private TSpecification ApplayGroupFilter <TSpecification>(TSpecification specification) where TSpecification : BaseSpecification <GroupEntity> { if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS)) { } else if (_identityUIUserInfoService.GetGroupId() != null) { specification.AddFilter(x => x.Id == _identityUIUserInfoService.GetGroupId()); } else { specification.AddFilter(x => false); } return(specification); }
private TSpecification ApplayGroupUserFilter <TSpecification>(TSpecification specification) where TSpecification : BaseSpecification <GroupUserEntity> { if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS)) { } else if (_identityUIUserInfoService.HasGroupPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS) && _identityUIUserInfoService.GetGroupId() != null) { specification.AddFilter(x => x.GroupId == _identityUIUserInfoService.GetGroupId()); } else { specification.AddFilter(x => false); } return(specification); }
public IActionResult Index() { if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS)) { return(View()); } return(RedirectToAction(nameof(User), new { id = _identityUIUserInfoService.GetGroupId() })); }
public void OnAuthorization(AuthorizationFilterContext context) { IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>(); bool hasPermission = identityUIUserInfoService.HasPermission(_permission); if (!hasPermission) { context.Result = new ForbidResult(); return; } }
public void OnAuthorization(AuthorizationFilterContext context) { IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>(); bool isIdentityAdmin = identityUIUserInfoService.HasPermission(_requirePermission); if (isIdentityAdmin) { return; } bool isInRequiredRole = identityUIUserInfoService.HasGroupPermission(_requirePermission); if (!isInRequiredRole) { context.Result = new ForbidResult(); return; } bool groupIdExist = context.RouteData.Values.TryGetValue(GROUP_ROUTE_KEY, out object groupIdObj); if (!groupIdExist) { context.Result = new NotFoundResult(); } string groupId = (string)groupIdObj; string logedInUserId = context.HttpContext.User.GetUserId(); BaseSpecification <GroupUserEntity> baseSpecification = new BaseSpecification <GroupUserEntity>(); baseSpecification.AddFilter(x => x.UserId == logedInUserId); baseSpecification.AddFilter(x => x.GroupId == groupId); baseSpecification.AddFilter(x => x.Role.Permissions.Any(c => c.Permission.Name.ToUpper() == _requirePermission.ToUpper())); IBaseRepository <GroupUserEntity> groupUserRepository = context.HttpContext.RequestServices.GetService <IBaseRepository <GroupUserEntity> >(); bool groupUserExist = groupUserRepository.Exist(baseSpecification); if (!groupUserExist) { //_logger.LogError($"User does not have permission for group. UserId {logedInUserId}, {groupId}"); context.Result = new ForbidResult(); return; } }