public override void OnActionExecuting(ActionExecutingContext context_)
{
bool accessGranted = false;
foreach (string extension in _permissionsByExtension.Keys)
{
// Get the user claim, if any, matching the extension of interest
Claim claimOfLookupExtension = context_.HttpContext.User.Claims.FirstOrDefault(c_ => c_.Type == ClaimType.Permission.ToString() && c_.Value.ToString().StartsWith($"{extension}."));
if (claimOfLookupExtension != null)
{
Permission currentLevel = Enum.Parse <Permission>(PermissionHelper.GetPermissionLevel(claimOfLookupExtension));
foreach (var permission in _permissionsByExtension[extension])
{
var minLevel = (int)permission;
if ((int)currentLevel >= minLevel)
{
// access granted
accessGranted = true;
break;
}
}
}
}
if (!accessGranted)
{
context_.Result = new ForbidResult();
}
}
public override void OnActionExecuting(ActionExecutingContext context_)
{
bool accessGranted = false;
foreach (string scope in _scopedPermissions.Keys)
{
// Get the user claim, if any, matching the scope of interest
Claim claimOfLookupScope = context_.HttpContext.User.Claims.FirstOrDefault(c_ => c_.Type == ClaimType.Permission.ToString() && c_.Value.ToString().StartsWith($"{scope}."));
if (claimOfLookupScope != null)
{
Permission currentLevel = Enum.Parse <Permission>(PermissionHelper.GetPermissionLevel(claimOfLookupScope));
foreach (int minLevel in _scopedPermissions[scope])
{
if ((int)currentLevel >= minLevel)
{
// access granted
accessGranted = true;
break;
}
}
}
}
if (!accessGranted)
{
context_.Result = new ForbidResult();
}
}
/// <summary>
/// Initializes a new instance of the <see cref="AnyPermissionRequirementAttribute"/> class.
/// Allows access when the user has at least one of the claims of type "Permission" with value
/// defined by its level (Admin, Write, Read...) and an extension name (SoftinuxBase.Security, ProjectX.ExtensionY...).
/// </summary>
/// <param name="permissionsForExtensions_">Values with format ExtensionName.Permission.</param>
public AnyPermissionRequirementAttribute(string[] permissionsForExtensions_)
{
foreach (string perm in permissionsForExtensions_)
{
string extension = PermissionHelper.GetExtensionName(perm);
Permission permission = Enum.Parse <Permission>(PermissionHelper.GetPermissionLevel(perm));
if (_permissionsByExtension.ContainsKey(extension))
{
_permissionsByExtension[extension].Add(permission);
}
else
{
_permissionsByExtension.Add(extension, new List <Permission> {
permission
});
}
}
}
/// <summary>
/// Allows access when the user has at least one of the claims of type "Permission" with value
/// defined by its level (Admin, Write, Read...) and its scope (Security, ExtensionX...).
/// </summary>
/// <param name="scopedPermissions_">Values with format ExtensionName.Permission</param>
public AnyPermissionRequirementAttribute(string[] scopedPermissions_)
{
foreach (string perm in scopedPermissions_)
{
string scope = PermissionHelper.GetPermissionScope(perm);
Permission permission = Enum.Parse <Permission>(PermissionHelper.GetPermissionLevel(perm));
if (_scopedPermissions.ContainsKey(scope))
{
_scopedPermissions[scope].Add(permission);
}
else
{
_scopedPermissions.Add(scope, new List <Permission> {
permission
});
}
}
}
