63 lines
1.8 KiB
C#
63 lines
1.8 KiB
C#
using System.Security.Claims;
|
|
using System.Threading;
|
|
using BackOffice.BFF.Application.Common.Interfaces;
|
|
using BackOffice.BFF.Application.Common.Models;
|
|
using Microsoft.AspNetCore.Http;
|
|
|
|
namespace BackOffice.BFF.Infrastructure.Services;
|
|
|
|
public class PermissionService : IPermissionService
|
|
{
|
|
private readonly IHttpContextAccessor _httpContextAccessor;
|
|
|
|
public PermissionService(IHttpContextAccessor httpContextAccessor)
|
|
{
|
|
_httpContextAccessor = httpContextAccessor;
|
|
}
|
|
|
|
public Task<IReadOnlyList<string>> GetUserRolesAsync(CancellationToken cancellationToken)
|
|
{
|
|
var httpContext = _httpContextAccessor.HttpContext;
|
|
var user = httpContext?.User;
|
|
|
|
if (user?.Identity is not { IsAuthenticated: true })
|
|
{
|
|
return Task.FromResult<IReadOnlyList<string>>(Array.Empty<string>());
|
|
}
|
|
|
|
var roles = user.Claims
|
|
.Where(c => c.Type == ClaimTypes.Role || string.Equals(c.Type, "role", StringComparison.OrdinalIgnoreCase))
|
|
.Select(c => c.Value)
|
|
.Where(v => !string.IsNullOrWhiteSpace(v))
|
|
.Distinct(StringComparer.OrdinalIgnoreCase)
|
|
.ToList();
|
|
|
|
return Task.FromResult<IReadOnlyList<string>>(roles);
|
|
}
|
|
|
|
public async Task<bool> HasPermissionAsync(string permission, CancellationToken cancellationToken)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(permission))
|
|
{
|
|
return true;
|
|
}
|
|
|
|
var roles = await GetUserRolesAsync(cancellationToken);
|
|
if (roles.Count == 0)
|
|
{
|
|
return false;
|
|
}
|
|
|
|
foreach (var role in roles)
|
|
{
|
|
if (RolePermissionConfig.HasPermission(role, permission))
|
|
{
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|