Skip to content

Instantly share code, notes, and snippets.

@JaykeOps
Created January 19, 2018 16:46
Show Gist options
  • Save JaykeOps/d30e1af74d5b3513a95678149f3b66e4 to your computer and use it in GitHub Desktop.
Save JaykeOps/d30e1af74d5b3513a95678149f3b66e4 to your computer and use it in GitHub Desktop.
Resource Authorization Case
[HttpGet("{id}", Name = "GetBlog")]
public async Task<IActionResult> Get(string id)
{
if (!ObjectId.TryParse(id, out var objectId))
return BadRequest($"The id provided ({id}) is not a valid id.");
try
{
var blog = await _blogDataService.FindBlogByIdAsync(objectId);
if (blog == null)
return NotFound($"A blog with id '{id}' could not be found.");
var authorizationResult =
await _authorizeService.AuthorizeAsync(User, blog.OwnerId, new ResourceOwnerRequirement());
if (authorizationResult.Succeeded)
return Ok(_blogFactory.CreateReadContractFromBlog(blog));
return Forbid();
}
catch (QueryException)
{
return NotFound();
}
catch (PersistanceException)
{
return StatusCode(500);
}
catch (Exception)
{
return StatusCode(500);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment