public IViewComponentResult Invoke(string controller, string action)
{
var userId = int.Parse(User.Identity.FindFirstValue(ClaimTypes.NameIdentifier));
ViewBag.HasAccess = _usersAccessRepository.HasAccess(userId, controller, action);
ViewBag.Controller = controller;
ViewBag.Action = action;
return(View());
}
public override void OnActionExecuting(ActionExecutingContext context)
{
try
{
var isAllowAccess = context.ActionDescriptor.EndpointMetadata.Any(a => a.GetType() == typeof(AllowAccessAttribute));
if (!isAllowAccess)
{
if (!context.HttpContext.User.Identity.IsAuthenticated)
{
context.HttpContext.Response.Redirect("/Account/Login", true);
}
else
{
var route = context.ActionDescriptor.RouteValues;
//*************************************REVIEW**********************************************************
var userId = int.Parse(context.HttpContext.User.Identity.FindFirstValue(ClaimTypes.NameIdentifier));
var role = _usersRoleRepository.TableNoTracking.FirstOrDefault(a => a.UserId == userId).RoleId;
// تصمیم گیری نهایی که برای ما سرعت مهم است یا امنیت
//var role = int.Parse(context.HttpContext.User.Identity.FindFirstValue(ClaimTypes.Role));
//*****************************************************************************************************
if (!_usersAccessRepository.HasAccess(role, route))
{
context.Result = new BadRequestResult();
}
}
}
}
catch
{
context.Result = new BadRequestResult();
}
}