Checks when is the resource owner or someone with admin role

IAuthorizationRule.cs

public interface IAuthorizationRule : IFilterMetadata
{
    Task<bool> HasAccess(ActionExecutingContext context);
}

ResourceOwnerOrAdminAttribute.cs

public class ResourceOwnerOrAdminAttribute : Attribute, IAuthorizationRule
  {
      private readonly string idArgumentName;

      public ResourceOwnerOrAdminAttribute(string idArgumentName = "id")
      {
          this.idArgumentName = idArgumentName;
      }

      public async Task<bool> HasAccess(ActionExecutingContext context)
      {
          var someService = context.HttpContext.RequestServices.GetService<ISomeService>();

          if (context.ActionArguments.TryGetValue(idArgumentName, out var argument) && argument is Guid id)
          {
              var obj = await someService.GetByIdAsync(id);

              return context.HttpContext.User.HasClaim(c =>
                  (c.Type == ClaimTypes.Role && c.Value == "Admin") ||
                  (c.Type == ClaimTypes.UserId && c.Value == obj?.UserId));
          }

          return false;
      }
  }

ResourceOwnerOrAdminAuthorizationFilter.cs

public class ResourceOwnerOrAdminAuthorizationFilter : IAsyncActionFilter
{
    public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
    {
        var filters = context
            .Filters
            .OfType<IAuthorizationRule>()
            .Select(f => f.HasAccess(context));

        var hasAccess = await Task.WhenAll(filters);

        if (!hasAccess.All(a => a))
        {
            context.Result = new UnauthorizedResult();
            return;
        }

        await next();
    }
}