29 lines
954 B
C#
29 lines
954 B
C#
using Microsoft.AspNetCore.Authorization;
|
|
using Moonlight.Shared;
|
|
|
|
namespace Moonlight.Api.Implementations;
|
|
|
|
public class PermissionAuthorizationHandler : AuthorizationHandler<PermissionRequirement>
|
|
{
|
|
protected override Task HandleRequirementAsync(
|
|
AuthorizationHandlerContext context,
|
|
PermissionRequirement requirement)
|
|
{
|
|
var permissionClaim = context.User.FindFirst(x =>
|
|
x.Type.Equals(Permissions.ClaimType, StringComparison.OrdinalIgnoreCase) &&
|
|
x.Value.Equals(requirement.Identifier, StringComparison.OrdinalIgnoreCase)
|
|
);
|
|
|
|
if (permissionClaim == null)
|
|
{
|
|
context.Fail(new AuthorizationFailureReason(
|
|
this,
|
|
$"User does not have the requested permission '{requirement.Identifier}'"
|
|
));
|
|
return Task.CompletedTask;
|
|
}
|
|
|
|
context.Succeed(requirement);
|
|
return Task.CompletedTask;
|
|
}
|
|
} |