albert/kreta
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

init

Browse source
This commit is contained in:
skidoodle 2024-03-13 00:33:46 +01:00
commit e124a47765
19374 changed files with 9806149 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

57
KretaWeb/Security/ApiRolePackageAuthorizeAttribute.cs Normal file
View file

@ -0,0 +1,57 @@
using System;
using System.Net;
using System.Net.Http;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using Kreta.BusinessLogic.Security;
namespace Kreta.Web.Security
{
public class ApiRolePackageDenyAuthorizeAttribute : ApiRolePackageAuthorizeAttribute
{
public ApiRolePackageDenyAuthorizeAttribute(params string[] claimValue) : base(KretaSecurityActions.Deny, claimValue) { }
}
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, Inherited = true, AllowMultiple = false)]
public class ApiRolePackageAuthorizeAttribute : AuthorizeAttribute
{
private string[] claimPackages;
private KretaSecurityActions actionType = KretaSecurityActions.Demand;
public ApiRolePackageAuthorizeAttribute(params string[] claimValue)
{
claimPackages = claimValue;
}
public ApiRolePackageAuthorizeAttribute(KretaSecurityActions type, params string[] claimValue)
{
claimPackages = claimValue;
actionType = type;
}
public override void OnAuthorization(HttpActionContext actionContext)
{
if (IsAuthorized(actionContext))
return;
HandleUnauthorizedRequest(actionContext);
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var result = AuthorizeHelper.CheckPackageAccess(claimPackages);
if (actionType == KretaSecurityActions.Deny)
{
result = !result;
}
return result;
}
protected override void HandleUnauthorizedRequest(HttpActionContext actionContext)
{
HttpContext.Current.Response.AddHeader("AuthenticationStatus", "NotAuthorized");
actionContext.Response = actionContext.Request.CreateResponse(HttpStatusCode.Forbidden);
}
}
}