public static void AssertRequiredRoles(IRequest request, params string[] requiredRoles)
{
if (requiredRoles.IsEmpty()) return;
var req = request.TryResolve<IHttpRequest>();
if (HostContext.HasValidAuthSecret(req))
return;
var session = req.GetSession();
if (session != null && requiredRoles.Any(session.HasRole))
return;
session.UpdateFromUserAuthRepo(req);
if (session != null && requiredRoles.Any(session.HasRole))
return;
var statusCode = session != null && session.IsAuthenticated
? (int)HttpStatusCode.Forbidden
: (int)HttpStatusCode.Unauthorized;
throw new HttpError(statusCode, "Invalid Role");
}
}