Example #1
0
        private TSpecification ApplayGroupFilter <TSpecification>(TSpecification specification)
            where TSpecification : BaseSpecification <GroupEntity>
        {
            if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS))
            {
            }
            else if (_identityUIUserInfoService.GetGroupId() != null)
            {
                specification.AddFilter(x => x.Id == _identityUIUserInfoService.GetGroupId());
            }
            else
            {
                specification.AddFilter(x => false);
            }

            return(specification);
        }
Example #2
0
        private TSpecification ApplayGroupUserFilter <TSpecification>(TSpecification specification)
            where TSpecification : BaseSpecification <GroupUserEntity>
        {
            if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS))
            {
            }
            else if (_identityUIUserInfoService.HasGroupPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS) &&
                     _identityUIUserInfoService.GetGroupId() != null)
            {
                specification.AddFilter(x => x.GroupId == _identityUIUserInfoService.GetGroupId());
            }
            else
            {
                specification.AddFilter(x => false);
            }

            return(specification);
        }
Example #3
0
        public IActionResult Index()
        {
            if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS))
            {
                return(View());
            }

            return(RedirectToAction(nameof(User), new { id = _identityUIUserInfoService.GetGroupId() }));
        }
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>();
            bool hasPermission = identityUIUserInfoService.HasPermission(_permission);

            if (!hasPermission)
            {
                context.Result = new ForbidResult();
                return;
            }
        }
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>();

            bool isIdentityAdmin = identityUIUserInfoService.HasPermission(_requirePermission);

            if (isIdentityAdmin)
            {
                return;
            }

            bool isInRequiredRole = identityUIUserInfoService.HasGroupPermission(_requirePermission);

            if (!isInRequiredRole)
            {
                context.Result = new ForbidResult();
                return;
            }

            bool groupIdExist = context.RouteData.Values.TryGetValue(GROUP_ROUTE_KEY, out object groupIdObj);

            if (!groupIdExist)
            {
                context.Result = new NotFoundResult();
            }

            string groupId       = (string)groupIdObj;
            string logedInUserId = context.HttpContext.User.GetUserId();


            BaseSpecification <GroupUserEntity> baseSpecification = new BaseSpecification <GroupUserEntity>();

            baseSpecification.AddFilter(x => x.UserId == logedInUserId);
            baseSpecification.AddFilter(x => x.GroupId == groupId);
            baseSpecification.AddFilter(x => x.Role.Permissions.Any(c => c.Permission.Name.ToUpper() == _requirePermission.ToUpper()));

            IBaseRepository <GroupUserEntity> groupUserRepository = context.HttpContext.RequestServices.GetService <IBaseRepository <GroupUserEntity> >();

            bool groupUserExist = groupUserRepository.Exist(baseSpecification);

            if (!groupUserExist)
            {
                //_logger.LogError($"User does not have permission for group. UserId {logedInUserId}, {groupId}");
                context.Result = new ForbidResult();
                return;
            }
        }