protected override void ConfigureSecurity(ExecutionContext context)
{
context.Assertions.Add(c => {
if (!c.User.CanGrantRole(Role))
return AssertResult.Deny(new SecurityException(String.Format("User '{0}' cannot grant role '{1}' to '{2}'.", c.User.Name, Role, Grantee)));
return AssertResult.Allow();
});
context.Assertions.Add(c => {
if (WithAdmin) {
if (!c.User.IsRoleAdmin(Role))
return AssertResult.Deny(new SecurityException(String.Format("User '{0}' does not administrate role '{1}'.", c.User, Role)));
}
return AssertResult.Allow();
});
context.Assertions.Add(c => {
if (!c.User.CanManageUsers())
throw new SecurityException(String.Format("The user '{0}' has not enough rights to manage other users.", c.User.Name));
});
}