private static void ApplyRestrictions(IScopesEvaluator handler, HttpContext context) { var requirement = new ODataAuthorizationScopesRequirement(handler); var policy = new AuthorizationPolicyBuilder().AddRequirements(requirement).Build(); // We use the AuthorizeFilter instead of relying on the built-in authorization middleware // because we cannot add new metadata to the endpoint in the middle of a request // and OData's current implementation of endpoint routing does not allow for // adding metadata to individual routes ahead of time var authFilter = new AuthorizeFilter(policy); context.ODataFeature().ActionDescriptor?.FilterDescriptors?.Add(new FilterDescriptor(authFilter, 0)); }
public void Add(IScopesEvaluator evaluator) { Evaluators.Add(evaluator); }
/// <summary> /// Creates an instance of <see cref="ODataAuthorizationScopesRequirement"/>. /// </summary> /// <param name="allowedScopes">The scopes required to authorize a request where this requirement is applied.</param> public ODataAuthorizationScopesRequirement(IScopesEvaluator permissionHandler) { PermissionHandler = permissionHandler; }