true); } // Client Level Primary Admin can view everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } return(false); }
public bool AuthorizeForEdit(Models.AnnouncementPost announcementPost) { var userContext = _userContextAccessor.GetContext(); // Can author announcements and this is their announcement if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementAuthor, announcementPost)) { return(true); } // Is a site admin and this is their announcement if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost)) { return(true); } // Has been granted access to edit this announcement by the author if (HasDelegateClaim(AnnouncementClaimTypes.AnnouncementPostEdit, announcementPost)) { return(true); } // Client Level Primary Admin can manage everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } // Client Level Content Admin can manage all content if (HasAdminClaim(ClientClaimTypes.UserContentManage)) { return(true); } // Client Level Announcement Admin can manage all announcements if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsManage)) { return(true); } return(false); }
public bool AuthorizeForPublish(Models.AnnouncementPost announcementPost) { var userContext = _userContextAccessor.GetContext(); // Can author announcements and this is their announcement if (HasAuthorClaim(AnnouncementClaimTypes.PersonalAnnouncementPublish, announcementPost)) { return(true); } // Is a site admin and this is their announcement if (HasAuthorClaim(SiteClaimTypes.SitePrimaryAdmin, announcementPost)) { return(true); } // Client Level Primary Admin can manage everything if (HasAdminClaim(ClientClaimTypes.PrimaryAdmin)) { return(true); } // Client Level Content Admin can publish all content if (HasAdminClaim(ClientClaimTypes.UserContentPublish)) { return(true); } // Client Level Announcement Admin can publish all announcements if (HasAdminClaim(AnnouncementClaimTypes.UserAnnouncementsPublish)) { return(true); } // no delegate claims to check since "publish" is not allowed to be delegated return(false); }