public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var(status, user) = await cookieManager.GetUserSafe(context.HttpContext.Request);
if (user == null)
{
logger.LogWarning($"Неавторизованный вызов {context.HttpContext.Request.Path} {status:G}");
cookieManager.Clear(context.HttpContext.Response);
context.Result = new UnauthorizedResult();
return;
}
if (roles.Any() && !roles.Contains(user.Role))
{
logger.LogWarning($"Недостаточно прав для {context.HttpContext.Request.Path} {user.Id}");
context.Result = new ObjectResult("Неверная роль")
{
StatusCode = 401,
};
}
else
{
context.ActionArguments["user"] = user;
await next();
}
}
public async Task <ActionResult> Results(Guid id)
{
var(_, user) = await cookieManager.GetUserSafe(Request);
var contest = await contestsRepo.GetByIdAsync(id);
var isAdmin = user?.Role == UserRole.Admin;
if (isAdmin || contest.Options.HasFlag(ContestOptions.ResultsOpen))
{
return(Json(await contestManager.GetResults(id, false)));
}
if (contest.Options.HasFlag(ContestOptions.PreResultsOpen))
{
return(Json(await contestManager.GetResults(id, true)));
}
return(NotFound());
}