CMS4390\marantalu
51 lines
1.5 KiB
C#
51 lines
1.5 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Security.Principal;
|
|
using System.Web.Http;
|
|
using System.Web.Http.Controllers;
|
|
using Step.Database.Controllers;
|
|
using static Step.Config.Constants;
|
|
|
|
namespace Step
|
|
{
|
|
class CmsAuthorizationAttribute : AuthorizeAttribute
|
|
{
|
|
public string Category;
|
|
public ACTIONS Action;
|
|
protected override bool IsAuthorized(HttpActionContext actionContext)
|
|
{
|
|
if (!base.IsAuthorized(actionContext))
|
|
return false;
|
|
|
|
// Get user level stored in the bearer token
|
|
ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
|
|
int userLevel = Convert.ToInt32(principal.Claims.Where(c => c.Type == ROLE_LEVEL_KEY).Single().Value);
|
|
|
|
if (!CheckAuthorization(userLevel))
|
|
{
|
|
return false;
|
|
}
|
|
|
|
return base.IsAuthorized(actionContext);
|
|
}
|
|
|
|
private bool CheckAuthorization(int userLevel)
|
|
{
|
|
using (AccessCategoriesController acController = new AccessCategoriesController())
|
|
{
|
|
// Read from db category levels
|
|
int categoryLevel = acController.FindCategoryLevelByAction(Category, Action);
|
|
|
|
if (categoryLevel > userLevel)
|
|
{
|
|
// Not authorized
|
|
return false;
|
|
}
|
|
// Authorized
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
}
|