public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
string session = context.HttpContext.Request.Query["session"];
IRSUserRepository service = (IRSUserRepository)context.HttpContext.RequestServices.GetService(typeof(IRSUserRepository));
if (permission is null)
{
await CheckIfAuthenticated(context, service, session);
}
else
{
await CheckPermission(context, service, session);
}
}
private async Task CheckIfAuthenticated(AuthorizationFilterContext context, IRSUserRepository userRepository, string session)
{
RSUser user = await userRepository.GetUserAsync(session);
if (user is null)
{
UnAuthorized unAuthorized = new UnAuthorized();
unAuthorized.Message = "Unauthenticated";
context.Result = new JsonResult(unAuthorized)
{
StatusCode = unAuthorized.Status
};
}
context.RouteData.Values.Add(nameof(RSUser), user);
}
private async Task CheckPermission(AuthorizationFilterContext context, IRSUserRepository userRepository, string session)
{
bool hasPermission = await userRepository.HasPermisson(session, permission);
if (!hasPermission)
{
int statusCode = (int)HttpStatusCode.Forbidden;
context.Result = new JsonResult(new UnAuthorized {
Message = $"This action requires permission {permission}.", Status = statusCode
})
{
StatusCode = statusCode
};
}
RSUser user = await userRepository.GetUserAsync(session);
context.RouteData.Values.Add(nameof(RSUser), user);
}
public UserController(IRSUserRepository userRepository)
{
this.userRepository = userRepository;
}
