private void ProcessOnlyUserItselfPermission(IApplicationRequest <object> appRequest, Type handlerType)
{
var userItselfAttribute = handlerType.GetCustomAttribute <PermitOnlyUserItselfAttribute>(false);
if (userItselfAttribute is null)
{
return;
}
_logger.LogInformation($"Evaluating {nameof(PermitOnlyUserItselfAttribute)}");
var commandType = appRequest.Data.GetType();
var idProperty = commandType.GetProperties()
.FirstOrDefault(x => x.GetCustomAttribute <IsUserIdentifierAttribute>(false) != null);
if (idProperty is null)
{
var message = $"When using {nameof(PermitOnlyUserItselfAttribute)}, the command must have {nameof(IsUserIdentifierAttribute)} indicating user ID";
throw new ArgumentNullException(message);
}
var userId = idProperty.GetValue(appRequest.Data);
if (userId is null)
{
throw new ArgumentNullException("User identifier is not provided!", nameof(userId));
}
if (!_authorizationService.HasPrincipalClaimedIdentifier(appRequest.Principal, userId))
{
_logger.LogError("Authorization failed!");
throw new UnauthorizedAccessException("Current principal has no access to given resource - not an owner");
}
}
public CashierRequest(IApplicationRequest applicationRequest)
{
CorrelationId = applicationRequest.CorrelationId;
ClientConnectionId = applicationRequest.ClientConnectionId;
Name = applicationRequest.Name;
ParamsAsJson = applicationRequest.ParamsAsJson;
TimeStamp = applicationRequest.TimeStamp;
IdentifyingColor = applicationRequest.IdentifyingColor;
}
public WebToGateway(IApplicationRequest applicationRequest)
{
this.CorrelationId = applicationRequest.CorrelationId;
this.ClientConnectionId = applicationRequest.ClientConnectionId;
this.ClientConnectionGroup = applicationRequest.ClientConnectionGroup;
this.MessageType = applicationRequest.MessageType;
this.Name = applicationRequest.Name;
this.ParamsAsJson = applicationRequest.ParamsAsJson;
this.TimeStamp = applicationRequest.TimeStamp;
}
private void ProcessRequirePermissionAttribute(IApplicationRequest <object> appRequest, Type requestType)
{
var permissionAttribute = requestType.GetCustomAttribute <RequirePermissionAttribute>(false);
if (permissionAttribute != null && !string.IsNullOrWhiteSpace(permissionAttribute.PermissionName))
{
_logger.LogInformation("Evaluating permission {permission}", permissionAttribute.PermissionName);
if (!_authorizationService.AuthorizeByRole(appRequest.Principal, permissionAttribute.PermissionName))
{
_logger.LogError("Authorization failed!");
throw new UnauthorizedAccessException("Current principal has no access to given resource - missing permissions");
}
_logger.LogInformation("Authorization successful");
}
else
{
_logger.LogWarning("Command {command} has no RequirePermission attribute", requestType);
}
}
