31 lines
770 B
C#
31 lines
770 B
C#
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace Metrolog_API.Attributes
|
|
{
|
|
public class PermissionAttribute : Attribute, IAuthorizationFilter
|
|
{
|
|
private readonly string _requiredPermission;
|
|
|
|
public PermissionAttribute(string requiredPermission)
|
|
{
|
|
_requiredPermission = requiredPermission;
|
|
}
|
|
|
|
public void OnAuthorization(AuthorizationFilterContext context)
|
|
{
|
|
var user = context.HttpContext.User;
|
|
if (!user.Identity.IsAuthenticated)
|
|
{
|
|
context.Result = new UnauthorizedResult();
|
|
return;
|
|
}
|
|
|
|
var permissions = user.Claims.Where(c => c.Type == "permission").Select(c => c.Value).ToList();
|
|
if (!permissions.Contains(_requiredPermission))
|
|
{
|
|
context.Result = new ForbidResult();
|
|
}
|
|
}
|
|
}
|
|
}
|