should implement the access rulle to a blog post

2017-02-06 17:30:59 +01:00
parent a665d3ef45
commit 4a1e024831
1 changed files with 10 additions and 4 deletions
--- a/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
+++ b/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
@ -1,3 +1,4 @@
+using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Authorization;
 using Yavsc.Models;
@ -15,11 +16,16 @@ namespace Yavsc.ViewModels.Auth.Handlers
            if (resource.AuthorId == context.User.GetUserId())
                context.Succeed(requirement); 
            else if (resource.Visible) {
-                
-            // TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
-                context.Succeed(requirement); 
-
+                if (resource.ACL.Count>0)
+                    {
+                        var uid = context.User.GetUserId();
+                        if (resource.ACL.Any(a=>a.Allowed.Members.Any(m=>m.MemberId == uid )))
+                            context.Succeed(requirement); 
+                        else context.Fail();
+                    }
+                else context.Succeed(requirement); 
            }
+            else context.Fail();
        }
    }
 }