private void ProcessOnlyUserItselfPermission(IApplicationRequest <object> appRequest, Type handlerType) { var userItselfAttribute = handlerType.GetCustomAttribute <PermitOnlyUserItselfAttribute>(false); if (userItselfAttribute is null) { return; } _logger.LogInformation($"Evaluating {nameof(PermitOnlyUserItselfAttribute)}"); var commandType = appRequest.Data.GetType(); var idProperty = commandType.GetProperties() .FirstOrDefault(x => x.GetCustomAttribute <IsUserIdentifierAttribute>(false) != null); if (idProperty is null) { var message = $"When using {nameof(PermitOnlyUserItselfAttribute)}, the command must have {nameof(IsUserIdentifierAttribute)} indicating user ID"; throw new ArgumentNullException(message); } var userId = idProperty.GetValue(appRequest.Data); if (userId is null) { throw new ArgumentNullException("User identifier is not provided!", nameof(userId)); } if (!_authorizationService.HasPrincipalClaimedIdentifier(appRequest.Principal, userId)) { _logger.LogError("Authorization failed!"); throw new UnauthorizedAccessException("Current principal has no access to given resource - not an owner"); } }
public CashierRequest(IApplicationRequest applicationRequest) { CorrelationId = applicationRequest.CorrelationId; ClientConnectionId = applicationRequest.ClientConnectionId; Name = applicationRequest.Name; ParamsAsJson = applicationRequest.ParamsAsJson; TimeStamp = applicationRequest.TimeStamp; IdentifyingColor = applicationRequest.IdentifyingColor; }
public WebToGateway(IApplicationRequest applicationRequest) { this.CorrelationId = applicationRequest.CorrelationId; this.ClientConnectionId = applicationRequest.ClientConnectionId; this.ClientConnectionGroup = applicationRequest.ClientConnectionGroup; this.MessageType = applicationRequest.MessageType; this.Name = applicationRequest.Name; this.ParamsAsJson = applicationRequest.ParamsAsJson; this.TimeStamp = applicationRequest.TimeStamp; }
private void ProcessRequirePermissionAttribute(IApplicationRequest <object> appRequest, Type requestType) { var permissionAttribute = requestType.GetCustomAttribute <RequirePermissionAttribute>(false); if (permissionAttribute != null && !string.IsNullOrWhiteSpace(permissionAttribute.PermissionName)) { _logger.LogInformation("Evaluating permission {permission}", permissionAttribute.PermissionName); if (!_authorizationService.AuthorizeByRole(appRequest.Principal, permissionAttribute.PermissionName)) { _logger.LogError("Authorization failed!"); throw new UnauthorizedAccessException("Current principal has no access to given resource - missing permissions"); } _logger.LogInformation("Authorization successful"); } else { _logger.LogWarning("Command {command} has no RequirePermission attribute", requestType); } }