tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Headless CMS and Content Managment Hub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3037 Commits
16 Branches
152 Tags
129 MiB
 
 
 
 
 
Tag: v2.2.2
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'v2.2.2'
${ noResults }
squidex/src/Squidex.Web/ApiPermissionAttribute.cs

70 lines
2.1 KiB
Raw Permalink Blame History

// ==========================================================================
// Squidex Headless CMS
// ==========================================================================
// Copyright (c) Squidex UG (haftungsbeschraenkt)
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Squidex.Infrastructure.Security;
using Squidex.Infrastructure.Tasks;
using Squidex.Shared.Identity;
namespace Squidex.Web
{
public sealed class ApiPermissionAttribute : AuthorizeAttribute, IAsyncActionFilter
{
private readonly string[] permissionIds;
public IEnumerable<string> PermissionIds
{
get { return permissionIds; }
}
public ApiPermissionAttribute(params string[] ids)
{
AuthenticationSchemes = "Bearer";
permissionIds = ids;
}
public Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (permissionIds.Length > 0)
{
var set = context.HttpContext.User.Permissions();
var hasPermission = false;
foreach (var permissionId in permissionIds)
{
var id = permissionId;
foreach (var routeParam in context.RouteData.Values)
{
id = id.Replace($"{{{routeParam.Key}}}", routeParam.Value?.ToString());
}
if (set.Allows(new Permission(id)))
{
hasPermission = true;
break;
}
}
if (!hasPermission)
{
context.Result = new StatusCodeResult(403);
return TaskHelper.Done;
}
}
return next();
}
}
}