public async Task <bool> HasPermission(IEnumerable <PermissionAttribute> attributes, IList <string> roles)
        {
            if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier) == null)
            {
                throw new AuthenticationException();
            }

            try
            {
                foreach (var permissionAttribute in attributes)
                {
                    var roleClaims = new List <Claim>();
                    foreach (var role in roles)
                    {
                        var claims = await _roleManager.GetClaimsAsync(role);

                        roleClaims.AddRange(claims);
                    }
                    foreach (var roleClaim in roleClaims)
                    {
                        if (roleClaim.Type.ToLower() == permissionAttribute.ClaimType.ToLower())
                        {
                            if (String.IsNullOrEmpty(permissionAttribute.ClaimValue))
                            {
                                return(true);
                            }
                            else
                            {
                                if (roleClaim.Value.ToLower() == permissionAttribute.ClaimValue.ToLower())
                                {
                                    return(true);
                                }
                                else
                                {
                                    throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
                                }
                            }
                        }
                    }

                    throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
                }
            }
            catch (KeyNotFoundException ex)
            {
                throw new UnauthorizedAccessException(ex.Message);
            }
            catch (Exception ex)
            {
                _logger.LogCritical(ex.Message);
                throw;
            }
            throw new UnauthorizedAccessException();
        }
Example #2
0
        public async Task <IList <Claim> > GetAllClaimsForLoggedUserAsync()
        {
            var userId     = GetUserId();
            var userClaims = await GetUserClaimsAsync(userId);

            var claims = userClaims;

            var roles = await GetRolesAsync(userId);

            foreach (var role in roles)
            {
                var roleClaims = await _roleManager.GetClaimsAsync(role);

                foreach (var roleClaim in roleClaims)
                {
                    //UserClaim RoleClaiim'i ezdiği için öncelikle UserClaim'de yetki var mı diye kontrol ediliyor.
                    var claimIsExistInUserClaims = (from p in userClaims where p.Type == roleClaim.Type select p).Count() > 0;

                    if (!claimIsExistInUserClaims)
                    {
                        //Çift kaydı engellemek için ClaimType ve ClaimValue değerleri eşleşen kayıtlar eklenmiyor.
                        var claimIsExistInClaims = (from p in claims where p.Type == roleClaim.Type && p.Value == roleClaim.Value select p).Count() > 0;

                        if (!claimIsExistInClaims)
                        {
                            claims.Add(roleClaim);
                        }
                    }
                }
            }

            return(claims);
        }
        private async Task <(List <Claim>, CustomUser)> AddRolesAndRoleClaimsAsync(List <Claim> claims, CustomUser user)
        {
            var userRoles = await _userManager.GetRolesAsync(user);

            foreach (var userRole in userRoles)
            {
                claims.Add(new Claim(ClaimTypes.Role, userRole));

                var role = await _roleManager.FindByNameAsync(userRole);

                if (role == null)
                {
                    continue;
                }

                var roleClaims = await _roleManager.GetClaimsAsync(role);

                foreach (var roleClaim in roleClaims)
                {
                    if (claims.Contains(roleClaim))
                    {
                        continue;
                    }

                    claims.Add(roleClaim);
                }
            }
            return(claims, user);
        }
Example #4
0
        public async virtual Task <IActionResult> GetClaimsAsync(string roleName)
        {
            var result = await CommonOperationAsync <IList <Claim> >(async() =>
            {
                var claims = await _roleManager.GetClaimsAsync(roleName);
                if (claims == null || claims.Count == 0)
                {
                    throw new KeyNotFoundException(IdentityStringMessages.Authority);
                }
                return(claims);
            });

            return(Ok(new ApiResponse(LocalizationService, Logger).Ok(Mapper.Map <IList <Claim>, IList <ClaimResponse> >(result), result.Count)));
        }