86 lines
2.8 KiB
C#
86 lines
2.8 KiB
C#
using Microsoft.AspNetCore.Authorization;
|
|
|
|
using DomainObjects.Documents;
|
|
using Core.Enumerations;
|
|
|
|
using DataProviders.Collections;
|
|
|
|
using WeatherForecast.Policies.Abstractions;
|
|
using Microsoft.Extensions.Options;
|
|
using DomainObjects.Documents.Users;
|
|
|
|
namespace WeatherForecast.Policies;
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public class BlogAuthorizationHandler : AuthorizationHandlerBase<BlogAuthorizationRequirement, List<BlogDocument>> {
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="configuration"></param>
|
|
/// <param name="contextAccessor"></param>
|
|
/// <param name="siteDataProvider"></param>
|
|
/// <param name="userDataProvider"></param>
|
|
public BlogAuthorizationHandler(
|
|
IOptions<Configuration> configuration,
|
|
IHttpContextAccessor contextAccessor,
|
|
ISiteDataProvider siteDataProvider,
|
|
IUserDataProvider userDataProvider
|
|
) : base(configuration, contextAccessor, siteDataProvider, userDataProvider) { }
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
/// <param name="context"></param>
|
|
/// <param name="requirement"></param>
|
|
/// <param name="resource"></param>
|
|
/// <returns></returns>
|
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, BlogAuthorizationRequirement requirement, List<BlogDocument> resource) {
|
|
|
|
var (site, user) = GetUser(context);
|
|
if (site == null || user == null)
|
|
return Task.CompletedTask;
|
|
|
|
var userRole = GetRole(site, user);
|
|
|
|
// Can only Admin, Editor, Author, Contributor (cannot set publish date)
|
|
if (requirement.Action == CrudActions.Create
|
|
&& (userRole != Roles.Admin
|
|
&& userRole != Roles.Editor
|
|
&& userRole != Roles.Author
|
|
&& userRole != Roles.Contributor
|
|
&& (userRole == Roles.Contributor && resource.Any(x => x.Published != null))))
|
|
return Task.CompletedTask;
|
|
|
|
// Can only Admin, Editor, Author, Contributor
|
|
if (requirement.Action == CrudActions.Read
|
|
&& (userRole != Roles.Admin
|
|
&& userRole != Roles.Editor
|
|
&& userRole != Roles.Author
|
|
&& userRole != Roles.Contributor))
|
|
return Task.CompletedTask;
|
|
|
|
// Can only Admin, Editor, Author (own), Contributor (own, not yet pubblished)
|
|
if ((requirement.Action == CrudActions.Update || requirement.Action == CrudActions.Delete)
|
|
&& (userRole != Roles.Admin
|
|
&& userRole != Roles.Editor
|
|
&& userRole != Roles.Author
|
|
&& userRole != Roles.Contributor
|
|
&& ((userRole == Roles.Author || userRole == Roles.Contributor) && resource.Any(x => x.Author != user.Id))
|
|
&& (userRole == Roles.Contributor && resource.Any(x => x.Published != null))))
|
|
return Task.CompletedTask;
|
|
|
|
context.Succeed(requirement);
|
|
|
|
return Task.CompletedTask;
|
|
}
|
|
}
|
|
|
|
/// <summary>
|
|
///
|
|
/// </summary>
|
|
public class BlogAuthorizationRequirement : AuthorizationRequirementBase { }
|
|
|