public async Task <bool> HasPermission(IEnumerable <PermissionAttribute> attributes, IList <string> roles)
{
if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier) == null)
{
throw new AuthenticationException();
}
try
{
foreach (var permissionAttribute in attributes)
{
var roleClaims = new List <Claim>();
foreach (var role in roles)
{
var claims = await _roleManager.GetClaimsAsync(role);
roleClaims.AddRange(claims);
}
foreach (var roleClaim in roleClaims)
{
if (roleClaim.Type.ToLower() == permissionAttribute.ClaimType.ToLower())
{
if (String.IsNullOrEmpty(permissionAttribute.ClaimValue))
{
return(true);
}
else
{
if (roleClaim.Value.ToLower() == permissionAttribute.ClaimValue.ToLower())
{
return(true);
}
else
{
throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
}
}
}
}
throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
}
}
catch (KeyNotFoundException ex)
{
throw new UnauthorizedAccessException(ex.Message);
}
catch (Exception ex)
{
_logger.LogCritical(ex.Message);
throw;
}
throw new UnauthorizedAccessException();
}
public async Task <IList <Claim> > GetAllClaimsForLoggedUserAsync()
{
var userId = GetUserId();
var userClaims = await GetUserClaimsAsync(userId);
var claims = userClaims;
var roles = await GetRolesAsync(userId);
foreach (var role in roles)
{
var roleClaims = await _roleManager.GetClaimsAsync(role);
foreach (var roleClaim in roleClaims)
{
//UserClaim RoleClaiim'i ezdiği için öncelikle UserClaim'de yetki var mı diye kontrol ediliyor.
var claimIsExistInUserClaims = (from p in userClaims where p.Type == roleClaim.Type select p).Count() > 0;
if (!claimIsExistInUserClaims)
{
//Çift kaydı engellemek için ClaimType ve ClaimValue değerleri eşleşen kayıtlar eklenmiyor.
var claimIsExistInClaims = (from p in claims where p.Type == roleClaim.Type && p.Value == roleClaim.Value select p).Count() > 0;
if (!claimIsExistInClaims)
{
claims.Add(roleClaim);
}
}
}
}
return(claims);
}
private async Task <(List <Claim>, CustomUser)> AddRolesAndRoleClaimsAsync(List <Claim> claims, CustomUser user)
{
var userRoles = await _userManager.GetRolesAsync(user);
foreach (var userRole in userRoles)
{
claims.Add(new Claim(ClaimTypes.Role, userRole));
var role = await _roleManager.FindByNameAsync(userRole);
if (role == null)
{
continue;
}
var roleClaims = await _roleManager.GetClaimsAsync(role);
foreach (var roleClaim in roleClaims)
{
if (claims.Contains(roleClaim))
{
continue;
}
claims.Add(roleClaim);
}
}
return(claims, user);
}
public async virtual Task <IActionResult> GetClaimsAsync(string roleName)
{
var result = await CommonOperationAsync <IList <Claim> >(async() =>
{
var claims = await _roleManager.GetClaimsAsync(roleName);
if (claims == null || claims.Count == 0)
{
throw new KeyNotFoundException(IdentityStringMessages.Authority);
}
return(claims);
});
return(Ok(new ApiResponse(LocalizationService, Logger).Ok(Mapper.Map <IList <Claim>, IList <ClaimResponse> >(result), result.Count)));
}