示例#1
0
        public override async Task OnActionExecutionAsync(ActionExecutingContext filterContext, ActionExecutionDelegate next)
        {
            // if (!(filterContext.HttpContext.User.Identity is QpIdentity identity) || !identity.IsAuthenticated)
            // {
            //     throw new SecurityException(GlobalStrings.YouAreNotAuthenticated);
            // }

            IServiceProvider  serviceProvider   = filterContext.HttpContext.RequestServices;
            ControllerContext controllerContext = ((Controller)filterContext.Controller).ControllerContext;
            IValueProvider    valueProvider     = await CompositeValueProvider.CreateAsync(controllerContext);

            var entityIdResult = valueProvider.GetValue(_entityIdParamName);

            if (string.IsNullOrEmpty(entityIdResult.FirstValue))
            {
                throw new ArgumentException($"Entity id field is not found: {_entityIdParamName}");
            }

            if (!int.TryParse(entityIdResult.FirstValue, out var entityId))
            {
                throw new ArgumentException($"Entity id is not a number: {entityIdResult.FirstValue}");
            }

            var entityType = EntityTypeService.GetByCode(_entityTypeCode);

            if (entityType == null)
            {
                throw new ArgumentException($"Unknown entity type: {_entityTypeCode}");
            }

            var actionType = BackendActionTypeService.GetByCode(_actionTypeCode);

            if (actionType == null)
            {
                throw new ArgumentException($"Unknown action type: {_actionTypeCode}");
            }

            var securityService = serviceProvider.GetRequiredService <ISecurityService>();

            if (!securityService.IsEntityAccessible(_entityTypeCode, entityId, _actionTypeCode))
            {
                throw new SecurityException(string.Format(
                                                GlobalStrings.EntityIsNotAccessible, actionType.Name, entityType.Name, entityId));
            }

            await next.Invoke();
        }
        public void OnAuthorization(AuthorizationContext filterContext)
        {
            if (!(filterContext.HttpContext.User.Identity is QpIdentity identity) || !identity.IsAuthenticated)
            {
                throw new SecurityException(GlobalStrings.YouAreNotAuthenticated);
            }

            var entityIdResult = filterContext.Controller.ValueProvider.GetValue(_entityIdParamName);

            if (string.IsNullOrEmpty(entityIdResult?.AttemptedValue))
            {
                throw new ArgumentException($"Entity id field is not found: {_entityIdParamName}");
            }

            if (!int.TryParse(entityIdResult.AttemptedValue, out var entityId))
            {
                throw new ArgumentException($"Entity id is not a number: {entityIdResult.AttemptedValue}");
            }

            var entityType = EntityTypeService.GetByCode(_entityTypeCode);

            if (entityType == null)
            {
                throw new ArgumentException($"Unknown entity type: {_entityTypeCode}");
            }

            var actionType = BackendActionTypeService.GetByCode(_actionTypeCode);

            if (actionType == null)
            {
                throw new ArgumentException($"Unknown action type: {_actionTypeCode}");
            }

            if (!DependencyResolver.Current.GetService <ISecurityService>().IsEntityAccessible(_entityTypeCode, entityId, _actionTypeCode))
            {
                throw new SecurityException(string.Format(GlobalStrings.EntityIsNotAccessible, actionType.Name, entityType.Name, entityId));
            }
        }
示例#3
0
        public JsonResult GetByCode(string entityTypeCode)
        {
            var entityType = EntityTypeService.GetByCode(entityTypeCode);

            return(Json(entityType, JsonRequestBehavior.AllowGet));
        }
示例#4
0
        public JsonResult GetByCode(string entityTypeCode)
        {
            var entityType = EntityTypeService.GetByCode(entityTypeCode);

            return(Json(entityType));
        }