Exemplo n.º 1
0
        public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
        {
            var    User      = context.HttpContext.User;
            string UserRoles = User.FindFirst(ClaimTypes.Role)?.Value;

            if (UserRoles != null)
            {
                var conAction = context.ActionDescriptor as ControllerActionDescriptor;
                var areaName  = string.Empty;
                if (conAction.ControllerTypeInfo
                    .GetCustomAttribute <AreaAttribute>() != null)
                {
                    areaName = conAction.ControllerTypeInfo
                               .GetCustomAttribute <AreaAttribute>().RouteValue;
                }
                if (areaName == null)
                {
                    areaName = string.Empty;
                }

                bool HasPermission = false;

                if (conAction.ActionName.ToLower() == "error")
                {
                    HasPermission = true;
                }
                else
                {
                    PermissionManager permissionManager = new PermissionManager();
                    HasPermission = await _appPer.CheckAdminPagePermission(areaName, conAction.ControllerName, conAction.ActionName, UserRoles);

                    if (HasPermission)
                    {
                        context.HttpContext.Items[HttpContextKey.PageName] = conAction.ControllerName;
                        context.HttpContext.Items[HttpContextKey.UserArea] = areaName;
                    }
                }
                if (!HasPermission)
                {
                    context.Result = new ForbidResult();
                }
            }
        }