public void OnAuthorization(AuthorizationFilterContext context)
{
Context = context;
if (UserIsAuthentiacted())
{
try
{
var ClaimHelper = new ClaimHelper(CreateHttpContextAccessor());
var databaseHelper = new DatabaseHelper(ClaimHelper, Logger, new SqlQueryHelper());
IEnumerable <Roles> roles = null;
var key = AesEncrypter._instance.DecryptyData(
ClaimHelper.GetValueFromClaim("key"));
if (IsUser(ClaimHelper.GetValueFromClaim("aud")))
{
roles = databaseHelper.GetRolesFromUser(key);
}
else
{
roles = databaseHelper.GetRolesFromToken(key);
}
if (!UserHasPermission(roles))
{
RejectRequest("Permission denied", 403);
}
}
catch (Exception error)
{
Logger.LogEventAsync(error, "error.json");
RejectRequest("An unhandled Exception has occured", 500);
}
}
else
{
RejectRequest("Not Authorized", 401);
}
}