paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9973f0dcc7fb7eb0d00a9103f24cf34e2856a09e
yavsc/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs

33 lines
1.3 KiB
C#
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.Models;
namespace Yavsc.ViewModels.Auth.Handlers
{
public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
else if (resource.Visible) {
if (resource.ACL==null)
context.Succeed(requirement);
else if (resource.ACL.Count>0)
{
var uid = context.User.GetUserId();
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
context.Succeed(requirement);
else context.Fail();
}
else context.Succeed(requirement);
}
else context.Fail();
}
}
}
Reference in New Issue View Git Blame Copy Permalink