tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3168 Commits
10 Branches
150 Tags
122 MiB
 
 
 
 
 
Tree: e3d6f68e96
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e3d6f68e96'
${ noResults }
squidex/src/Squidex.Web/ApiPermissionAttribute.cs

73 lines
2.2 KiB
Raw Blame History

// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschraenkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Squidex.Infrastructure.Security;
using Squidex.Infrastructure.Tasks;
using Squidex.Shared.Identity;
namespace Squidex.Web
{
public sealed class ApiPermissionAttribute : AuthorizeAttribute, IAsyncActionFilter
{
private readonly string[] permissionIds;
public IEnumerable<string> PermissionIds
{
get { return permissionIds; }
}
public ApiPermissionAttribute(params string[] ids)
{
AuthenticationSchemes = "Bearer";
permissionIds = ids;
}
public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (permissionIds.Length > 0)
{
var permissions = context.HttpContext.Context().Permissions;
var hasPermission = false;
if (permissions != null)
{
foreach (var permissionId in permissionIds)
{
var id = permissionId;
foreach (var routeParam in context.RouteData.Values)
{
id = id.Replace($"{{{routeParam.Key}}}", routeParam.Value?.ToString());
}
if (permissions.Allows(new Permission(id)))
{
hasPermission = true;
break;
}
}
}
if (!hasPermission)
{
context.Result = new StatusCodeResult(403);
return TaskHelper.Done;
}
}
return next();
}
}
}