Example #1
0
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            Context = context;
            if (UserIsAuthentiacted())
            {
                try
                {
                    var ClaimHelper           = new ClaimHelper(CreateHttpContextAccessor());
                    var databaseHelper        = new DatabaseHelper(ClaimHelper, Logger, new SqlQueryHelper());
                    IEnumerable <Roles> roles = null;
                    var key = AesEncrypter._instance.DecryptyData(
                        ClaimHelper.GetValueFromClaim("key"));
                    if (IsUser(ClaimHelper.GetValueFromClaim("aud")))
                    {
                        roles = databaseHelper.GetRolesFromUser(key);
                    }
                    else
                    {
                        roles = databaseHelper.GetRolesFromToken(key);
                    }

                    if (!UserHasPermission(roles))
                    {
                        RejectRequest("Permission denied", 403);
                    }
                }
                catch (Exception error)
                {
                    Logger.LogEventAsync(error, "error.json");
                    RejectRequest("An unhandled Exception has occured", 500);
                }
            }
            else
            {
                RejectRequest("Not Authorized", 401);
            }
        }