public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (permissionIds.Length > 0)
{
var set = new PermissionSet(
context.HttpContext.User.FindAll(SquidexClaimTypes.Permissions)
.Select(x => x.Value)
.Select(x => new Permission(x)));
var hasPermission = false;
foreach (var permissionId in permissionIds)
{
var id = permissionId;
foreach (var routeParam in context.RouteData.Values)
{
id = id.Replace($"{{{routeParam.Key}}}", routeParam.Value?.ToString());
}
hasPermission |= set.Allows(new Permission(id));
}
if (!hasPermission)
{
context.Result = new StatusCodeResult(403);
return(TaskHelper.Done);
}
}
return(next());
}
private static bool HasPermission(PermissionSet permissions, ISchemaEntity schema)
{
var permission = Permissions.ForApp(Permissions.AppContentsRead, schema.AppId.Name, schema.SchemaDef.Name);
return(permissions.Allows(permission));
}
public static bool HasPermission(this HttpContext httpContext, Permission permission, PermissionSet?additional = null)
{
return(httpContext.Permissions().Allows(permission) || additional?.Allows(permission) == true);
}
public static bool HasPermission(this ApiController controller, Permission permission, PermissionSet?additional = null)
{
return(controller.HttpContext.HasPermission(permission) || additional?.Allows(permission) == true);
}
public static bool Allows(this PermissionSet permissions, string id, string app = Permission.Any, string schema = Permission.Any)
{
var permission = ForApp(id, app, schema);
return(permissions.Allows(permission));
}
