23 lines
925 B
C#
23 lines
925 B
C#
using System.Security.Claims;
|
||
using Microsoft.AspNet.Authorization;
|
||
using Yavsc.Models.Billing;
|
||
|
||
namespace Yavsc.ViewModels.Auth.Handlers
|
||
{
|
||
public class EstimateViewHandler : AuthorizationHandler<ViewRequirement, Estimate>
|
||
{
|
||
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Estimate resource)
|
||
{
|
||
|
||
if (context.User.IsInRole(Constants.AdminGroupName)
|
||
|| context.User.IsInRole(Constants.FrontOfficeGroupName))
|
||
context.Succeed(requirement);
|
||
else if (context.User.Identity.IsAuthenticated) {
|
||
var uid = context.User.GetUserId();
|
||
if (resource.OwnerId == uid || resource.ClientId == uid)
|
||
context.Succeed(requirement);
|
||
// TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
|
||
}
|
||
}
|
||
}
|
||
} |