Try your search with a different keyword or use * as a wildcard.
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Nop.Data;
using Nop.Services.Security;
namespace Nop.Web.Framework.Mvc.Filters;
/// <summary>
/// Represents a filter attribute that confirms access to public store
/// </summary>
public sealed class CheckAccessPublicStoreAttribute : TypeFilterAttribute
{
#region Ctor
/// <summary>
/// Create instance of the filter attribute
/// </summary>
/// <param name="ignore">Whether to ignore the execution of filter actions</param>
public CheckAccessPublicStoreAttribute(bool ignore = false) : base(typeof(CheckAccessPublicStoreFilter))
{
IgnoreFilter = ignore;
Arguments = [ignore];
}
#endregion
#region Properties
/// <summary>
/// Gets a value indicating whether to ignore the execution of filter actions
/// </summary>
public bool IgnoreFilter { get; }
#endregion
#region Nested filter
/// <summary>
/// Represents a filter that confirms access to public store
/// </summary>
private class CheckAccessPublicStoreFilter : IAsyncAuthorizationFilter
{
#region Fields
protected readonly bool _ignoreFilter;
protected readonly IPermissionService _permissionService;
#endregion
#region Ctor
public CheckAccessPublicStoreFilter(bool ignoreFilter, IPermissionService permissionService)
{
_ignoreFilter = ignoreFilter;
_permissionService = permissionService;
}
#endregion
#region Utilities
/// <summary>
/// Called early in the filter pipeline to confirm request is authorized
/// </summary>
/// <param name="context">Authorization filter context</param>
/// <returns>A task that represents the asynchronous operation</returns>
private async Task CheckAccessPublicStoreAsync(AuthorizationFilterContext context)
{
ArgumentNullException.ThrowIfNull(context);
if (!DataSettingsManager.IsDatabaseInstalled())
return;
//check whether this filter has been overridden for the Action
var actionFilter = context.ActionDescriptor.FilterDescriptors
.Where(filterDescriptor => filterDescriptor.Scope == FilterScope.Action)
.Select(filterDescriptor => filterDescriptor.Filter)
.OfType<CheckAccessPublicStoreAttribute>()
.FirstOrDefault();
//ignore filter (the action is available even if navigation is not allowed)
if (actionFilter?.IgnoreFilter ?? _ignoreFilter)
return;
//check whether current customer has access to a public store
if (await _permissionService.AuthorizeAsync(StandardPermission.PublicStore.PUBLIC_STORE_ALLOW_NAVIGATION))
return;
//customer hasn't access to a public store
context.Result = new ChallengeResult();
}
#endregion
#region Methods
/// <summary>
/// Called early in the filter pipeline to confirm request is authorized
/// </summary>
/// <param name="context">Authorization filter context</param>
/// <returns>A task that represents the asynchronous operation</returns>
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
await CheckAccessPublicStoreAsync(context);
}
#endregion
}
#endregion
}