public void OnAuthorization(AuthorizationFilterContext context) { _arm = context.HttpContext.RequestServices .GetRequiredService <AccessRightsManager>(); //Приведение к типу для получения функций и действий контроллера var ad = (Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor) context.ActionDescriptor; var controllerName = ad.ControllerName + "Controller"; var actionName = ad.ActionName; AccessRight accessRights = _arm.GetRights(context.HttpContext.User.Identity.Name, controllerName).Result; var actionAvailable = accessRights.Rights.Any(r => r.Name.Equals(actionName) && r.IsAvailable); //При каких условиях давать доступ if (controllerName.Equals("HomeController") || (accessRights != null && accessRights.IsAvailable && actionAvailable)) { return; } if (context.HttpContext.Request.Method == "GET") { context.HttpContext.Response.Redirect($"/Home/ErrorAccess"); } else { context.HttpContext.Abort(); } }
public CassaController(BillingDbContext dbContext, RoleManager <Role> roleManager, UserManager <IdentityUser> userManager, AccessRightsManager rightsManager, IServiceScopeFactory scopeFactory) : base(dbContext, roleManager, userManager, scopeFactory) { _rightsManager = rightsManager; }
public HomeController(AccessRightsManager rightsManager) { _rightsManager = rightsManager; }
// DELETE api/<controller>/5 /// <summary> /// Deletes the specified identifier. /// </summary> /// <param name="id">The identifier.</param> public void Delete(String id, int CompanyID) { AccessRightsManager.DeleteItem(id, CompanyID); }
public AccessRightsCollection Get(string roleName, string applicationName, string nodeParentID, int companyID) { return(AccessRightsManager.GetbyNoteParent(roleName, applicationName, nodeParentID, companyID)); }
// GET api/<controller> /// <summary> /// Gets this instance. /// </summary> /// <returns></returns> public AccessRightsCollection PutSearch(string method, [FromBody] SearchFilter value) { return(AccessRightsManager.Search(value)); }
// PUT api/<controller>/5 /// <summary> /// Puts the specified identifier. /// </summary> /// <param name="id">The identifier.</param> /// <param name="value">The value.</param> /// <returns></returns> /// <exception cref="HttpResponseException"></exception> public AccessRights Put(string id, [FromBody] AccessRights value) { return(AccessRightsManager.UpdateItem(value)); }
// POST api/<controller> /// <summary> /// Posts the specified value. /// </summary> /// <param name="value">The value.</param> /// <returns></returns> public AccessRights Post([FromBody] AccessRights value) { return(AccessRightsManager.InsertOrUpdateItem(value)); }
public AccessRightsCollection GetbyUser(string usr) { return(AccessRightsManager.GetbyUser(usr)); }
// GET api/<controller> /// <summary> /// Gets this instance. /// </summary> /// <returns></returns> public AccessRightsCollection Get(int CompanyID) { return(AccessRightsManager.GetAllItem(CompanyID)); }