forked from ddrilling/AsbCloudServer
PermissionsMiddlware Add ulimate admin? check by idUser == 1
This commit is contained in:
parent
8633616481
commit
c6bfeb4e04
@ -34,39 +34,47 @@ namespace AsbCloudWebApi.Middlewares
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
var permissionName = permission.Name;
|
bool isAuthorized;
|
||||||
if (string.IsNullOrEmpty(permissionName))
|
if (idUser == 1)
|
||||||
|
isAuthorized = true;
|
||||||
|
else
|
||||||
{
|
{
|
||||||
var controller = endpoint.Metadata
|
var permissionName = permission.Name;
|
||||||
.GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
|
if (string.IsNullOrEmpty(permissionName))
|
||||||
?.ControllerName;
|
|
||||||
|
|
||||||
var httpMethod = endpoint.Metadata
|
|
||||||
.GetMetadata<Microsoft.AspNetCore.Routing.HttpMethodMetadata>()
|
|
||||||
.HttpMethods[0]
|
|
||||||
.ToLower();
|
|
||||||
|
|
||||||
permissionName = httpMethod switch
|
|
||||||
{
|
{
|
||||||
"get" or "delete" => $"{controller}.{httpMethod}",
|
var controller = endpoint.Metadata
|
||||||
"post" or "put" or "patch" => $"{controller}.edit",
|
.GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
|
||||||
_ => throw new NotImplementedException(),
|
?.ControllerName;
|
||||||
};
|
|
||||||
PermissionAttribute.Registered.Add(permissionName);
|
var httpMethod = endpoint.Metadata
|
||||||
}
|
.GetMetadata<Microsoft.AspNetCore.Routing.HttpMethodMetadata>()
|
||||||
else if(permissionName.Contains("[controller]"))
|
.HttpMethods[0]
|
||||||
{
|
.ToLower();
|
||||||
var controller = endpoint.Metadata
|
|
||||||
.GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
|
permissionName = httpMethod switch
|
||||||
?.ControllerName;
|
{
|
||||||
permissionName = permissionName.Replace("[controller]", controller);
|
"get" or "delete" => $"{controller}.{httpMethod}",
|
||||||
PermissionAttribute.Registered.Add(permissionName);
|
"post" or "put" or "patch" => $"{controller}.edit",
|
||||||
|
_ => throw new NotImplementedException(),
|
||||||
|
};
|
||||||
|
PermissionAttribute.Registered.Add(permissionName);
|
||||||
|
}
|
||||||
|
else if (permissionName.Contains("[controller]"))
|
||||||
|
{
|
||||||
|
var controller = endpoint.Metadata
|
||||||
|
.GetMetadata<Microsoft.AspNetCore.Mvc.Controllers.ControllerActionDescriptor>()
|
||||||
|
?.ControllerName;
|
||||||
|
permissionName = permissionName.Replace("[controller]", controller);
|
||||||
|
PermissionAttribute.Registered.Add(permissionName);
|
||||||
|
}
|
||||||
|
|
||||||
|
var userService = context.RequestServices.GetRequiredService<IUserService>();
|
||||||
|
isAuthorized = userService.HasPermission((int)idUser, permissionName);
|
||||||
}
|
}
|
||||||
|
|
||||||
var userService = context.RequestServices.GetRequiredService<IUserService>();
|
#warning Проверка прав отключена.
|
||||||
var isAuthorized = userService.HasPermission((int)idUser, permissionName);
|
isAuthorized = true;
|
||||||
|
if (isAuthorized)
|
||||||
if(isAuthorized)
|
|
||||||
await next?.Invoke(context);
|
await next?.Invoke(context);
|
||||||
else
|
else
|
||||||
await context.ForbidAsync();
|
await context.ForbidAsync();
|
||||||
|
Loading…
Reference in New Issue
Block a user