protected FilteredRepository(GraphServiceClient client, System.Security.Claims.ClaimsPrincipal principal, IOptions <OrganizationOptions> options)
{
_graphClient = client;
_options = options.Value;
var orgIdClaim = principal.Claims.Where(x => x.Type == _options.OrgIdClaimName);
_orgId = orgIdClaim.Any() ? orgIdClaim.Single().Value : throw new System.UnauthorizedAccessException("User is not a member of any organizations");
var userIdClaim = principal.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
_callingUserId = userIdClaim.Any() ? userIdClaim.Single().Value : throw new System.UnauthorizedAccessException("User nameidentifier/subject is missing");
}
protected FilteredRepository(GraphServiceClient client, string orgId, IOptions <OrganizationOptions> options)
{
_graphClient = client;
_orgId = orgId;
_options = options.Value;
}
public static bool VerifyAccess(this Microsoft.Graph.User user, string orgId, OrganizationOptions options)
{
if (!user.AdditionalData.Any())
{
return(false);
}
if (user.AdditionalData == null || user.AdditionalData.ContainsKey(options.OrgIdExtensionName))
{
var orgData = user.AdditionalData[options.OrgIdExtensionName].ToString();
return(string.Equals(orgData, orgId, StringComparison.OrdinalIgnoreCase));
}
return(false);
}
internal OrganizationUser(Microsoft.Graph.User u, OrganizationOptions config) : this(u, config.OrgIdExtensionName, config.OrgRoleExtensionName, config.TenantIssuerName)
{
}
public static T AddOrganizationFilter <T>(this T req, string orgId, OrganizationOptions options) where T : IBaseRequest
{
req.QueryOptions.Add(new QueryOption("$filter", $"{options.OrgIdExtensionName} eq '${orgId}'"));
return(req);
}