From 4a1e02483136764812987fbdab5e4667c2ed9106 Mon Sep 17 00:00:00 2001
From: Paul Schneider <paul@pschneider.fr>
Date: Mon, 6 Feb 2017 17:30:59 +0100
Subject: [PATCH] should implement the access rulle to a blog post

---
 Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs b/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
index b7e2dc54..c37960e0 100644
--- a/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
+++ b/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
@@ -1,3 +1,4 @@
+using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNet.Authorization;
 using Yavsc.Models;
@@ -15,11 +16,16 @@ namespace Yavsc.ViewModels.Auth.Handlers
             if (resource.AuthorId == context.User.GetUserId())
                 context.Succeed(requirement); 
             else if (resource.Visible) {
-                
-            // TODO && ( resource.Circles == null || context.User belongs to resource.Circles )
-                context.Succeed(requirement); 
-
+                if (resource.ACL.Count>0)
+                    {
+                        var uid = context.User.GetUserId();
+                        if (resource.ACL.Any(a=>a.Allowed.Members.Any(m=>m.MemberId == uid )))
+                            context.Succeed(requirement); 
+                        else context.Fail();
+                    }
+                else context.Succeed(requirement); 
             }
+            else context.Fail();
         }
     }
 }
\ No newline at end of file