-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRolePermissionFilter.cs
More file actions
51 lines (44 loc) · 1.77 KB
/
RolePermissionFilter.cs
File metadata and controls
51 lines (44 loc) · 1.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
using ECommerceAPI.Application.Abstractions.Services;
using ECommerceAPI.Application.CustomAttributes;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Controllers;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Mvc.Routing;
using System.Net;
using System.Reflection;
namespace ECommerceAPI.API.Filters
{
public class RolePermissionFilter : IAsyncActionFilter
{
readonly IUserService _userService;
public RolePermissionFilter(IUserService userService)
{
_userService = userService;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var name = context.HttpContext.User.Identity?.Name;
if (!string.IsNullOrEmpty(name) && name != "admin")
{
var descriptor = context.ActionDescriptor as ControllerActionDescriptor;
var attribute = descriptor.MethodInfo.GetCustomAttribute<AuthorizeDefinitionAttribute>();
var httpAttr = descriptor.MethodInfo.GetCustomAttribute<HttpMethodAttribute>();
if (attribute != null)
{
var code = $"{(httpAttr != null ? httpAttr.HttpMethods.First() : HttpMethods.Get)}.{attribute.ActionType}.{attribute.Definition.Replace(" ", "")}";
var hasRole = await _userService.HasRolePermissionToEndpointAsync(name, code);
if (!hasRole)
{
context.Result = new StatusCodeResult((int)HttpStatusCode.Forbidden);
return;
}
}
await next();
}
else
{
await next();
}
}
}
}