internal async Task HandlePersonRequirement(AuthorizationHandlerContext context,
PersonEditRequirement requirement,
Func <Guid> personId)
{
if (context.User.IsAdminOrHr() || context.User.IsHighLevelSupervisor() ||
context.User.IsInRole("registrar"))
{
context.Succeed(requirement);
return;
}
var supervisorGroupId = context.User.SupervisorGroupId() ?? Guid.Empty;
if (!context.User.IsSupervisor() || supervisorGroupId == Guid.Empty)
{
context.Fail();
return;
}
if (await _orgGroupService.IsPersonInGroup(personId(), supervisorGroupId))
{
context.Succeed(requirement);
}
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context,
PersonEditRequirement requirement,
Func <Guid> personId)
{
return(HandlePersonRequirement(context, requirement, personId));
}