private TSpecification ApplayGroupFilter <TSpecification>(TSpecification specification)
where TSpecification : BaseSpecification <GroupEntity>
{
if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS))
{
}
else if (_identityUIUserInfoService.GetGroupId() != null)
{
specification.AddFilter(x => x.Id == _identityUIUserInfoService.GetGroupId());
}
else
{
specification.AddFilter(x => false);
}
return(specification);
}
private TSpecification ApplayGroupUserFilter <TSpecification>(TSpecification specification)
where TSpecification : BaseSpecification <GroupUserEntity>
{
if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS))
{
}
else if (_identityUIUserInfoService.HasGroupPermission(IdentityUIPermissions.GROUP_CAN_SEE_USERS) &&
_identityUIUserInfoService.GetGroupId() != null)
{
specification.AddFilter(x => x.GroupId == _identityUIUserInfoService.GetGroupId());
}
else
{
specification.AddFilter(x => false);
}
return(specification);
}
public IActionResult Index()
{
if (_identityUIUserInfoService.HasPermission(IdentityUIPermissions.IDENTITY_UI_CAN_MANAGE_GROUPS))
{
return(View());
}
return(RedirectToAction(nameof(User), new { id = _identityUIUserInfoService.GetGroupId() }));
}
public void OnAuthorization(AuthorizationFilterContext context)
{
IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>();
bool hasPermission = identityUIUserInfoService.HasPermission(_permission);
if (!hasPermission)
{
context.Result = new ForbidResult();
return;
}
}
public void OnAuthorization(AuthorizationFilterContext context)
{
IIdentityUIUserInfoService identityUIUserInfoService = context.HttpContext.RequestServices.GetRequiredService <IIdentityUIUserInfoService>();
bool isIdentityAdmin = identityUIUserInfoService.HasPermission(_requirePermission);
if (isIdentityAdmin)
{
return;
}
bool isInRequiredRole = identityUIUserInfoService.HasGroupPermission(_requirePermission);
if (!isInRequiredRole)
{
context.Result = new ForbidResult();
return;
}
bool groupIdExist = context.RouteData.Values.TryGetValue(GROUP_ROUTE_KEY, out object groupIdObj);
if (!groupIdExist)
{
context.Result = new NotFoundResult();
}
string groupId = (string)groupIdObj;
string logedInUserId = context.HttpContext.User.GetUserId();
BaseSpecification <GroupUserEntity> baseSpecification = new BaseSpecification <GroupUserEntity>();
baseSpecification.AddFilter(x => x.UserId == logedInUserId);
baseSpecification.AddFilter(x => x.GroupId == groupId);
baseSpecification.AddFilter(x => x.Role.Permissions.Any(c => c.Permission.Name.ToUpper() == _requirePermission.ToUpper()));
IBaseRepository <GroupUserEntity> groupUserRepository = context.HttpContext.RequestServices.GetService <IBaseRepository <GroupUserEntity> >();
bool groupUserExist = groupUserRepository.Exist(baseSpecification);
if (!groupUserExist)
{
//_logger.LogError($"User does not have permission for group. UserId {logedInUserId}, {groupId}");
context.Result = new ForbidResult();
return;
}
}