using System; using System.Collections.Generic; using System.Linq; using System.Security.Claims; using System.Web.Http; using Step.Database.Controllers; using Step.Model.DTOModels; using static Step.Utils.Constants; namespace Step.Controllers.WebApi { [RoutePrefix("api/authorization")] public class AuthorizationController : ApiController { [Route("functions"), HttpGet] [WebApiAuthorize(FunctionAccess = "functionAccess", Action = ACTIONS.READ)] public IHttpActionResult GetFunctionsConfig() { using (FunctionAccessController functionController = new FunctionAccessController()) { var identity = User.Identity as ClaimsIdentity; var userRoleLevel = identity.Claims.Where(c => c.Type == ROLE_LEVEL_KEY).SingleOrDefault(); List functionsList = functionController.GetFunctionAccess(Convert.ToInt32(userRoleLevel.Value)); if (functionsList == null) return NotFound(); return Ok(functionsList); } } } }