Exemplo n.º 1
0
        private async Task <(List <Claim>, CustomUser)> AddRolesAndRoleClaimsAsync(List <Claim> claims, CustomUser user)
        {
            var userRoles = await _userManager.GetRolesAsync(user);

            foreach (var userRole in userRoles)
            {
                claims.Add(new Claim(ClaimTypes.Role, userRole));

                var role = await _roleManager.FindByNameAsync(userRole);

                if (role == null)
                {
                    continue;
                }

                var roleClaims = await _roleManager.GetClaimsAsync(role);

                foreach (var roleClaim in roleClaims)
                {
                    if (claims.Contains(roleClaim))
                    {
                        continue;
                    }

                    claims.Add(roleClaim);
                }
            }
            return(claims, user);
        }
        public async Task <bool> HasPermission(IEnumerable <PermissionAttribute> attributes)
        {
            if (_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier) == null)
            {
                throw new AuthenticationException();
            }

            try
            {
                var userId = Convert.ToInt32(_httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value);

                var roles = await _userManager.GetRolesAsync(userId);

                foreach (var permissionAttribute in attributes)
                {
                    var userClaims = await _userManager.GetUserClaimsAsync(userId);

                    foreach (var userClaim in userClaims)
                    {
                        if (userClaim.Type.ToLower() == permissionAttribute.ClaimType.ToLower())
                        {
                            if (String.IsNullOrEmpty(permissionAttribute.ClaimValue))
                            {
                                return(true);
                            }
                            else
                            {
                                if (userClaim.Value.ToLower() == permissionAttribute.ClaimValue.ToLower())
                                {
                                    return(true);
                                }
                                else
                                {
                                    throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
                                }
                            }
                        }
                    }

                    var roleClaims = new List <Claim>();
                    foreach (var role in roles)
                    {
                        var claims = await _roleManager.GetClaimsAsync(role);

                        roleClaims.AddRange(claims);
                    }
                    foreach (var roleClaim in roleClaims)
                    {
                        if (roleClaim.Type.ToLower() == permissionAttribute.ClaimType.ToLower())
                        {
                            if (String.IsNullOrEmpty(permissionAttribute.ClaimValue))
                            {
                                return(true);
                            }
                            else
                            {
                                if (roleClaim.Value.ToLower() == permissionAttribute.ClaimValue.ToLower())
                                {
                                    return(true);
                                }
                                else
                                {
                                    throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
                                }
                            }
                        }
                    }

                    throw new UnauthorizedAccessException($"{permissionAttribute.ClaimType} - {permissionAttribute.ClaimValue}");
                }
            }
            catch (KeyNotFoundException ex)
            {
                throw new UnauthorizedAccessException(ex.Message);
            }
            catch (Exception ex)
            {
                _logger.LogCritical(ex.Message);
                throw;
            }
            throw new UnauthorizedAccessException();
        }