public void OnAuthorization(AuthorizationFilterContext context)
{
var isAuthorized = false;
try
{
var apiKey = GetApiKey(context);
var client = _apiClientService.GetApiClient(apiKey);
isAuthorized = client.HasPermission(_requiredPermission);
if (!isAuthorized)
{
_logger.LogWarning($"{client.Name} does not have '{_requiredPermission}' permission");
}
}
catch (Exception e)
{
_logger.LogError(e, "Failed during authorization");
}
if (!isAuthorized)
{
context.Result = new UnauthorizedObjectResult("unauthorized");
}
}