internal static Task HandleRequirements(ClaimController _claimDbController, ActorClaimController _actorClaimDbController, AuthorizationHandlerContext context, AuthorizationRequirement requirement, int entityId)
{
var claim = _claimDbController.Get(requirement.ClaimScope, requirement.Name);
if (claim != null)
{
var claims = _actorClaimDbController.GetActorClaimsForEntity(int.Parse(context.User.Identity.Name), entityId, requirement.ClaimScope).ToList();
if (claims.Any(c => c.Id == claim.Id))
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, AuthorizationRequirement requirement, Tuple <string[], string[]> newAndCurrentRoles)
{
if (!GetIsRolesChanged(newAndCurrentRoles.Item1, newAndCurrentRoles.Item2))
{
context.Succeed(requirement);
}
else if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.AssignRoles))
{
// If user has ViewRoles permission, then he can assign any roles
if (context.User.HasClaim(CustomClaimTypes.Permission, ApplicationPermissions.ViewRoles))
{
context.Succeed(requirement);
}
// Else user can only assign roles they're part of
else if (GetIsUserInAllAddedRoles(context.User, newAndCurrentRoles.Item1, newAndCurrentRoles.Item2))
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
