private Task<dynamic> CreateClaim(dynamic parameters, CancellationToken ct)
{
return Task<dynamic>.Factory.StartNew(() => {
//Read the claim we're trying to give away
string claimName;
using (var reader = new StreamReader(Request.Body))
claimName = reader.ReadToEnd();
//Check that the user is logged in and has the create-claim claim *AND* the claim they're trying to give away
this.RequiresAuthentication();
if (!Context.CurrentUser.Claims.Contains("superuser"))
this.RequiresClaims(new[] { "create-claim", claimName });
using (var transaction = _connection.OpenTransaction())
{
//Get the user we're giving a claim to
var username = (string) parameters.username;
var user = _connection.SingleWhere<User>("Username", username);
if (user == null)
{
return Negotiate
.WithModel(new {Error = "No Such User Exists"})
.WithStatusCode(HttpStatusCode.NotFound);
}
//Create the claim
using (var reader = new StreamReader(Request.Body))
{
var claim = new Claim(user, reader.ReadToEnd());
_connection.Save(claim);
}
transaction.Commit();
}
return Identity.GetClaims(((Identity)Context.CurrentUser).User, _connection).Select(SerializeClaim).ToArray();
}, ct);
}
private static dynamic SerializeClaim(Claim claim)
{
return claim.Name;
}