protected async Task <bool> CheckPermission(string[] actions)
{
string resourceKey = ControllerContext.RouteData.Values["controller"].ToString();
var isAccessAllow = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey.ToUpper(), actions);
return(isAccessAllow);
}
public async Task <BaseResponse> CheckPermission(string resourceKey, string permission)
{
var response = new BaseResponse();
await TryCatchAsync(async() =>
{
var data = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey, permission);
if (data)
{
response.Successful();
}
return(response);
}, response);
return(response);
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
try
{
var isAnonymousAction = context.ActionDescriptor
.FilterDescriptors
.Any(m => m.Filter.GetType() == typeof(AllowAnonymousFilter));
if (isAnonymousAction)
{
await next();
return;
}
var resourceKey = ResourceKey;
if (string.IsNullOrWhiteSpace(resourceKey))
{
var descriptor = context.ActionDescriptor as ControllerActionDescriptor;
resourceKey = descriptor.ControllerName;
}
var actions = Actions.Select(item => item.ToString()).ToArray();
var isAccessAllow = await accessClient.CheckPermission(appConfig.AppGroupResourceKey, resourceKey, actions);
if (!isAccessAllow)
{
throw new UnauthorizedAccessException();
}
await next();
}
catch (UnauthorizedAccessException)
{
context.Result = new ContentResult()
{
Content = "Forbidden",
StatusCode = (int)HttpStatusCode.Forbidden
};
}
}