public static void AssertRequiredRoles(IRequest request, params string[] requiredRoles)
{
if (requiredRoles.IsEmpty()) return;
if (HostContext.HasValidAuthSecret(request))
return;
var session = request.GetSession();
if (session != null && session.HasRole(RoleNames.Admin))
return;
if (session != null && requiredRoles.All(session.HasRole))
return;
session.UpdateFromUserAuthRepo(request);
if (session != null && requiredRoles.All(session.HasRole))
return;
var statusCode = session != null && session.IsAuthenticated
? (int)HttpStatusCode.Forbidden
: (int)HttpStatusCode.Unauthorized;
throw new HttpError(statusCode, "Invalid Role");
}
}