36 lines
1.2 KiB
C#
36 lines
1.2 KiB
C#
using Microsoft.AspNetCore.Http;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Mvc.Filters;
|
|
using System;
|
|
using System.Collections.Generic;
|
|
using System.Linq;
|
|
|
|
|
|
namespace FamilyTreeAPI.Authorization;
|
|
|
|
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
|
|
public class AuthorizeAttribute : Attribute, IAuthorizationFilter
|
|
{
|
|
// private readonly IList<AdminRole> _roles;
|
|
/*
|
|
public AuthorizeAttribute(params AdminRole[] roles)
|
|
{
|
|
_roles = roles ?? new AdminRole[] { };
|
|
}
|
|
*/
|
|
public void OnAuthorization(AuthorizationFilterContext context)
|
|
{
|
|
// skip authorization if action is decorated with [AllowAnonymous] attribute
|
|
var allowAnonymous = context.ActionDescriptor.EndpointMetadata.OfType<AllowAnonymousAttribute>().Any();
|
|
if (allowAnonymous)
|
|
return;
|
|
|
|
// authorization
|
|
// var user = (User)context.HttpContext.Items["User"];
|
|
// if (user == null || (_roles.Any() && !_roles.Contains(user.Role)))
|
|
// {
|
|
// not logged in or role not authorized
|
|
// context.Result = new JsonResult(new { message = "Unauthorized" }) { StatusCode = StatusCodes.Status401Unauthorized };
|
|
//}
|
|
}
|
|
} |