Revize f5c0676a
Přidáno uživatelem Vojtěch Bartička před asi 3 roky(ů)
| Backend/Backend/Authentication/AuthorizationAttribute.cs | ||
|---|---|---|
| 16 | 16 |
MinimumRequiredPermissions = role; |
| 17 | 17 |
} |
| 18 | 18 |
|
| 19 |
public AuthorizeAttribute() |
|
| 20 |
{
|
|
| 21 |
MinimumRequiredPermissions = ERole.ANNOTATOR; |
|
| 22 |
} |
|
| 23 |
|
|
| 24 | 19 |
public void OnAuthorization(AuthorizationFilterContext context) |
| 25 | 20 |
{
|
| 26 | 21 |
// skip authorization if action is decorated with [AllowAnonymous] attribute |
| ... | ... | |
| 29 | 24 |
return; |
| 30 | 25 |
|
| 31 | 26 |
// authorization |
| 32 |
var user = (User?)context.HttpContext.Items["User"];
|
|
| 33 |
if (user == null) |
|
| 27 |
var user = Utils.ContextUtils.GetClientInfo(context.HttpContext);
|
|
| 28 |
if (user == null || user.LoggedUser == null)
|
|
| 34 | 29 |
{
|
| 35 | 30 |
context.Result = new JsonResult(new { message = "Unauthorized" })
|
| 36 | 31 |
{
|
| ... | ... | |
| 38 | 33 |
}; |
| 39 | 34 |
} |
| 40 | 35 |
|
| 41 |
if (MinimumRequiredPermissions > user.Role) |
|
| 36 |
if (MinimumRequiredPermissions > user.LoggedUser.Role)
|
|
| 42 | 37 |
{
|
| 43 | 38 |
context.Result = new JsonResult(new { message = "Unauthorized" })
|
| 44 | 39 |
{
|
Také k dispozici: Unified diff
Use ContextUtils in AuthorizationAttribute