/ - Diff - Anotace pro analýzu smluvních podmínek a skrytých reklam (AV ČR) - 0x00 - Redmine

« Předchozí | Další »

Revize 3c161f5b

Přidáno uživatelem Vojtěch Bartička před asi 3 roky(ů)

ID 3c161f5b06da49cca098fcafb70a97e7373b62d9
Rodič 7b2e66d3
Potomek f5c0676a

Added ERole check to [Authorize] attribute

[Authorize] has ERole.ANNOTATOR as default, ERole can be specified as a parameter

     using Core.Entities;
     using Core.Enums;
     using Microsoft.AspNetCore.Authorization;
     using Microsoft.AspNetCore.Mvc;
     using Microsoft.AspNetCore.Mvc.Filters;
-...
     [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
     public class AuthorizeAttribute : Attribute, IAuthorizationFilter
+    {
         private readonly ERole MinimumRequiredPermissions;
         public AuthorizeAttribute(ERole role = ERole.ANNOTATOR)
+        {
             MinimumRequiredPermissions = role;
+        }
         public AuthorizeAttribute()
+        {
             MinimumRequiredPermissions = ERole.ANNOTATOR;
+        }
         public void OnAuthorization(AuthorizationFilterContext context)
+        {
             // skip authorization if action is decorated with [AllowAnonymous] attribute
-...
                 return;
             // authorization
             var user = (User?) context.HttpContext.Items["User"];
             var user = (User?)context.HttpContext.Items["User"];
             if (user == null)
                 context.Result = new JsonResult(new {message = "Unauthorized"})
                     {StatusCode = StatusCodes.Status401Unauthorized};
+            {
                 context.Result = new JsonResult(new { message = "Unauthorized" })
+                {
                     StatusCode = StatusCodes.Status401Unauthorized
                 };
+            }
             if (MinimumRequiredPermissions > user.Role)
+            {
                 context.Result = new JsonResult(new { message = "Unauthorized" })
+                {
                     StatusCode = StatusCodes.Status401Unauthorized
                 };
+            }
+        }
+    }

     using ILogger = Serilog.ILogger;
     using Models.Documents;
     using RestAPI.Exceptions;
     using RestAPI.Authentication;
     namespace RestAPI.Controllers;
-...
         [ProducesResponseType((int)HttpStatusCode.OK)]
         [ProducesResponseType((int)HttpStatusCode.Forbidden)]
         [ProducesResponseType((int)HttpStatusCode.InternalServerError)]
         [Authorize(Core.Enums.ERole.ADMINISTRATOR)]
         public ActionResult<DocumentListResponse> GetDocuments([FromServices] ClientInfo clientInfo, [FromBody] DocumentListRequest documentListRequest)
+        {
             if (clientInfo.LoggedUser == null)
-...
                 return Problem();
+            }
             if (clientInfo.LoggedUser.Role != Core.Enums.ERole.ADMINISTRATOR)
+            {
                 return Forbid("User is not administrator");
+            }
             return documentService.GetDocuments(documentListRequest);
+        }
-...
         [ProducesResponseType((int)HttpStatusCode.Forbidden)]
         [ProducesResponseType((int)HttpStatusCode.InternalServerError)]
         [ProducesResponseType((int)HttpStatusCode.UnsupportedMediaType)]
         [Authorize(Core.Enums.ERole.ADMINISTRATOR)]
         public ActionResult PostDocuments([FromServices] ClientInfo clientInfo, [FromBody] DocumentAddRequest documentAddRequest)
+        {
             if (clientInfo.LoggedUser == null)
-...
                 return Problem();
+            }
             if (clientInfo.LoggedUser.Role != Core.Enums.ERole.ADMINISTRATOR)
+            {
                 return Forbid("User is not administrator");
+            }
             try
+            {
                 documentService.AddDocuments(documentAddRequest, clientInfo.LoggedUser.Id);

Také k dispozici: Unified diff

Projekt

Obecné

Profil

ASWI - Pokročilé softwarové inženýrství » ASWI 2022 » Anotace pro analýzu smluvních podmínek a skrytých reklam (AV ČR) - 0x00

Revize 3c161f5b

Přidáno uživatelem Vojtěch Bartička před asi 3 roky(ů)