public override async Task OnActionExecutionAsync(ActionExecutingContext filterContext, ActionExecutionDelegate next) { // if (!(filterContext.HttpContext.User.Identity is QpIdentity identity) || !identity.IsAuthenticated) // { // throw new SecurityException(GlobalStrings.YouAreNotAuthenticated); // } IServiceProvider serviceProvider = filterContext.HttpContext.RequestServices; ControllerContext controllerContext = ((Controller)filterContext.Controller).ControllerContext; IValueProvider valueProvider = await CompositeValueProvider.CreateAsync(controllerContext); var entityIdResult = valueProvider.GetValue(_entityIdParamName); if (string.IsNullOrEmpty(entityIdResult.FirstValue)) { throw new ArgumentException($"Entity id field is not found: {_entityIdParamName}"); } if (!int.TryParse(entityIdResult.FirstValue, out var entityId)) { throw new ArgumentException($"Entity id is not a number: {entityIdResult.FirstValue}"); } var entityType = EntityTypeService.GetByCode(_entityTypeCode); if (entityType == null) { throw new ArgumentException($"Unknown entity type: {_entityTypeCode}"); } var actionType = BackendActionTypeService.GetByCode(_actionTypeCode); if (actionType == null) { throw new ArgumentException($"Unknown action type: {_actionTypeCode}"); } var securityService = serviceProvider.GetRequiredService <ISecurityService>(); if (!securityService.IsEntityAccessible(_entityTypeCode, entityId, _actionTypeCode)) { throw new SecurityException(string.Format( GlobalStrings.EntityIsNotAccessible, actionType.Name, entityType.Name, entityId)); } await next.Invoke(); }
public void OnAuthorization(AuthorizationContext filterContext) { if (!(filterContext.HttpContext.User.Identity is QpIdentity identity) || !identity.IsAuthenticated) { throw new SecurityException(GlobalStrings.YouAreNotAuthenticated); } var entityIdResult = filterContext.Controller.ValueProvider.GetValue(_entityIdParamName); if (string.IsNullOrEmpty(entityIdResult?.AttemptedValue)) { throw new ArgumentException($"Entity id field is not found: {_entityIdParamName}"); } if (!int.TryParse(entityIdResult.AttemptedValue, out var entityId)) { throw new ArgumentException($"Entity id is not a number: {entityIdResult.AttemptedValue}"); } var entityType = EntityTypeService.GetByCode(_entityTypeCode); if (entityType == null) { throw new ArgumentException($"Unknown entity type: {_entityTypeCode}"); } var actionType = BackendActionTypeService.GetByCode(_actionTypeCode); if (actionType == null) { throw new ArgumentException($"Unknown action type: {_actionTypeCode}"); } if (!DependencyResolver.Current.GetService <ISecurityService>().IsEntityAccessible(_entityTypeCode, entityId, _actionTypeCode)) { throw new SecurityException(string.Format(GlobalStrings.EntityIsNotAccessible, actionType.Name, entityType.Name, entityId)); } }