public async Task OnAuthorizationAsync(AuthorizationFilterContext context) { string session = context.HttpContext.Request.Query["session"]; IRSUserRepository service = (IRSUserRepository)context.HttpContext.RequestServices.GetService(typeof(IRSUserRepository)); if (permission is null) { await CheckIfAuthenticated(context, service, session); } else { await CheckPermission(context, service, session); } }
private async Task CheckIfAuthenticated(AuthorizationFilterContext context, IRSUserRepository userRepository, string session) { RSUser user = await userRepository.GetUserAsync(session); if (user is null) { UnAuthorized unAuthorized = new UnAuthorized(); unAuthorized.Message = "Unauthenticated"; context.Result = new JsonResult(unAuthorized) { StatusCode = unAuthorized.Status }; } context.RouteData.Values.Add(nameof(RSUser), user); }
private async Task CheckPermission(AuthorizationFilterContext context, IRSUserRepository userRepository, string session) { bool hasPermission = await userRepository.HasPermisson(session, permission); if (!hasPermission) { int statusCode = (int)HttpStatusCode.Forbidden; context.Result = new JsonResult(new UnAuthorized { Message = $"This action requires permission {permission}.", Status = statusCode }) { StatusCode = statusCode }; } RSUser user = await userRepository.GetUserAsync(session); context.RouteData.Values.Add(nameof(RSUser), user); }
public UserController(IRSUserRepository userRepository) { this.userRepository = userRepository; }