/// <summary>
/// Checks Policy property.
/// If it's not empty and validation fails, return false.
/// Otherwise returns true.
/// </summary>
private bool CheckPolicy(TwinoMvc mvc, ActionDescriptor descriptor, FilterContext context)
{
if (string.IsNullOrEmpty(Policy))
{
return(true);
}
Policy policy = mvc.Policies.Get(Policy);
if (policy != null)
{
if (!policy.Validate(descriptor, context))
{
context.Result = StatusCodeResult.Unauthorized();
return(false);
}
}
return(true);
}
/// <summary>
/// Verifies authority of action execution.
/// If authorization fails, context.Result will be set to 403 or 401
/// </summary>
public void VerifyAuthority(TwinoMvc mvc, ActionDescriptor descriptor, FilterContext context)
{
if (context.User == null)
{
context.Result = StatusCodeResult.Unauthorized();
return;
}
if (!CheckPolicy(mvc, descriptor, context))
{
return;
}
if (!CheckRoles(descriptor, context))
{
return;
}
CheckClaims(descriptor, context);
}