From c0d6582986007fb20a9fbce5fb3f1c97a1ee8592 Mon Sep 17 00:00:00 2001
From: Mehmet Perk <perkmehmed@gmail.com>
Date: Thu, 16 Jan 2020 22:35:07 +0300
Subject: [PATCH] MethodInvocationAuthorizationService should check Roles

---
 .../MethodInvocationAuthorizationService.cs    | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs
index 1e063f1f0e..82a0f9c2d1 100644
--- a/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs
+++ b/framework/src/Volo.Abp.Authorization/Volo/Abp/Authorization/MethodInvocationAuthorizationService.cs
@@ -64,20 +64,26 @@ namespace Volo.Abp.Authorization
 
         protected async Task CheckAsync(IAuthorizeData authorizationAttribute)
         {
-            if (authorizationAttribute.Policy == null)
+            if (authorizationAttribute.Policy != null)
             {
-                //TODO: Can we find a better, unified, way of checking if current request has been authenticated
-                if (!_currentUser.IsAuthenticated && !_currentClient.IsAuthenticated)
+                await _authorizationService.CheckAsync(authorizationAttribute.Policy).ConfigureAwait(false);
+            }
+            else if (authorizationAttribute.Roles != null)
+            {
+                if(_currentUser.IsInRole(authorizationAttribute.Roles) == false)
                 {
-                    throw new AbpAuthorizationException("Authorization failed! User has not logged in.");
+                    throw new AbpAuthorizationException("Authorization failed! Given roles has not granted: " + authorizationAttribute.Roles);
                 }
             }
             else
             {
-                await _authorizationService.CheckAsync(authorizationAttribute.Policy).ConfigureAwait(false);
+                //TODO: Can we find a better, unified, way of checking if current request has been authenticated
+                if (!_currentUser.IsAuthenticated && !_currentClient.IsAuthenticated)
+                {
+                    throw new AbpAuthorizationException("Authorization failed! User has not logged in.");
+                }
             }
 
-            //TODO: What about roles and other props?
         }
     }
 }
\ No newline at end of file