Ejemplo n.º 1
0
            public async Task OnActionExecutionAsync(ActionExecutingContext actionContext, ActionExecutionDelegate next)
            {
                if (actionContext.HttpContext.Request.Method == HttpMethod.Options.ToString())
                {
                    return;
                }

                if (_value.Equals(nameof(AllowAnonymousAttribute)))
                {
                    await next();

                    return;
                }

                IList <string> tokenValues = null;

                var isPublicTokenSet = _value.Equals(nameof(PublicTokenAttribute));

                if (!actionContext.HttpContext.Request.Headers.ContainsKey("token"))
                {
                    if (!isPublicTokenSet)
                    {
                        actionContext.Result = new UnauthorizedResult();
                        return;
                    }
                }
                else if (actionContext.HttpContext.Request.Headers.TryGetValue("token", out var tokenStringValues) && !tokenStringValues.IsNullOrEmpty())
                {
                    tokenValues = tokenStringValues.ToList();
                }

                if (!Guid.TryParse(tokenValues?.FirstOrDefault()?.Trim() ?? string.Empty, out var tokenGuid))
                {
                    actionContext.Result = new UnauthorizedResult();
                    return;
                }

                var userTokenInfo = AuthenticationLogic.CheckTokenInfo(tokenGuid);

                string userLevel = "";

                if ((int)Enums.UserLevel.Customer == userTokenInfo.UserLevel)
                {
                    userLevel = Enums.UserLevel.Customer.ToString();
                }

                else if ((int)Enums.UserLevel.CompanyOwner == userTokenInfo.UserLevel)
                {
                    userLevel = Enums.UserLevel.CompanyOwner.ToString();
                }

                else if ((int)Enums.UserLevel.DepartmentOwner == userTokenInfo.UserLevel)
                {
                    userLevel = Enums.UserLevel.DepartmentOwner.ToString();
                }

                else if ((int)Enums.UserLevel.SystemOwner == userTokenInfo.UserLevel)
                {
                    userLevel = Enums.UserLevel.SystemOwner.ToString();
                }

                if (!_value.Contains(userLevel))
                {
                    actionContext.Result = new ForbidResult();
                    return;
                }



                SetIdentities(actionContext, userTokenInfo);

                await next();
            }