public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
if (!context.ActionDescriptor.IsControllerAction())
{
return;
}
//TODO: Avoid using try/catch, use conditional checking
try
{
await _authorizationHelper.CheckPermissionsAsync(
context.ActionDescriptor.GetMethodInfo(),
context.ActionDescriptor.GetMethodInfo().DeclaringType);
}
catch (AncAuthorizationException ex)
{
_logger.LogWarning(ex.ToString(), ex);
//_eventBus.Trigger(this, new AbpHandledExceptionData(ex));
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
context.Result = new ObjectResult(new Result()
{
Status = Status.Failure,
Message = ex.Message
})
{
StatusCode = context.HttpContext.User.Identity.IsAuthenticated
? (int)System.Net.HttpStatusCode.Forbidden
: (int)System.Net.HttpStatusCode.Unauthorized
};
}
else
{
context.Result = new ChallengeResult();
}
}
catch (Exception ex)
{
_logger.LogError(ex.ToString(), ex);
if (ActionResultHelper.IsObjectResult(context.ActionDescriptor.GetMethodInfo().ReturnType))
{
context.Result = new ObjectResult(new
{
Error = ex,
UnAuthorizedRequest = false,
Success = false,
})
{
StatusCode = (int)System.Net.HttpStatusCode.InternalServerError
};
}
else
{
//TODO: How to return Error page?
context.Result = new StatusCodeResult((int)System.Net.HttpStatusCode.InternalServerError);
}
}
}
