public void OnAuthorization(AuthorizationFilterContext context)
{
IPermissionManager permissionManager = context.HttpContext.RequestServices.GetService <IPermissionManager>();
IMoneyUserManager userManager = context.HttpContext.RequestServices.GetService <IMoneyUserManager>();
string roleName = userManager.GetUserRole(context.HttpContext.User.Identity.Name);
if (!permissionManager.IsRoleHavePermission(roleName, _permission))
{
context.Result = new UnauthorizedResult();
}
}
public async Task <ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
{
string roleName;
try
{
roleName = _moneyUserManager.GetUserRole(principal.Identity.Name);
}
catch
{
return(principal);
}
IEnumerable <Claim> claims = await _permissionManager.GetRolePermissionsAsClaimsAsync(roleName);
principal.AddIdentity(new ClaimsIdentity(claims));
return(principal);
}