Esempio n. 1
0
        protected async Task <bool> CheckPermission(string[] actions)
        {
            string resourceKey   = ControllerContext.RouteData.Values["controller"].ToString();
            var    isAccessAllow = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey.ToUpper(), actions);

            return(isAccessAllow);
        }
Esempio n. 2
0
        public async Task <BaseResponse> CheckPermission(string resourceKey, string permission)
        {
            var response = new BaseResponse();

            await TryCatchAsync(async() =>
            {
                var data = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey, permission);

                if (data)
                {
                    response.Successful();
                }

                return(response);
            }, response);

            return(response);
        }
Esempio n. 3
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            try
            {
                var isAnonymousAction = context.ActionDescriptor
                                        .FilterDescriptors
                                        .Any(m => m.Filter.GetType() == typeof(AllowAnonymousFilter));

                if (isAnonymousAction)
                {
                    await next();

                    return;
                }

                var resourceKey = ResourceKey;

                if (string.IsNullOrWhiteSpace(resourceKey))
                {
                    var descriptor = context.ActionDescriptor as ControllerActionDescriptor;
                    resourceKey = descriptor.ControllerName;
                }

                var actions       = Actions.Select(item => item.ToString()).ToArray();
                var isAccessAllow = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey, actions);

                if (!isAccessAllow)
                {
                    throw new UnauthorizedAccessException();
                }

                await next();
            }
            catch (UnauthorizedAccessException)
            {
                context.Result = new ContentResult()
                {
                    Content    = "Forbidden",
                    StatusCode = (int)HttpStatusCode.Forbidden
                };
            }
        }