|
@@ -1,7 +1,10 @@
|
1
|
1
|
using System.Collections.Generic;
|
2
|
2
|
using System.Linq;
|
|
3
|
+using System.Net;
|
|
4
|
+using System.Net.Http;
|
3
|
5
|
using System.Web.Http;
|
4
|
6
|
using System.Web.Http.Controllers;
|
|
7
|
+using System.Web.Http.Filters;
|
5
|
8
|
using iiie.Logs.DataAccess;
|
6
|
9
|
using iiie.Logs.DBO;
|
7
|
10
|
|
|
@@ -10,7 +13,7 @@ namespace iiie.Authentication.Business
|
10
|
13
|
/// <summary>
|
11
|
14
|
/// Filter for controllers methods
|
12
|
15
|
/// </summary>
|
13
|
|
- public class AuthFilter : AuthorizeAttribute
|
|
16
|
+ public class AuthFilter : ActionFilterAttribute
|
14
|
17
|
{
|
15
|
18
|
/// <summary>
|
16
|
19
|
/// Authorized roles to access this method
|
|
@@ -26,27 +29,25 @@ namespace iiie.Authentication.Business
|
26
|
29
|
UserRoles = roles.ToList();
|
27
|
30
|
}
|
28
|
31
|
|
29
|
|
- /// <summary>
|
30
|
|
- /// Check if user can access this method
|
31
|
|
- /// </summary>
|
32
|
|
- /// <param name="context">HTTP request context</param>
|
33
|
|
- /// <returns>True if user can access, false otherwise</returns>
|
34
|
|
- protected override bool IsAuthorized(HttpActionContext context)
|
|
32
|
+ public override void OnActionExecuting(HttpActionContext actionContext)
|
35
|
33
|
{
|
|
34
|
+ base.OnActionExecuting(actionContext);
|
36
|
35
|
if (!UserRoles.Any())
|
37
|
|
- return true;
|
|
36
|
+ return;
|
|
37
|
+ OpResult<bool> error = null;
|
38
|
38
|
if (UserStorage.BasicUserDbo == null)
|
39
|
39
|
{
|
40
|
|
- OpResult<bool>.Error(ResultStatus.PermissionError, "User is not recognized. Missing token?").Log();
|
41
|
|
- return false;
|
|
40
|
+ error = OpResult<bool>.Error(ResultStatus.PermissionError, "User is not recognized. Missing token?", "").Log();
|
|
41
|
+ }
|
|
42
|
+ else if (!UserRoles.Contains(UserStorage.BasicUserDbo.Role))
|
|
43
|
+ {
|
|
44
|
+ error = OpResult<bool>.Error(ResultStatus.PermissionError, string.Format("User has role {0}, but only {1} are allowed",
|
|
45
|
+ UserStorage.BasicUserDbo.Role, string.Join(",", UserRoles.Select(x => x.ToString()))), "Permission denied").Log();
|
42
|
46
|
}
|
43
|
|
- if (!UserRoles.Contains(UserStorage.BasicUserDbo.Role))
|
|
47
|
+ if (error != null)
|
44
|
48
|
{
|
45
|
|
- OpResult<bool>.Error(ResultStatus.PermissionError, string.Format("User has role {0}, but only {1} are allowed",
|
46
|
|
- UserStorage.BasicUserDbo.Role, string.Join(",", UserRoles.Select(x => x.ToString())))).Log();
|
47
|
|
- return false;
|
|
49
|
+ actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Unauthorized, error.PublicDetails);
|
48
|
50
|
}
|
49
|
|
- return true;
|
50
|
51
|
}
|
51
|
52
|
}
|
52
|
53
|
}
|