diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs index 1e063f1f0e..82a0f9c2d1 100644 --- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs +++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs @@ -64,20 +64,26 @@ namespace Volo.Abp.Authorization protected async Task CheckAsync(IAuthorizeData authorizationAttribute) { - if (authorizationAttribute.Policy == null) + if (authorizationAttribute.Policy != null) { - //TODO: Can we find a better, unified, way of checking if current request has been authenticated - if (!_currentUser.IsAuthenticated && !_currentClient.IsAuthenticated) + await _authorizationService.CheckAsync(authorizationAttribute.Policy).ConfigureAwait(false); + } + else if (authorizationAttribute.Roles != null) + { + if(_currentUser.IsInRole(authorizationAttribute.Roles) == false) { - throw new AbpAuthorizationException("Authorization failed! User has not logged in."); + throw new AbpAuthorizationException("Authorization failed! Given roles has not granted: " + authorizationAttribute.Roles); } } else { - await _authorizationService.CheckAsync(authorizationAttribute.Policy).ConfigureAwait(false); + //TODO: Can we find a better, unified, way of checking if current request has been authenticated + if (!_currentUser.IsAuthenticated && !_currentClient.IsAuthenticated) + { + throw new AbpAuthorizationException("Authorization failed! User has not logged in."); + } } - //TODO: What about roles and other props? } } } \ No newline at end of file