Try your search with a different keyword or use * as a wildcard.
using System.Net;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Nop.Core;
using Nop.Data;
using Nop.Services.Localization;
using Nop.Services.Security;
namespace Nop.Web.Framework.Mvc.Filters;
///
/// Represents a filter attribute that confirms access to functional
///
[AttributeUsage(AttributeTargets.Method, AllowMultiple = true)]
public sealed class CheckPermissionAttribute : TypeFilterAttribute
{
#region Ctor
///
/// Create instance of the filter attribute
///
/// Permission to check
/// The result type for not confirmed access situation
public CheckPermissionAttribute(string permissionSystemName, CheckPermissionResultType resultType = CheckPermissionResultType.Default) : base(typeof(CheckPermissionFilter))
{
Arguments = new object[] { resultType, new List { permissionSystemName } };
PermissionSystemName.Add(permissionSystemName);
ResultType = resultType;
}
///
/// Create instance of the filter attribute
///
/// Permissions to check
/// The result type for not confirmed access situation
public CheckPermissionAttribute(string[] permissionSystemNames, CheckPermissionResultType resultType = CheckPermissionResultType.Default) : base(typeof(CheckPermissionFilter))
{
Arguments = new object[] { resultType, permissionSystemNames.ToList() };
PermissionSystemName.AddRange(permissionSystemNames);
ResultType = resultType;
}
#endregion
#region Properties
///
/// Gets a permission system name to check
///
public List PermissionSystemName { get; } = new();
///
/// Gets a check permission result type
///
public CheckPermissionResultType ResultType { get; }
#endregion
#region Nested filter
///
/// Represents a filter that confirms access
///
private class CheckPermissionFilter : IAsyncAuthorizationFilter
{
#region Fields
protected readonly IHttpContextAccessor _httpContextAccessor;
protected readonly ILocalizationService _localizationService;
protected readonly IPermissionService _permissionService;
protected readonly IWebHelper _webHelper;
protected readonly CheckPermissionResultType _resultType;
protected readonly List _permissionSystemNames;
#endregion
#region Ctor
public CheckPermissionFilter(CheckPermissionResultType resultType,
List permissionSystemNames,
IHttpContextAccessor httpContextAccessor,
ILocalizationService localizationService,
IPermissionService permissionService,
IWebHelper webHelper)
{
_resultType = resultType;
_permissionSystemNames = permissionSystemNames;
_httpContextAccessor = httpContextAccessor;
_localizationService = localizationService;
_permissionService = permissionService;
_webHelper = webHelper;
}
#endregion
#region Utilities
///
/// Called early in the filter pipeline to confirm request is authorized
///
/// Authorization filter context
/// A task that represents the asynchronous operation
private async Task AuthorizeAsync(AuthorizationFilterContext context)
{
ArgumentNullException.ThrowIfNull(context);
if (!DataSettingsManager.IsDatabaseInstalled())
return;
if (!context.Filters.Any(filter => filter is CheckPermissionFilter))
return;
//authorize permission
foreach (var permissionSystemName in _permissionSystemNames)
if (await _permissionService.AuthorizeAsync(permissionSystemName))
return;
var resultType = _resultType;
var request = _httpContextAccessor.HttpContext?.Request;
if (request == null)
return;
if (resultType == CheckPermissionResultType.Default)
resultType = request.Method switch
{
WebRequestMethods.Http.Post => _webHelper.IsAjaxRequest(request) ? CheckPermissionResultType.Json : CheckPermissionResultType.Html,
WebRequestMethods.Http.Get => CheckPermissionResultType.Html,
_ => CheckPermissionResultType.Text,
};
IActionResult html()
{
var controller = request.RouteValues.ContainsKey("controller")
? request.RouteValues["controller"]
: string.Empty;
var action = request.RouteValues.ContainsKey("action")
? request.RouteValues["action"]
: string.Empty;
var pageSystemNameKey = $"{controller}.{action}";
return new RedirectToActionResult("AccessDenied", "Security",
new { pageUrl = _webHelper.GetRawUrl(request), pageSystemNameKey });
}
context.Result = resultType switch
{
CheckPermissionResultType.Json => new JsonResult(new
{
error = await _localizationService.GetResourceAsync("Admin.AccessDenied.Description")
}),
CheckPermissionResultType.Html => html(),
CheckPermissionResultType.Text => new ContentResult
{
Content = await _localizationService.GetResourceAsync("Admin.AccessDenied.Description"),
ContentType = "text/plain",
},
_ => context.Result
};
}
#endregion
#region Methods
///
/// Called early in the filter pipeline to confirm request is authorized
///
/// Authorization filter context
/// A task that represents the asynchronous operation
public async Task OnAuthorizationAsync(AuthorizationFilterContext context)
{
await AuthorizeAsync(context);
}
#endregion
}
#endregion
#region Nested class
public enum CheckPermissionResultType
{
///
/// For Get requests it will be
Default = 0,
///
/// Redirect to Access Denied page
///
Html = 1,
///
/// Return the plain text content
///
Text = 2,
///
/// Return the JSON content
///
Json = 3
}
#endregion
}