public static TOut Execute(IAuthorizeInput <TData, AppUser> input, AuthorizeFunction function)
{
if (!Authorize(input, function))
{
var attributes = Attribute.GetCustomAttributes(function.GetMethodInfo(), typeof(AppAuthorizeAttribute));
IEnumerable <AppRoleEnum> requiredRoles = from AppAuthorizeAttribute a in attributes select a.Role;
throw new AppUserNotAuthorizedException(input.Claims, requiredRoles);
}
var output = function(input.Data);
return(output);
}
public static bool Authorize(IAuthorizeInput <TData, AppUser> input, AuthorizeFunction function)
{
var attributes = Attribute.GetCustomAttributes(function.GetMethodInfo(), typeof(AppAuthorizeAttribute));
IEnumerable <AppRoleEnum> requiredRoles;
if (attributes == null || attributes.Count() == 0)
{
requiredRoles = new List <AppRoleEnum> {
AppRoleEnum.Administrator
};
}
else
{
requiredRoles = from AppAuthorizeAttribute a in attributes select a.Role;
}
if (input == null || input.Claims == null)
{
return(false);
}
if (!input.Claims.IsAuthenticated)
{
return(false);
}
if (input.Claims.IsInRole(AppRoleEnum.Administrator))
{
return(true);
}
foreach (var role in requiredRoles)
{
if (input.Claims.IsInRole(role))
{
return(true);
}
}
if (typeof(Project).IsAssignableFrom(input.Data.GetType()))
{
var project = input.Data as Project;
bool flag = false;
List <AppUser> managerlist = project.Managers;
foreach (AppUser manager in managerlist)
{
if (manager.AccountName == input.Claims.User.AccountName)
{
flag = true;
}
}
return(flag);
}
return(false);
}
