示例#1
0
        protected virtual Task <PermissionResult> CanAddAsync(TModel value)
        {
            var orgModel = value as IOwnedByOrganization;

            if (_isOrganization || orgModel == null)
            {
                return(Task.FromResult(PermissionResult.Allow));
            }

            if (!CanAccessOrganization(orgModel.OrganizationId))
            {
                return(Task.FromResult(PermissionResult.DenyWithMessage("Invalid organization id specified.")));
            }

            return(Task.FromResult(PermissionResult.Allow));
        }
示例#2
0
        protected override async Task <PermissionResult> CanAddAsync(Token value)
        {
            if (String.IsNullOrEmpty(value.OrganizationId))
            {
                return(PermissionResult.Deny);
            }

            foreach (string scope in value.Scopes.ToList())
            {
                if (scope != scope.ToLower())
                {
                    value.Scopes.Remove(scope);
                    value.Scopes.Add(scope.ToLower());
                }

                if (!AuthorizationRoles.AllScopes.Contains(scope.ToLower()))
                {
                    return(PermissionResult.DenyWithMessage("Invalid token scope requested."));
                }
            }

            if (value.Scopes.Count == 0)
            {
                value.Scopes.Add(AuthorizationRoles.Client);
            }

            if (value.Scopes.Contains(AuthorizationRoles.Client) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.User) && !User.IsInRole(AuthorizationRoles.User))
            {
                return(PermissionResult.Deny);
            }

            if (value.Scopes.Contains(AuthorizationRoles.GlobalAdmin) && !User.IsInRole(AuthorizationRoles.GlobalAdmin))
            {
                return(PermissionResult.Deny);
            }

            return(await base.CanAddAsync(value));
        }
示例#3
0
        protected virtual async Task <PermissionResult> CanUpdateAsync(TModel original, TModel modified)
        {
            if (original.Id != modified.Id)
            {
                return(PermissionResult.DenyWithMessage("Id must match resource."));
            }

            var orgModel         = original as IOwnedByOrganization;
            var modifiedOrgModel = modified as IOwnedByOrganization;

            if (orgModel != null && !CanAccessOrganization(orgModel.OrganizationId))
            {
                return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
            }

            if (orgModel?.OrganizationId != modifiedOrgModel?.OrganizationId)
            {
                return(PermissionResult.DenyWithMessage("Invalid organization id specified."));
            }

            return(PermissionResult.Allow);
        }
示例#4
0
 public PermissionActionResult Permission(PermissionResult permission)
 {
     return(new PermissionActionResult(permission, Request));
 }