public IActionResult DownloadFile(string bundleId, string dumpId, string filename)
{
if (!(authorizationHelper.CheckPolicy(HttpContext.User, LdapCookieAuthenticationExtension.UserPolicy) ||
settings.LdapAuthenticationSettings.ViewerDownloadableFiles.Any(f => f == filename) &&
authorizationHelper.CheckPolicy(HttpContext.User, LdapCookieAuthenticationExtension.ViewerPolicy)))
{
return(Forbid());
}
var bundleInfo = superDumpRepo.GetBundle(bundleId);
if (bundleInfo == null)
{
logger.LogNotFound("DownloadFile: Bundle not found", HttpContext, "BundleId", bundleId);
return(View(null));
}
var file = dumpStorage.GetFile(bundleId, dumpId, filename);
if (file == null)
{
logger.LogNotFound("DownloadFile: File not found", HttpContext, "Filename", filename);
throw new ArgumentException("could not find file");
}
logger.LogFileAccess("DownloadFile", HttpContext, bundleInfo, dumpId, filename);
if (file.Extension == ".txt" ||
file.Extension == ".log" ||
file.Extension == ".json")
{
return(ContentWithFilename(System.IO.File.ReadAllText(file.FullName), file.Name));
}
return(File(System.IO.File.OpenRead(file.FullName), "application/octet-stream", file.Name));
}
public static void UseSwaggerAuthorizationMiddleware(this IApplicationBuilder app, IAuthorizationHelper authorizationHelper)
{
app.Use(async(context, next) => {
if (context.Request.Path.StartsWithSegments("/swagger") && !authorizationHelper.CheckPolicy(context.User, LdapCookieAuthenticationExtension.ViewerPolicy))
{
if (context.User.Identity.IsAuthenticated)
{
await context.ForbidAsync();
}
else
{
await context.ChallengeAsync();
}
}
else
{
await next.Invoke();
}
});
}
public bool Authorize([NotNull] DashboardContext context)
{
return(authorizationHelper.CheckPolicy(context.GetHttpContext().User, LdapCookieAuthenticationExtension.AdminPolicy));
}