Last active
November 7, 2021 11:37
-
-
Save balteravishay/93c7d7e3e4b212d0a837d7bac8d63760 to your computer and use it in GitHub Desktop.
Owner Access
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| namespace PMVProxy.API.Middleware | |
| { | |
| using Hl7.Fhir.Model; | |
| ... | |
| internal class OwnerAccess : IAccessByRole | |
| { | |
| ... | |
| public async System.Threading.Tasks.Task Access<TResource>(TResource resource, | |
| string userFhirId, IFhirService fhirService) where TResource : Resource | |
| { | |
| var resourceSubject = GetResourceSubjectProperty(resource); | |
| if (String.IsNullOrEmpty(resourceSubject)) | |
| { | |
| _logger.LogWarning($"resource does not have a subject"); | |
| throw new UnprocessableInputException($"resource does not have a subject"); | |
| } | |
| if (resourceSubject.ToString().Equals(userFhirId, System.StringComparison.OrdinalIgnoreCase)) | |
| { | |
| _logger.LogInformation($"user {userFhirId} is the subject of resource {resource.Id}"); | |
| return; | |
| } | |
| else | |
| { | |
| _logger.LogWarning($"user {userFhirId} does not have access to {resource.Id}"); | |
| throw new AuthorizationException("you do not have access to this resource"); | |
| } | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment