示例#1
0
        public void OnAuthorization(AuthorizationFilterContext context)
        {
            _arm = context.HttpContext.RequestServices
                   .GetRequiredService <AccessRightsManager>();

            //Приведение к типу для получения функций и действий контроллера
            var ad = (Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)
                     context.ActionDescriptor;
            var controllerName = ad.ControllerName + "Controller";
            var actionName     = ad.ActionName;

            AccessRight accessRights = _arm.GetRights(context.HttpContext.User.Identity.Name,
                                                      controllerName).Result;
            var actionAvailable = accessRights.Rights.Any(r => r.Name.Equals(actionName) && r.IsAvailable);

            //При каких условиях давать доступ
            if (controllerName.Equals("HomeController") ||
                (accessRights != null && accessRights.IsAvailable && actionAvailable))
            {
                return;
            }

            if (context.HttpContext.Request.Method == "GET")
            {
                context.HttpContext.Response.Redirect($"/Home/ErrorAccess");
            }
            else
            {
                context.HttpContext.Abort();
            }
        }
示例#2
0
 public CassaController(BillingDbContext dbContext,
                        RoleManager <Role> roleManager,
                        UserManager <IdentityUser> userManager,
                        AccessRightsManager rightsManager,
                        IServiceScopeFactory scopeFactory) : base(dbContext, roleManager, userManager, scopeFactory)
 {
     _rightsManager = rightsManager;
 }
示例#3
0
 public HomeController(AccessRightsManager rightsManager)
 {
     _rightsManager = rightsManager;
 }
示例#4
0
 // DELETE api/<controller>/5
 /// <summary>
 /// Deletes the specified identifier.
 /// </summary>
 /// <param name="id">The identifier.</param>
 public void Delete(String id, int CompanyID)
 {
     AccessRightsManager.DeleteItem(id, CompanyID);
 }
示例#5
0
 public AccessRightsCollection Get(string roleName, string applicationName, string nodeParentID, int companyID)
 {
     return(AccessRightsManager.GetbyNoteParent(roleName, applicationName, nodeParentID, companyID));
 }
示例#6
0
 // GET api/<controller>
 /// <summary>
 /// Gets this instance.
 /// </summary>
 /// <returns></returns>
 public AccessRightsCollection PutSearch(string method, [FromBody] SearchFilter value)
 {
     return(AccessRightsManager.Search(value));
 }
示例#7
0
 // PUT api/<controller>/5
 /// <summary>
 /// Puts the specified identifier.
 /// </summary>
 /// <param name="id">The identifier.</param>
 /// <param name="value">The value.</param>
 /// <returns></returns>
 /// <exception cref="HttpResponseException"></exception>
 public AccessRights Put(string id, [FromBody] AccessRights value)
 {
     return(AccessRightsManager.UpdateItem(value));
 }
示例#8
0
 // POST api/<controller>
 /// <summary>
 /// Posts the specified value.
 /// </summary>
 /// <param name="value">The value.</param>
 /// <returns></returns>
 public AccessRights Post([FromBody] AccessRights value)
 {
     return(AccessRightsManager.InsertOrUpdateItem(value));
 }
示例#9
0
 public AccessRightsCollection GetbyUser(string usr)
 {
     return(AccessRightsManager.GetbyUser(usr));
 }
示例#10
0
 // GET api/<controller>
 /// <summary>
 /// Gets this instance.
 /// </summary>
 /// <returns></returns>
 public AccessRightsCollection Get(int CompanyID)
 {
     return(AccessRightsManager.GetAllItem(CompanyID));
 }