public async Task Invoke(HttpContext context)
{
if (context == null)
{
throw new ArgumentNullException(nameof(context));
}
var endpoint = context.GetEndpoint();
if (endpoint == null)
{
await _next(context);
return;
}
if (endpoint.Metadata.GetMetadata <IAllowAnonymous>() != null)
{
await _next(context);
return;
}
var roles = new List <string>();
var permissionNames = endpoint.Metadata.GetOrderedMetadata <PermissionRoleRouteAttribute>() ?? Array.Empty <PermissionRoleRouteAttribute>();
if (permissionNames.Count > 0)
{
foreach (var permissionName in permissionNames)
{
roles.AddRange(_permissionRoleProvider.GetRolesAsync(permissionName.GetName()));
}
}
else
{
if (endpoint is RouteEndpoint routeEndpoint)
{
var apiRoute = routeEndpoint.RoutePattern.RawText;
roles.AddRange(_permissionRoleProvider.GetRolesAsync(apiRoute));
}
}
roles = roles.Distinct().ToList();
var permissionContext = new PermissionContext(context, roles);
var result = _permissionHandler.Handler(permissionContext);
if (result.Forbidden)
{
context.Response.StatusCode = 403;
return;
}
await _next(context);
}
