Add Permissions to base crud controller. Add optional custom forbid check on edit methods.

2022-02-01 17:58:31 +05:00 · 2022-02-01 17:58:31 +05:00 · 2598738c46
commit 2598738c46
parent fc752e8f3b
2 changed files with 36 additions and 18 deletions
--- a/AsbCloudWebApi/Controllers/AdminUserRoleController.cs
+++ b/AsbCloudWebApi/Controllers/AdminUserRoleController.cs
@ -2,6 +2,7 @@
 using AsbCloudApp.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;

 namespace AsbCloudWebApi.Controllers
 {
@ -13,6 +14,22 @@ namespace AsbCloudWebApi.Controllers
        public AdminUserRoleController(IUserRoleService service)
            :base(service)
        {
+            InsertForbidAsync = (role, token) =>
+            {
+                return Task.FromResult(role?.IdType == 1);
+            };
+
+            UpdateForbidAsync = async (id, _, token) =>
+            {
+                var role = await service.GetAsync(id, token);
+                return role?.IdType == 1;
+            };
+
+            DeleteForbidAsync = async (id, token) =>
+            {
+                var role = await service.GetAsync(id, token);
+                return role?.IdType == 1;
+            };
        }
    }
 }
--- a/AsbCloudWebApi/Controllers/CrudController.cs
+++ b/AsbCloudWebApi/Controllers/CrudController.cs
@ -6,6 +6,7 @@ using System.Threading;
 using System.Linq;
 using System.Threading.Tasks;
 using System.Collections.Generic;
+using System;

 // For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860
 namespace AsbCloudWebApi.Controllers
@ -23,7 +24,9 @@ namespace AsbCloudWebApi.Controllers
    {
        protected readonly TService service;

-        public List<string> Roles { get; } = new List<string> { "Администратор" };
+        public Func<T, CancellationToken, Task<bool>> InsertForbidAsync { get; protected set; } = null;
+        public Func<int, T, CancellationToken, Task<bool>> UpdateForbidAsync { get; protected set; } = null;
+        public Func<int, CancellationToken, Task<bool>> DeleteForbidAsync { get; protected set; } = null;

        public CrudController(TService service)
        {
@ -36,11 +39,9 @@ namespace AsbCloudWebApi.Controllers
        /// <param name="token">CancellationToken</param>
        /// <returns>все записи</returns>
        [HttpGet("all")]
-        public virtual async Task<ActionResult<IEnumerable<T>>> GetAll(CancellationToken token = default)
+        [Permission]
+        public virtual async Task<ActionResult<IEnumerable<T>>> GetAllAsync(CancellationToken token = default)
        {
-            if (!Roles.Any(role => User.IsInRole(role)))
-                return Forbid();
-
            var result = await service.GetAllAsync(token).ConfigureAwait(false);
            return Ok(result);
        }
@ -52,11 +53,9 @@ namespace AsbCloudWebApi.Controllers
        /// <param name="token"></param>
        /// <returns>запись</returns>
        [HttpGet("{id}")]
-        public virtual async Task<ActionResult<T>> Get(int id, CancellationToken token = default)
+        [Permission]
+        public virtual async Task<ActionResult<T>> GetAsync(int id, CancellationToken token = default)
        {
-            if (!Roles.Any(role => User.IsInRole(role)))
-                return Forbid();
-
            var result = await service.GetAsync(id, token).ConfigureAwait(false);
            return Ok(result);
        }
@ -68,11 +67,12 @@ namespace AsbCloudWebApi.Controllers
        /// <param name="token"></param>
        /// <returns>id</returns>
        [HttpPost]
+        [Permission]
        [ProducesResponseType(typeof(int), (int)System.Net.HttpStatusCode.OK)]
-        public virtual async Task<IActionResult> Insert([FromBody] T value, CancellationToken token = default)
+        public virtual async Task<IActionResult> InsertAsync([FromBody] T value, CancellationToken token = default)
        {
-            if (!Roles.Any(role => User.IsInRole(role)))
-                return Forbid();
+            if (InsertForbidAsync is not null && await InsertForbidAsync(value, token))
+                Forbid();

            var result = await service.InsertAsync(value, token).ConfigureAwait(false);
            return Ok(result);
@ -86,11 +86,12 @@ namespace AsbCloudWebApi.Controllers
        /// <param name="token"></param>
        /// <returns>1 - успешно отредактировано, 0 - нет</returns>
        [HttpPut("{id}")]
+        [Permission]
        [ProducesResponseType(typeof(int), (int)System.Net.HttpStatusCode.OK)]
-        public virtual async Task<IActionResult> Put(int id, [FromBody] T value, CancellationToken token = default)
+        public virtual async Task<IActionResult> UpdateAsync(int id, [FromBody] T value, CancellationToken token = default)
        {
-            if (!Roles.Any(role => User.IsInRole(role)))
-                return Forbid();
+            if (UpdateForbidAsync is not null && await UpdateForbidAsync(id, value, token))
+                Forbid();

            var result = await service.UpdateAsync(id, value, token).ConfigureAwait(false);
            if (result == 0)
@ -106,10 +107,10 @@ namespace AsbCloudWebApi.Controllers
        /// <returns>1 - успешно удалено, 0 - нет</returns>
        [HttpDelete("{id}")]
        [ProducesResponseType(typeof(int), (int)System.Net.HttpStatusCode.OK)]
-        public virtual async Task<IActionResult> Delete(int id, CancellationToken token = default)
+        public virtual async Task<IActionResult> DeleteAsync(int id, CancellationToken token = default)
        {
-            if (!Roles.Any(role => User.IsInRole(role)))
-                return Forbid();
+            if (DeleteForbidAsync is not null && await DeleteForbidAsync(id, token))
+                Forbid();

            var result = await service.DeleteAsync(id, token).ConfigureAwait(false);
            return Ok(result);