/// <summary> /// Invokes authorization of the request using the resource currently in context but wit /// an override action (e.g. for converting the "Upsert" action to either "Create" or "Update"). /// </summary> /// <param name="entity">The request/entity being authorized.</param> /// <param name="actionUri">The action being performed with the request/entity.</param> protected async Task AuthorizeSingleItemAsync(T entity, string actionUri, CancellationToken cancellationToken) { // Make sure Authorization context is present before proceeding _authorizationContextProvider.VerifyAuthorizationContextExists(); // Build the AuthorizationContext EdFiAuthorizationContext authorizationContext = new EdFiAuthorizationContext( ClaimsPrincipal.Current, _authorizationContextProvider.GetResourceUris(), actionUri, entity); // Authorize the call await _authorizationProvider.AuthorizeSingleItemAsync(authorizationContext, cancellationToken); }
public async Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync( HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { var actionAttribute = actionContext.ActionDescriptor.GetCustomAttributes <EdFiAuthorizationAttribute>() .SingleOrDefault(); var controllerAttribute = actionContext.ControllerContext.ControllerDescriptor.GetCustomAttributes <EdFiAuthorizationAttribute>() .SingleOrDefault(); var authorizationAttribute = actionAttribute ?? controllerAttribute; if (authorizationAttribute == null) { return(await continuation()); } try { await _authorizationProvider.AuthorizeSingleItemAsync( CreateAuthorizationContext(actionContext, authorizationAttribute), cancellationToken); } catch (Exception ex) { var restError = _restErrorProvider.GetRestErrorFromException(ex); var result = string.IsNullOrWhiteSpace(restError.Message) ? new StatusCodeResult((HttpStatusCode)restError.Code, actionContext.Request) : new StatusCodeResult((HttpStatusCode)restError.Code, actionContext.Request).WithError(restError.Message); return(await result.ExecuteAsync(cancellationToken)); } return(await continuation()); }