notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity
yavsc/Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs

33 lines
1.3 KiB
C#
Raw Blame History Unescape Escape

This file contains invisible Unicode characters!

This file contains invisible Unicode characters that may be processed differently from what appears below. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to reveal hidden characters.

using System.Linq;
using System.Security.Claims;
using Microsoft.AspNet.Authorization;
using Yavsc.Models;
namespace Yavsc.ViewModels.Auth.Handlers
{
public class BlogViewHandler : AuthorizationHandler<ViewRequirement, Blog>
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
else if (resource.Visible) {
if (resource.ACL==null)
context.Succeed(requirement);
else if (resource.ACL.Count>0)
{
var uid = context.User.GetUserId();
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
context.Succeed(requirement);
else context.Fail();
}
else context.Succeed(requirement);
}
else context.Fail();
}
}
}
Reference in New Issue View Git Blame Copy Permalink