CMS4390\marantalu
68 lines
2.3 KiB
C#
68 lines
2.3 KiB
C#
using System;
|
|
using System.Linq;
|
|
using System.Security.Claims;
|
|
using System.Web.Http;
|
|
using System.Web.Http.Controllers;
|
|
using Step.Database.Controllers;
|
|
using Step.Config;
|
|
using static Step.Utils.Constants;
|
|
using Step.Model;
|
|
using Step.Utils;
|
|
using System.Net.Http;
|
|
|
|
namespace Step
|
|
{
|
|
class WebApiAuthorizeAttribute : AuthorizeAttribute
|
|
{
|
|
public string FunctionAccess;
|
|
public ACTIONS Action;
|
|
protected override bool IsAuthorized(HttpActionContext actionContext)
|
|
{
|
|
if (!base.IsAuthorized(actionContext))
|
|
return false;
|
|
|
|
// Get user level stored in the bearer token
|
|
ClaimsPrincipal principal = actionContext.RequestContext.Principal as ClaimsPrincipal;
|
|
var userRoleLevel = principal.Claims.Where(c => c.Type == ROLE_LEVEL_KEY).SingleOrDefault();
|
|
// User data not found -> not authorized
|
|
if (userRoleLevel == null)
|
|
return false;
|
|
|
|
// check authorization
|
|
if (!CheckAuthorization(Convert.ToInt32(userRoleLevel.Value), FunctionAccess))
|
|
return false;
|
|
|
|
return true;
|
|
}
|
|
|
|
private bool CheckAuthorization(int userLevel, string functionName)
|
|
{
|
|
using (FunctionAccessController acController = new FunctionAccessController())
|
|
{
|
|
// Read from db category levels
|
|
FunctionAccessModel functionAccess = acController.FindEnabledFunctionByName(functionName);
|
|
if (functionAccess != null && StartupConfigController.CheckAreaStatus(functionAccess.Area))
|
|
{
|
|
if (Action == ACTIONS.READ)
|
|
{ // Check read permissions
|
|
if (functionAccess.ReadLevelMin > userLevel)
|
|
return false; // Not authorized
|
|
}
|
|
else
|
|
{ // Check write permissions
|
|
if (functionAccess.WriteLevelMin > userLevel)
|
|
return false; // Not authorized
|
|
}
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
|
|
// Authorized
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
}
|