public void apiauthorizationattribute___ctor_thorws_on_null_provider_type() { var exception = Assert.Throws <ArgumentNullException>("authorizationProviderType", () => { var attribute = new ApiAuthorizationAttribute(null); }); }
public void apiauthorizationattribute___ctor_thorws_on_provider_type_not_implmenting_correct_interface() { var exception = Assert.Throws <ArgumentException>(() => { var attribute = new ApiAuthorizationAttribute(typeof(int)); }); exception.Message.Should().StartWith("authorizationProviderType must implement interface"); }
public void OnActionExecuting(ActionExecutingContext context) { if (httpContextAccessor.HttpContext.Request.Path.HasValue && (httpContextAccessor.HttpContext.Request.Path.Value.StartsWith("/swagger") || httpContextAccessor.HttpContext.Request.Path.Value.StartsWith("/api/heathcheck"))) { return; } //当前人员权限验证 if (!httpContextAccessor.HttpContext.User.Identity.IsAuthenticated) { throw new FriendlyException(401); } UserInfo currentUserInfo = context.HttpContext.Items["CurrentUserInfo"] as UserInfo; if (currentUserInfo == null) { throw new FriendlyException(403, $"this user {httpContextAccessor.HttpContext.User.Identity.Name} information was not found."); } UserPermission currentUserPermission = httpContextAccessor.HttpContext.Items["CurrentUserPermission"] as UserPermission; if (currentUserPermission == null) { throw new FriendlyException(403, $"this user {httpContextAccessor.HttpContext.User.Identity.Name} permission information was not found."); } ApiAuthorizationAttribute authorizationAttribute = ((Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor)context.ActionDescriptor) .MethodInfo.GetCustomAttribute(typeof(ApiAuthorizationAttribute), false) as ApiAuthorizationAttribute; if (authorizationAttribute == null) { throw new FriendlyException(403, $"This action {context.ActionDescriptor.DisplayName} have no authorization attribute configration."); } var query = currentUserPermission.AllowActionCodes.FirstOrDefault(p => p == authorizationAttribute.ResourceCode); if (query == null) { throw new FriendlyException(403, $"This user {httpContextAccessor.HttpContext.User.Identity.Name} have no permission for this resource : {authorizationAttribute.ResourceCode}."); } }